Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.06.2012, 20:09   #1
Diakon
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



Hallo,

bei einem Standard-Scan ohne vorherige Meldung meines Virenscanner (AVIRA Premium) habe ich 2-3 mögliche Viren entdeckt.

So bin ich vorgegangen:
Trotz AVIRA Firewall/Virenscanner scanne ich alle paar Monate mit OnlineVirenScannern noch einmal "Quer". Am Anfang des Jahres wurde nichts entdeckt.

Gestern Abend scannte ich meinen Rechner mit den OnlineScannern von eset & von Bitdefender. Ich weiß gar nicht mehr genau Welcher von Beiden, aber ich glaube der Bitdefender hat dann alte Java Versionen bemängelt. Nicht bemängelt hat er eine Exe Datei, die aber dann während des Scans wiederrum von AVIRA bemängelt wurde (ich weiß ) aber ich hoffe ich konnte es richtig erklären...

Meine Frage nun:
Kann ich verifizieren oder erkennen ob nun jemals was auf meinem Comp. gelaufen ist oder muss ich nun davon ausgehen, das eine Malware/ ein Trojaner aktiv war?

MalwareBytes habe ich schon probiert findet nichts.

Derzeit haben ich diese Logs:

bitdefender?
Zitat:
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial
Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen Trojaner
Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-3fd2c763
möglicherweise Variante von Win32/Agent.DYXWUMY Trojaner gelöscht -
in Quarantäne kopiert
C:\Users\christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\74d08f16-53a00080
Variante von Java/TrojanDownloader.OpenStream.NCM Trojaner gelöscht -
in Quarantäne kopiert
C:\Users\christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-310d9897
möglicherweise Variante von Win32/Agent.DYXWUMY Trojaner gelöscht -
in Quarantäne kopiert

AVIRA
Zitat:
xportierte Ereignisse:

11.06.2012 23:43 [System Scanner] Malware gefunden
Die Datei 'C:\Users\christian\AppData\Local\Temp\kes243739.exe'
enthielt einen Virus oder unerwünschtes Programm
'TR/FakeSysdef.A.8001'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen
'56ffc9af.qua'
verschoben!

11.06.2012 23:37 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\christian\AppData\Local\Temp\kes243739.exe'
wurde ein Virus oder unerwünschtes Programm
'TR/FakeSysdef.A.8001' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

Danke schon einmal für jeden, der sich des Themas annimmt.

Viele Grüsse
Christian

Alt 13.06.2012, 22:09   #2
kira
/// Helfer-Team
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)
2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 14.06.2012, 08:10   #3
Diakon
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



Hallo,

vielen Dank für die Unterstützung Kira.

Als Update: Die Kaspersky Rettungs CD lies ich gestern Nacht laufen "und hat auch nichts gefunden" (vl. hilft die das weiter )

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:27:39, on 14.06.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\sgskies\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\ThreatFire\TFUN.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xxxcompanyip bei vpn einwahlxxx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: 109XXXXXX wXXXXdurch mich hinzugefügtXXXX
O1 - Hosts: 109XXXXXX  XXXXdurch mich hinzugefügtXXXX
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: PAYBACK Toolbar Browserhilfsobjekt - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: PAYBACK Toolbar - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll
O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Adobe Version Cue CS3 {de_DE}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\ThreatFire\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15468 bytes
         
--- --- ---

[/CODE]


OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.06.2012 08:31:07 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,59% Memory free
8,63 Gb Paging File | 6,37 Gb Available in Paging File | 73,81% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,74 Gb Total Space | 27,22 Gb Free Space | 19,20% Space Free | Partition Type: NTFS
Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32
 
Computer Name: PCNAME | User Name: NAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\sgskies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Users\christian\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll ()
MOD - C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL ()
MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) Logitech Webcam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (GigasetGenericUSB_x64) -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys (Siemens Home and Office Communication Devices GmbH & Co. KG)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\drivers\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\drivers\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\drivers\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (AMD Technologies Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 191.1.XXXX:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.5.5
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.3
FF - prefs.js..extensions.enabledItems: {66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.backup.ftp: "191.1.XXXXX"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "191.1.XXXXX"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "191.1.XXXXX"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "191.1.XXXXX"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "191.1.XXXXX"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "191.1.XXXXX"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "191.1.1.50"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,XXanet,dokXXXXX"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "191.1.XXXXX"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "191.1.XXXXX"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.26 22:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 22:06:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 23:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.12 08:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions
[2012.04.11 09:10:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.12.29 18:47:32 | 000,000,000 | ---D | M] (FoxGuide) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}
[2012.06.12 08:13:54 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.06.03 23:49:03 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.04.26 22:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.09 10:04:59 | 000,009,489 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\{E6C93316-271E-4B3D-8D7E-FE11B4350AEB}.XPI
[2012.05.17 20:26:01 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.04.26 22:48:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.27 20:35:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.26 10:52:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.26 10:52:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AT_ChloeV4 = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pillplnpmfjckedkedpaoembffbpklnf\2_0\
CHR - Extension: Google Mail = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.06.14 08:27:38 | 000,000,085 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 109.237.XXXX	xxxxwerbung.de
O1 - Hosts: 109.237.XXXX	xxxxxgraesxxxe
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun File not found
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006F36B7-495D-459B-B7E7-10E559DB48D4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.12 21:53:42 | 000,000,277 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008.11.03 14:30:00 | 000,000,043 | ---- | M] () - M:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.06.14 08:23:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012.06.14 07:57:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.14 07:57:27 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.06.13 07:41:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 07:41:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 07:41:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 07:41:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 07:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 07:41:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 07:41:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 07:41:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 07:41:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 07:41:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 07:41:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 07:41:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 07:41:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 07:39:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 07:39:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 07:39:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 07:39:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 07:39:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 07:39:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 07:39:13 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 07:38:31 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 07:38:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 08:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.06.12 08:14:10 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\QuickScan
[2012.06.12 07:52:21 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2012.06.12 07:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.06.12 07:30:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.06.12 07:30:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.06.12 07:30:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.06.12 07:30:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.06.12 07:30:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.06.12 07:30:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.06.12 07:30:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.06.12 07:30:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.06.12 07:30:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.06.12 07:30:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.06.12 07:30:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.06.12 07:30:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.06.12 07:30:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.06.12 07:30:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.06.12 07:30:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.06.12 07:30:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.06.12 07:30:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.06.12 07:30:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.06.12 07:30:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.06.12 07:30:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.06.12 07:30:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.06.12 07:30:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.06.12 07:30:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.06.12 07:30:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.06.12 07:30:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.06.12 07:30:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.06.12 07:30:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.06.12 07:30:14 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.06.12 07:30:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.06.12 07:30:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.06.12 07:30:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.06.12 07:30:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.06.12 07:30:14 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.06.12 07:30:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.06.12 07:30:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.06.12 07:30:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.06.12 07:30:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.06.12 07:30:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.06.12 07:30:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.06.12 07:30:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.06.12 07:30:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.06.12 07:30:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.06.12 07:30:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.06.12 07:30:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.06.12 07:30:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.06.12 07:30:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.06.12 07:30:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.06.12 07:30:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.06.12 07:30:13 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.06.12 07:30:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.06.12 07:30:13 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.06.12 07:30:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.06.12 07:30:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.06.12 07:30:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.06.12 07:30:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.06.12 07:30:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.06.12 07:30:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.06.12 07:30:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.12 07:30:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.06.11 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.28 14:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\fptffb
[2012.05.28 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Kvisoft
[2012.05.28 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kvisoft
[2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\flippagemaker
[2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2012.05.28 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Flip Book - freeware
[2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF to Flip Book - freeware
[2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook
[2012.05.28 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Boxtools
[2012.05.28 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlipPDF to Flash (freeware)
[2012.05.28 14:18:35 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\gpdf2swf
[2012.05.28 14:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf2swf
[2012.05.28 14:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWFTools
[2012.05.26 09:46:47 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Installer6972
[2012.05.20 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\FastStone
[2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
[2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2012.05.20 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.18 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\XMedia Recode
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 08:27:38 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.14 08:25:39 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 08:25:39 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 08:25:29 | 000,002,995 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.lnk
[2012.06.14 08:24:01 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000UA.job
[2012.06.14 08:23:42 | 001,402,880 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.msi
[2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012.06.14 08:17:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 08:17:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 08:16:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 08:16:07 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 08:00:24 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 08:00:24 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 08:00:24 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 08:00:24 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 08:00:24 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 07:48:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 07:24:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.13 20:23:07 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000Core.job
[2012.06.13 19:30:55 | 002,321,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 01:01:53 | 000,004,129 | ---- | M] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist
[2012.06.12 07:30:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.06.12 07:30:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.06.12 07:30:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.06.12 07:30:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.06.12 07:30:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.06.12 07:30:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.06.12 07:30:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.06.12 07:30:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.06.12 07:30:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.06.12 07:30:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.06.12 07:30:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.06.12 07:30:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.06.12 07:30:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.06.12 07:30:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.06.12 07:30:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.06.12 07:30:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.12 07:30:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.06.12 07:30:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.06.12 07:30:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.06.12 07:30:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.06.12 07:30:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.06.12 07:30:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.06.12 07:30:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.06.12 07:30:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.06.12 07:30:15 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.06.12 07:30:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.06.12 07:30:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.06.12 07:30:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.06.12 07:30:14 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.06.12 07:30:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.06.12 07:30:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.06.12 07:30:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.06.12 07:30:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.06.12 07:30:14 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.06.12 07:30:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.06.12 07:30:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.06.12 07:30:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.06.12 07:30:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.06.12 07:30:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.06.12 07:30:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.06.12 07:30:14 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.06.12 07:30:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.06.12 07:30:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.06.12 07:30:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.06.12 07:30:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.06.12 07:30:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.06.12 07:30:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.06.12 07:30:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.06.12 07:30:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.06.12 07:30:13 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.06.12 07:30:13 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.06.12 07:30:13 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.06.12 07:30:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.06.12 07:30:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.06.12 07:30:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.06.12 07:30:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.06.12 07:30:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.12 07:30:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.06.12 07:30:13 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.06.12 07:30:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.12 07:30:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.06.12 07:05:26 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 05:26:16 | 000,002,384 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk
[2012.06.06 09:03:49 | 000,002,012 | -H-- | M] () -- C:\Users\christian\Documents\Default.rdp
[2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 09:41:14 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Lexware büro easy.lnk
[2012.05.26 09:40:07 | 000,001,055 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.26 09:39:45 | 000,001,031 | ---- | M] () -- C:\Users\christian\Desktop\Dropbox.lnk
[2012.05.20 14:13:34 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2012.05.20 14:02:04 | 000,000,080 | ---- | M] () -- C:\Users\christian\Desktop\hosts
[2012.05.18 16:30:10 | 000,000,044 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs
[2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.14 08:25:29 | 000,002,995 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.lnk
[2012.06.14 08:23:38 | 001,402,880 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.msi
[2012.06.14 07:24:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.12 07:30:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.12 07:30:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.12 07:05:26 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.20 14:13:34 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2012.05.18 16:30:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\InstallationInfs
[2012.04.12 15:33:00 | 006,157,872 | ---- | C] () -- C:\Program Files (x86)\tfbl.db4
[2012.04.12 15:32:55 | 000,603,580 | ---- | C] () -- C:\Program Files (x86)\tfwl.db5
[2012.04.12 15:32:55 | 000,047,812 | ---- | C] () -- C:\Program Files (x86)\Statistics.xml
[2012.04.12 15:32:55 | 000,004,339 | ---- | C] () -- C:\Program Files (x86)\Blogs.htm
[2012.04.11 08:18:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2012.04.11 08:18:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2012.04.11 08:18:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.11 08:16:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.10 12:15:16 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2012.02.10 12:14:02 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.02.10 12:11:48 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.02.10 12:11:30 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.22 20:14:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.10.06 23:01:46 | 000,000,036 | ---- | C] () -- C:\Users\christian\AppData\Local\housecall.guid.cache
[2010.09.30 22:47:58 | 000,004,129 | ---- | C] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist
[2010.09.21 19:52:15 | 000,007,617 | ---- | C] () -- C:\Users\christian\AppData\Local\Resmon.ResmonCfg
[2010.08.31 20:23:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.08.01 19:20:11 | 000,011,776 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 22:09:26 | 000,000,600 | ---- | C] () -- C:\Users\christian\AppData\Local\PUTTY.RND
[2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

< End of report >
         
--- --- ---







OTL EXTRAS
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.06.2012 08:31:07 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,59% Memory free
8,63 Gb Paging File | 6,37 Gb Available in Paging File | 73,81% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,74 Gb Total Space | 27,22 Gb Free Space | 19,20% Space Free | Partition Type: NTFS
Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32
 
Computer Name: MEINCOMPNAME  | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BB73FF-798F-40DB-A1DB-8A07EDE78904}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2189C906-7B8C-402D-8DF2-24C0ADBC9568}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47CA5C7B-AE68-4696-A984-0637FCAAD9A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51F39388-F022-4C21-BB43-7FC2AE1AE4F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61C22ECB-9A8E-4E3A-AEB0-D6922A11AB80}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{6E0E4D0A-4250-4FD5-A226-CA3FC642DA24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{754F2325-4E56-4346-8ED3-8EBBC21C2BAF}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{A291A0FA-41D6-4688-B033-104E22DF9451}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8A7AB7D-ECD4-4D01-AB0D-44A74F81F283}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C61C8ED3-593B-4AB1-98A0-DDA266217725}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CACF043D-3E0F-4812-9993-C89AF0E2E4B6}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{D4C5D12D-522D-46CD-B77E-D514C1D79C1F}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{DD076F0E-D76B-45E6-8B21-8116BFDF056E}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02895136-2953-4AA3-91D9-5ABE8679C608}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{04318EAD-44D7-4673-97A3-850E7C31CFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{06310750-BC8F-466F-BD46-B00E790CB92D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{0C25CB91-000C-4CCD-ADE1-6ABDFB3F80E3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{11E6FD0E-43D7-4602-AAF6-C3DA44C21421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1483C3B7-9A4C-4D2B-807A-BA5241E13C61}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{171FC6A2-88BE-428D-9B2E-E9D20FE16BB7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{24E8AC26-6B79-4BE3-A5E4-81A907CB2198}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BF66F0A-B2AC-4D88-AC2E-738BC9874EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{2F95D6D5-0CBD-4DF9-A36F-35E971FA6020}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{39926324-1000-4A95-B5F2-89B7EBF27FF2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4A632540-2024-4F80-8EDE-EC41525095DF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{50441755-6B61-4D46-8C42-178299A09876}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{50B26A08-DBD4-4CE8-861D-6C68BB38152F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52CB2D54-2DAD-47EF-A5D1-2ED89DC49FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{562B8D58-C7BD-478C-AF21-8C9E1B1E41FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{5C809487-561D-466B-9074-48EC8B535D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{5CDA88D4-177C-4ED6-9C5D-B75A0E14C08A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6416E59D-6A4F-4EED-8B59-907F1BD3A449}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{685FA085-8D5F-4ECD-B1C0-4063DE3BF2CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D61298E-83F6-4CB3-AB73-80A28119AD00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7CFBF133-2DA0-4678-B03E-68AC77211389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81287567-F451-42FD-94E3-C9B48E48C272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{82B8E191-916E-4C9C-A71D-B0080812BF1E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{838E071C-3FAE-4C3A-B0EE-9CE5EC4A750A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{871B1655-6758-49BB-90A4-C07872CB5AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{897AF581-A425-4F43-A330-3FA82A58422E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89B56BBC-C1F9-43E9-AA1D-1B63F2CE72E3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{8D015DFF-36A9-426D-BF9E-C1B9DB4E3A97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E95CF50-C816-4867-BC09-C99F58815AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{8F317029-672D-4ED6-BC4D-518190288307}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9049EF3A-F1B5-431A-953C-087647B556CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{97206B30-C2A9-4EB7-9CC0-EC0C453AFF27}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A491E7AE-EDE6-4C48-9DC5-C08F7F651035}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{ACF6D1C6-796C-4CC6-9F71-9A8E59A4A0BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AF1D213D-5AC4-44CD-9CA8-326CE54DE968}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{BF0782E6-983C-4D2A-82F1-76F3B31D4983}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{CCE08ABF-AB11-4C8C-B155-007C20373CF4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{CE22AB43-7630-4AC5-965C-7DB5A9479142}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D0363F90-F40A-49C3-A784-1B4D03CADC1A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D4A97559-5287-45A4-9E61-F023160578D8}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{D4F756F9-7538-40C4-9E5A-EEBB871497C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D556BCB8-D64F-4903-A1DC-2F0C3233A270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC34362F-1768-4AE7-8EC7-1C704487F5BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{DE018B22-F774-473E-80BB-DC1DAAA2AD63}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{E17FB817-9D85-4574-A049-1DDF3603D896}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{E2A36AE3-9D88-4272-BB12-A15BAECA97BF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E7B038DC-0881-40C9-82AB-97399B26F073}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{E8A071C8-9D9C-4A7B-BC61-FEE96653D199}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{EC71FA35-43A4-4197-B913-E0AD3B220269}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{ED5EE59D-5F6B-4C11-8D16-F98EB84B4EE4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{F5DB139F-ADFC-4631-B3B2-0AABD89F4B07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F862E470-0D86-4A38-BEEC-31B8DEA03937}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FBD9CA5A-756C-40FE-9D37-9DE2561DC37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD82090E-71D4-4065-86F1-B75010396D1F}" = protocol=6 | dir=out | app=system | 
"TCP Query User{0F6885B1-4261-4327-9A0F-90D0AAAA3704}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{0FA38312-AFA6-4B91-A81E-52A8E84A12FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{18A14C63-BC6C-46AB-9668-44B0F694F800}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{38C73711-8557-4A7A-BC59-5E2697F9918D}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{71D52A7B-A1AE-462D-B8FB-E473F03D315E}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{8A81B094-A79D-4206-A815-EF3A25895382}E:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=e:\wd discovery software\wd discovery.exe | 
"TCP Query User{970D6D71-56CC-4DE9-A293-D6059EB31B24}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"TCP Query User{A4ACBC05-E34E-4DEC-8F78-64A136D8A8E1}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"TCP Query User{BF0E2C38-9F2D-4B50-8DB1-FA4825C026F2}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | 
"UDP Query User{157BAB03-D439-4828-AD36-D2149C4CD4D1}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"UDP Query User{26930EC0-F54D-413A-A376-7118631638D3}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"UDP Query User{6B12DCCD-35A0-47CF-8E7F-608D6F39137C}E:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=e:\wd discovery software\wd discovery.exe | 
"UDP Query User{78A9CDE5-7A0A-4EB5-9A09-7BD5497839EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8842D711-2F11-4F9A-A05B-F0BAF7196647}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{95FCF307-A24D-4451-9879-E3E05B7EFE66}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{C1879AD7-CF55-41C9-A5AF-0E226B7A93C5}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{C1F06034-7F75-41C9-AA70-E5C7644E0016}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{F7CC42D6-06DC-4ABA-998C-01A9FC431512}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{239558A4-D19F-44CE-5546-3C6653306B27}" = AMD Drag and Drop Transcoding
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}" = Gigaset QuickSync
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DCDC59E6-A428-D091-C5A2-AC15B54FEFF1}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7BBC6A1-A3C9-4745-BFFF-6BAA485D89C3}" = PG583_64_inf
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"C5AA3B5CB0B86D325AD6960FFC90ABB1076B8FA7" = Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (12/14/2007 6.1.64.42)
"CCleaner" = CCleaner
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-5 (x64)
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}" = Application Profiles
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}" = Lexware Abschreibungsrechner
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{41581163-87FB-4E8E-92C2-10366F8A3291}" = Lexware büro easy 2012 Vorteilsedition
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5880E4AC-88AC-AADB-0DCB-2A78093A8259}" = HydraVision
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}" = Lexware Elster
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}" = Lexware online banking
"{CD82DA39-2F2D-433E-5CB7-1C17A8C50E77}" = Catalyst Control Center InstallProxy
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA2A851C-6E2B-4677-9DA5-5ED9A3B227E2}" = Quake Live Internet Explorer Plugin
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"AmoK Find More!" = AmoK Find More! 1.1
"Architektur Designer 2007_is1" = Architektur Designer 2007
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Battlelog Web Plugins" = Battlelog Web Plugins
"DirSync" = DirSync  2.93
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.3 (01/04/2012) Qt
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"IMAPSize_is1" = IMAPSize 0.3.7
"Imgares_is1" = Imgares
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaCoder" = MediaCoder 0.7.3.4602
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"Origin" = Origin
"PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.2
"PDF to Flip Book - freeware_is1" = PDF to Flip Book - freeware
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (1.9.0.5004)
"Sweet Home 3D_is1" = Sweet Home 3D version 2.3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Regex Coach_is1" = The Regex Coach 0.9.2
"TreeSize Free_is1" = TreeSize Free V2.5
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.6.8
"XMind" = XMind
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 02:24:28 | Computer Name = MEINCOMPNAME  | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.06.2012 13:31:30 | Computer Name = MEINCOMPNAME  | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.06.2012 13:51:47 | Computer Name = MEINCOMPNAME  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00035367  ID des fehlerhaften
 Prozesses: 0x1594  Startzeit der fehlerhaften Anwendung: 0x01cd498d2f74f78f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 71b6ab23-b580-11e1-861f-002268080226
 
Error - 13.06.2012 16:13:06 | Computer Name = MEINCOMPNAME  | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.06.2012 16:13:06 | Computer Name = MEINCOMPNAME  | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15476
 
Error - 13.06.2012 16:13:06 | Computer Name = MEINCOMPNAME  | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15476
 
Error - 13.06.2012 17:21:11 | Computer Name = MEINCOMPNAME  | Source = Application Hang | ID = 1002
Description = Programm QBW32.exe, Version 25.30.4.56 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1840    Startzeit:
 01cd49a633314567    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe

Berichts-ID:
 9bb8f998-b59d-11e1-861f-002268080226  
 
Error - 13.06.2012 17:25:00 | Computer Name = MEINCOMPNAME  | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 01:13:06 | Computer Name = MEINCOMPNAME  | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 01:53:22 | Computer Name = MEINCOMPNAME  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x082f08be  ID des fehlerhaften
 Prozesses: 0x1860  Startzeit der fehlerhaften Anwendung: 0x01cd49ed67c6e0c5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 3f9386c1-b5e5-11e1-8706-002268080226
 
Error - 14.06.2012 02:17:09 | Computer Name = MEINCOMPNAME  | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 13.06.2012 13:31:19 | Computer Name = MEINCOMPNAME  | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 13.06.2012 17:22:29 | Computer Name = MEINCOMPNAME  | Source = DCOM | ID = 10010
Description = 
 
Error - 13.06.2012 17:24:11 | Computer Name = MEINCOMPNAME  | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 13.06.2012 17:24:51 | Computer Name = MEINCOMPNAME  | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 13.06.2012 17:50:44 | Computer Name = MEINCOMPNAME  | Source = DCOM | ID = 10010
Description = 
 
Error - 14.06.2012 01:12:21 | Computer Name = MEINCOMPNAME  | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 14.06.2012 01:12:57 | Computer Name = MEINCOMPNAME  | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 14.06.2012 02:07:00 | Computer Name = MEINCOMPNAME  | Source = DCOM | ID = 10010
Description = 
 
Error - 14.06.2012 02:15:58 | Computer Name = MEINCOMPNAME  | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 14.06.2012 02:17:03 | Computer Name = MEINCOMPNAME  | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
 
< End of report >
         
--- --- ---

[/CODE]



CCLEANER
Code:
ATTFilter
7-Zip 9.20 (x64 edition)	Igor Pavlov	16.12.2010	4,53MB	9.20.00.0
ABBYY FineReader 6.0 Sprint	ABBYY Software House	18.01.2010	119,5MB	6.00.1395.4512
Acer Arcade Live Main Page	Acer Inc.	16.05.2011		1.1.2704
Acer DV Magician	Acer Inc.	16.05.2011		1.5.2704
Acer DVDivine	Acer Inc.	16.05.2011		3.2.2704
Acer eDataSecurity Management	Egis Inc.	12.01.2009	69,3MB	3.0.3065
Acer Empowering Technology	Acer Incorporated	27.04.2010		3.0.3016
Acer HomeMedia	Acer Inc.	16.05.2011		1.5.1504
Acer HomeMedia Connect	Acer Inc.	16.05.2011		1.4.6304
Acer HomeMedia Trial Creator	Acer Inc.	16.05.2011		1.5.1504
Acer Product Registration	Acer Incorporated	28.12.2009		3.0.0.10
Acer ScreenSaver	Acer Incorporated	02.09.2009		4.01.0718
Acer SlideShow DVD	Acer Inc.	16.05.2011		1.5.2704
Acer VideoMagician	Acer Inc.	16.05.2011		1.4.2704
Adobe Color Common Settings	Adobe Systems Incorporated	08.10.2010	9,20MB	1.0.1
Adobe Creative Suite 3 	Adobe Systems Incorporated	30.08.2010	1.578MB	1.0
Adobe ExtendScript Toolkit 2	Adobe Systems Incorporated	25.05.2012	16,4MB	2.0.2
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	04.05.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	04.05.2012	6,00MB	11.2.202.235
Adobe Reader X (10.1.0) - Deutsch	Adobe Systems Incorporated	14.06.2011	165,4MB	10.1.0
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	14.02.2011		11.5.9.620
AmoK Find More! 1.1	AmoK - The Art of Coding	03.10.2010		1.1
Apple Application Support	Apple Inc.	04.01.2012	61,2MB	2.1.6
Apple Software Update	Apple Inc.	04.01.2012	2,38MB	2.1.3.127
Application Profiles	ATI Technologies, Inc.	28.05.2011	0,30MB	2.0.4148.33974
Architektur Designer 2007	zdynamix Informationstechnologie GmbH	10.06.2010		
ATI Catalyst Install Manager	ATI Technologies, Inc.	29.09.2011	22,4MB	3.0.833.0
Avanquest update	Avanquest Software	08.04.2011		1.28
Avira Internet Security 2012	Avira	12.06.2012	109,4MB	12.0.0.1088
AVM FRITZ!fax für FRITZ!Box	AVM Berlin	24.10.2011		
Battlefield Play4Free	EA Digital illusions	12.12.2010		
Battlefield: Bad Company™ 2	Electronic Arts	02.12.2010	5.869MB	1.0.0.0
Battlelog Web Plugins	EA Digital Illusions CE AB	29.09.2011		0.80.0
CCleaner	Piriform	22.05.2012		3.19
DirSync  2.93	Stephen Kalisch	04.01.2011		
DivX Converter	DivX, Inc.	02.06.2010		7.1.0
Dropbox	Dropbox, Inc.	25.05.2012		1.4.7
DVDFab 8.0.6.8 (05/01/2011)	Fengtao Software Inc.	14.01.2011	37,6MB	
DVDFab 8.1.7.3 (01/04/2012) Qt	Fengtao Software Inc.	03.04.2012	53,2MB	
Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	18.01.2010		2.1.0.0
Epson Event Manager	SEIKO EPSON Corporation	27.04.2010		2.20.00
EPSON Scan		27.04.2010		
Epson Stylus SX210_SX410_TX210_TX410 Handbuch		27.04.2010		
EPSON SX210 Series Printer Uninstall	SEIKO EPSON Corporation	02.06.2011		
ESET Online Scanner v3		10.06.2012		
FastStone Photo Resizer 3.1	FastStone Soft.	19.05.2012		3.1
FileHippo.com Update Checker		08.10.2010		
FileZilla Client 3.5.3	FileZilla Project	27.01.2012	16,6MB	3.5.3
FreePDF (Remove only)		27.04.2010		
Gigaset QuickSync	Gigaset Communications GmbH	26.12.2011	7,73MB	7.1.0841.3
GoodSync	Siber Systems	13.09.2011	9,77MB	8.7.8.8
Google Chrome	Google Inc.	18.10.2010		19.0.1084.56
GPL Ghostscript 8.70		27.04.2010		
HiJackThis	Trend Micro	13.06.2012	0,36MB	1.0.0
ICQ7.2	ICQ	08.10.2010		7.2
IMAPSize 0.3.7	Broobles	11.04.2012		
Imgares	Konrad Papala	02.12.2011		
IrfanView (remove only)	Irfan Skiljan	08.04.2012	1,50MB	4.32
Juniper Networks Network Connect 6.4.0	Juniper Networks	27.04.2010		6.4.0.14619
Juniper Networks Setup Client	Juniper Networks	08.02.2011	0,78MB	2.0.1.4429
Lexware Abschreibungsrechner	Haufe-Lexware GmbH & Co.KG	26.03.2012	28,7MB	11.00.04.0001
Lexware büro easy 2012 Vorteilsedition	Haufe-Lexware GmbH & Co.KG	25.05.2012	712MB	25.30.04.0056
Lexware Elster	Haufe-Lexware GmbH & Co.KG	26.03.2012	82,8MB	12.03.00.0188
Lexware Info Service	Haufe-Lexware GmbH & Co.KG	26.03.2012	15,8MB	2.80.00.0007
Lexware online banking	Haufe-Lexware GmbH & Co.KG	26.03.2012	37,1MB	16.00.00.0001
Logitech Vid HD	Logitech Inc..	03.02.2011		7.2 (7240)
Logitech Webcam Software	Logitech Inc.	03.02.2011		2.0
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	11.06.2012	18,0MB	1.61.0.1400
MediaCoder 0.7.3.4602	Broad Intelligence	27.04.2010		0.7.3.4602
Mein CEWE FOTOBUCH		19.11.2011		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	01.01.2012	38,8MB	4.0.30320
Microsoft PowerPoint Viewer	Microsoft Corporation	15.02.2012	192,2MB	14.0.6029.1000
Microsoft Reader		01.09.2010		
Microsoft Silverlight	Microsoft Corporation	19.05.2012	50,7MB	5.1.10411.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	08.10.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	23.01.2012	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.06.2011	0,29MB	8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	12.03.2011	0,60MB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	15.04.2011	0,57MB	8.0.51011
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	15.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	15.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	21.03.2010	3,74MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	29.10.2010	0,24MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	29.12.2009	0,76MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	17.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218	Microsoft Corporation	21.03.2010	0,22MB	9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	19.11.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	26.02.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	24.03.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	13.07.2011	15,1MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	30.09.2011	12,3MB	10.0.40219
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)	Microsoft Corporation	24.11.2010		
Microsoft Works	Microsoft Corporation	08.10.2010	287MB	08.05.0822
Mozilla Firefox 12.0 (x86 en-US)	Mozilla	25.04.2012	37,7MB	12.0
Mozilla Maintenance Service	Mozilla	25.04.2012	0,21MB	12.0
Mozilla Thunderbird 12.0.1 (x86 en-US)	Mozilla	30.04.2012	38,8MB	12.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	28.12.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	28.12.2009	1,34MB	4.20.9876.0
MyPhoneExplorer	F.J. Wechselberger	01.01.2012		1.8.2
Notepad++		26.03.2012		6.0
NTI Backup Now 5	NewTech Infosystems	12.01.2009	29,4MB	5.1.2.616
NTI Media Maker 8	NewTech Infosystems	12.01.2009	206MB	8.0.2.6509
OpenOffice.org 3.2	OpenOffice.org	01.03.2011	380MB	3.2.9502
Origin	Electronic Arts, Inc.	28.09.2011		8.2.5.2532
Panda ActiveScan 2.0	Panda Security	11.06.2012	3,91MB	01.04.01.0014
PAYBACK Toolbar 1.2	PAYBACK GmbH	08.06.2012	7,45MB	1.2.0
PDF to Flip Book - freeware	flippdf Solution	27.05.2012	19,7MB	
PunkBuster Services	Even Balance, Inc.	29.09.2011		0.991
Quake Live Internet Explorer Plugin	id Software	18.01.2010	2,84MB	1.0.277
Quake Live Mozilla Plugin	id Software	28.12.2009	2,82MB	1.0.277
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	27.04.2010		6.0.1.5888
RedMon - Redirection Port Monitor		27.04.2010		
Safari	Apple Inc.	04.01.2012	43,2MB	5.34.52.7
Samsung Kies	Samsung Electronics Co., Ltd.	29.02.2012	219MB	2.2.0.12014_18
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	01.01.2012	42,8MB	1.4.103.0
Samsung_MonSetup	Samsung	28.08.2011		1.00.0000
Secunia PSI (1.9.0.5004)		10.11.2010		
Skype™ 5.9	Skype Technologies S.A.	13.06.2012	19,3MB	5.9.123
SSH Secure Shell		20.07.2010		
SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51	eRightSoft	10.04.2012	52,6MB	v2012.build.51
SUPERAntiSpyware	SUPERAntiSpyware.com	10.09.2011	63,6MB	5.0.1108
Sweet Home 3D version 2.3	eTeks	15.05.2010		
TeamSpeak 2 RC2	Dominating Bytes Design	27.04.2010		2.0.32.60
TeamSpeak 3 Client	TeamSpeak Systems GmbH	29.10.2010		
The Regex Coach 0.9.2	Dr. Edmund Weitz	06.09.2011		0.9.2
ThreatFire	PC Tools	10.09.2011		
TreeSize Free V2.5	JAM Software	14.12.2010	3,50MB	2.5
Upgrade Kit	Acer Inc.	27.04.2010		1.00.4001
VLC media player 1.1.4	VideoLAN	08.10.2010		1.1.4
VMware vSphere Client 4.1	VMware, Inc.	04.01.2011	376MB	4.1.0.12319
VR-NetWorld		30.11.2011		
Win7codecs	Shark007	08.09.2010	60,1MB	2.6.2
Winamp	Nullsoft, Inc	11.10.2010		5.581 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	11.10.2010	75,00KB	1.0.0.1
Windows Live Anmelde-Assistent	Microsoft Corporation	09.10.2010	1,94MB	5.000.817.1
Windows Live Essentials	Microsoft Corporation	27.04.2010		14.0.8050.1202
Windows Live Sync	Microsoft Corporation	12.01.2009	2,80MB	14.0.8050.1202
Windows Live-Uploadtool	Microsoft Corporation	12.01.2009	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	25.05.2010	0,29MB	1.0.0.8
Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (12/14/2007 6.1.64.42)	YUAN High-Tech Development Co. Ltd.	27.04.2010		12/14/2007 6.1.64.42
WinHTTrack Website Copier 3.44-5 (x64)	HTTrack	04.03.2012		3.44.5
WinRAR 4.00 (64-bit)	win.rar GmbH	27.04.2011		4.00.0
XMedia Recode 2.2.6.8	Sebastian Dörfler	08.09.2010		2.2.6.8
XMind	XMind Ltd.	19.01.2011		3.2.1
         
__________________

Geändert von Diakon (14.06.2012 um 08:15 Uhr)

Alt 14.06.2012, 09:02   #4
kira
/// Helfer-Team
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



Systemreinigung und Prüfung:

1.
Hast Du absichtlich die IP so als Proxy eingestellt?
Code:
ATTFilter
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 191.1.XXXX:8080
         
2.
Deine eigenen Einstellungen, sofern Du welche vorgenommen hast?:

Code:
ATTFilter
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.backup.ftp: "191.1.XXXXX"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "191.1.XXXXX"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "191.1.XXXXX"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "191.1.XXXXX"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "191.1.XXXXX"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "191.1.XXXXX"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "191.1.1.50"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,XXanet,dokXXXXX"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "191.1.XXXXX"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "191.1.XXXXX"
FF - prefs.js..network.proxy.ssl_port: 8080
         
3.
Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum?
Code:
ATTFilter
O1 - Hosts: 109.237.XXXX	xxxxwerbung.de
O1 - Hosts: 109.237.XXXX	xxxxxgraesxxxe
         
4.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
         
5.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
[2012.06.14 08:24:01 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000UA.job
[2012.06.14 08:17:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 07:48:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.13 20:23:07 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000Core.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

6.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
[2012.05.28 14:18:35 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\gpdf2swf
         
7.
Javaversion nicht installiert?

8.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

9.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

10.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

11.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (14.06.2012 um 09:08 Uhr)

Alt 14.06.2012, 09:20   #5
Diakon
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



Hi,

bin aktuell nicht am Rechner; erst heute Abend wieder. Nichts desto trotz, schon einmal ein kleines Feedback!


1. Das ist dann der Firmen Proxy (wenn ich per VPN eingewählt bin) damit ich über den Surfen kann. Bei Bedarf aktiviere ich den Eintrag dann.

In der Log habe ich die IP exta unkenntlich gemacht.

2. siehe oben alle XXX sind von mir, die Umgehungen sind eingetragen um auf Intranet und Dokumentenportal intern zu greifen zu können.

3. Ich Programmiere (viel) und wenn eine Internetseite umgestellt wird und die Router im Internet nicht schnell genug nach ziehen muss ich die Hosts eintragen.
Dazu liegt eine Hostdatei auf meinem Desktop. Mit der Überschreibe ich durch administratives Kopieren die Original-Datei. in der Original-Datei waren noch nie einträge drinnen, die nicht durch mich da rein kamen (ich mache das ca. 1mal im Monat).


4. & 5. Mache ich heute Abend direkt wenn ich zu Hause bin

6. Eine PDF zu SWF Engine (siehe Punkt 3. Webprogrammierung) , diese brauch ich aber nicht mehr, war nur ein Test.
EDIT : kam / kommt von hier: hxxp://www.swftools.org/

7. JAVA hatte ich nach dem Virenfund direkt deinstalliert (zeurst cahes geleert via konsole dann deinstall), da ich den kram sowieso nie brauch/brauchte. Ich hatte 1.6.22 und 1.7 auf dem System. (sry !)

8. bis 11. heute abend


Vielen lieben dank für die genommen Zeit.

grüsse
christian

Log von OTL nach Reinigung

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000Core.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\christian\Desktop\cmd.bat deleted successfully.
C:\Users\christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: christian
->Temp folder emptied: 229509394 bytes
->Temporary Internet Files folder emptied: 520141620 bytes
->FireFox cache emptied: 54632500 bytes
->Google Chrome cache emptied: 265631538 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2860518 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: katja
->Temp folder emptied: 18631592 bytes
->Temporary Internet Files folder emptied: 83197435 bytes
->Java cache emptied: 25802292 bytes
->FireFox cache emptied: 42162206 bytes
->Flash cache emptied: 47409 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 201117534 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.377,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06142012_163806

Files\Folders moved on Reboot...
C:\Users\christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
OTL .TXT

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.06.2012 17:05:43 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 50,81% Memory free
8,63 Gb Paging File | 6,48 Gb Available in Paging File | 75,09% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,74 Gb Total Space | 28,89 Gb Free Space | 20,38% Space Free | Partition Type: NTFS
Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32
 
Computer Name: PC0101 | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.18 16:29:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.18 16:29:10 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.18 16:29:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.18 16:29:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.18 16:29:10 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.18 16:29:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.04.04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\sgskies\Kies\KiesTrayAgent.exe
PRC - [2012.03.21 21:18:53 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2011.09.30 00:19:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009.08.26 01:11:06 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008.12.04 14:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 16:54:31 | 000,115,137 | ---- | M] () -- C:\Users\christian\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012.06.13 08:09:44 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.13 08:09:24 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.13 08:09:16 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.13 08:09:05 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.13 08:09:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.05.10 20:47:03 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.10 20:43:49 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 20:43:26 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.09 23:15:00 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.09 23:11:02 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.09 23:11:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.09 23:11:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.05.09 23:10:53 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.09 23:10:46 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2008.12.03 15:05:26 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2008.11.26 11:56:02 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.07.08 05:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.18 16:29:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.18 16:29:10 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.18 16:29:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.18 16:29:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.18 16:29:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 13:17:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.26 22:48:54 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.30 00:19:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.09.11 17:39:49 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.09 15:24:32 | 000,838,200 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010.08.31 20:16:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.08.26 01:11:06 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009.08.13 15:54:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.10.22 14:49:47 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.08 04:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.10 03:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2010.11.10 03:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.11.06 01:10:47 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010.11.06 01:10:24 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010.11.06 01:10:24 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.19 21:27:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010.01.14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010.01.14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009.11.04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.26 00:43:18 | 000,034,600 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.04 01:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.02.20 19:09:18 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008.04.02 06:40:18 | 000,215,568 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.09.30 10:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF A9 5B B7 3D 4A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 191.1.1.51:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.5.5
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.3
FF - prefs.js..extensions.enabledItems: {66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.backup.ftp: "191.1.1.50"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "191.1.1.50"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "191.1.1.50"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "191.1.1.50"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "191.1.1.50"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "191.1.1.50"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "191.1.1.50"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,intranet,dokhk1-21.si-aubi.siegenia-aubi.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "191.1.1.50"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "191.1.1.50"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.26 22:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 22:06:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 23:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.12 08:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions
[2012.04.11 09:10:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.12.29 18:47:32 | 000,000,000 | ---D | M] (FoxGuide) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}
[2012.06.12 08:13:54 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.06.03 23:49:03 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.04.26 22:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.09 10:04:59 | 000,009,489 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\{E6C93316-271E-4B3D-8D7E-FE11B4350AEB}.XPI
[2012.05.17 20:26:01 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.04.26 22:48:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.27 20:35:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.26 10:52:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.26 10:52:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AT_ChloeV4 = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pillplnpmfjckedkedpaoembffbpklnf\2_0\
CHR - Extension: Google Mail = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.06.14 08:27:38 | 000,000,085 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 109.237.137.53	www.rs-werbung.de
O1 - Hosts: 109.237.137.53	www.kanalreinigung-graesel.de
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006F36B7-495D-459B-B7E7-10E559DB48D4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.12 21:53:42 | 000,000,277 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008.11.03 14:30:00 | 000,000,043 | ---- | M] () - M:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 16:38:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.06.14 08:23:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012.06.14 07:57:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.14 07:57:27 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.06.13 07:41:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 07:41:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 07:41:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 07:41:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 07:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 07:41:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 07:41:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 07:41:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 07:41:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 07:41:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 07:41:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 07:41:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 07:41:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 07:39:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 07:39:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 07:39:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 07:39:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 07:39:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 07:39:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 07:39:13 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 07:38:31 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 07:38:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 08:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.06.12 08:14:10 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\QuickScan
[2012.06.12 07:52:21 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2012.06.12 07:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.06.12 07:30:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.06.12 07:30:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.06.12 07:30:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.06.12 07:30:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.06.12 07:30:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.06.12 07:30:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.06.12 07:30:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.06.12 07:30:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.06.12 07:30:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.06.12 07:30:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.06.12 07:30:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.06.12 07:30:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.06.12 07:30:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.06.12 07:30:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.06.12 07:30:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.06.12 07:30:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.06.12 07:30:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.06.12 07:30:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.06.12 07:30:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.06.12 07:30:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.06.12 07:30:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.06.12 07:30:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.06.12 07:30:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.06.12 07:30:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.06.12 07:30:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.06.12 07:30:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.06.12 07:30:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.06.12 07:30:14 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.06.12 07:30:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.06.12 07:30:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.06.12 07:30:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.06.12 07:30:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.06.12 07:30:14 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.06.12 07:30:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.06.12 07:30:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.06.12 07:30:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.06.12 07:30:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.06.12 07:30:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.06.12 07:30:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.06.12 07:30:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.06.12 07:30:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.06.12 07:30:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.06.12 07:30:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.06.12 07:30:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.06.12 07:30:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.06.12 07:30:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.06.12 07:30:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.06.12 07:30:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.06.12 07:30:13 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.06.12 07:30:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.06.12 07:30:13 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.06.12 07:30:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.06.12 07:30:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.06.12 07:30:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.06.12 07:30:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.06.12 07:30:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.06.12 07:30:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.06.12 07:30:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.12 07:30:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.06.11 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.28 14:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\fptffb
[2012.05.28 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Kvisoft
[2012.05.28 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kvisoft
[2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\flippagemaker
[2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2012.05.28 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Flip Book - freeware
[2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF to Flip Book - freeware
[2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook
[2012.05.28 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Boxtools
[2012.05.28 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlipPDF to Flash (freeware)
[2012.05.28 14:18:35 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\gpdf2swf
[2012.05.28 14:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf2swf
[2012.05.28 14:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWFTools
[2012.05.26 09:46:47 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Installer6972
[2012.05.20 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\FastStone
[2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
[2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2012.05.20 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.18 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\XMedia Recode
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 17:17:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 17:10:25 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 17:10:25 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 17:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 17:02:07 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 09:00:50 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.14 08:27:38 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.14 08:25:29 | 000,002,995 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.lnk
[2012.06.14 08:23:42 | 001,402,880 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.msi
[2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012.06.14 08:00:24 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 08:00:24 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 08:00:24 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 08:00:24 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 08:00:24 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 07:24:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.13 19:30:55 | 002,321,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 01:01:53 | 000,004,129 | ---- | M] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist
[2012.06.12 07:30:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.06.12 07:30:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.06.12 07:30:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.06.12 07:30:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.06.12 07:30:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.06.12 07:30:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.06.12 07:30:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.06.12 07:30:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.06.12 07:30:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.06.12 07:30:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.06.12 07:30:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.06.12 07:30:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.06.12 07:30:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.06.12 07:30:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.06.12 07:30:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.06.12 07:30:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.12 07:30:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.06.12 07:30:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.06.12 07:30:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.06.12 07:30:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.06.12 07:30:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.06.12 07:30:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.06.12 07:30:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.06.12 07:30:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.06.12 07:30:15 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.06.12 07:30:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.06.12 07:30:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.06.12 07:30:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.06.12 07:30:14 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.06.12 07:30:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.06.12 07:30:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.06.12 07:30:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.06.12 07:30:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.06.12 07:30:14 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.06.12 07:30:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.06.12 07:30:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.06.12 07:30:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.06.12 07:30:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.06.12 07:30:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.06.12 07:30:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.06.12 07:30:14 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.06.12 07:30:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.06.12 07:30:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.06.12 07:30:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.06.12 07:30:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.06.12 07:30:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.06.12 07:30:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.06.12 07:30:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.06.12 07:30:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.06.12 07:30:13 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.06.12 07:30:13 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.06.12 07:30:13 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.06.12 07:30:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.06.12 07:30:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.06.12 07:30:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.06.12 07:30:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.06.12 07:30:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.12 07:30:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.06.12 07:30:13 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.06.12 07:30:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.12 07:30:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.06.12 07:05:26 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 05:26:16 | 000,002,384 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk
[2012.06.06 09:03:49 | 000,002,012 | -H-- | M] () -- C:\Users\christian\Documents\Default.rdp
[2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 09:41:14 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Lexware büro easy.lnk
[2012.05.26 09:40:07 | 000,001,055 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.26 09:39:45 | 000,001,031 | ---- | M] () -- C:\Users\christian\Desktop\Dropbox.lnk
[2012.05.20 14:13:34 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2012.05.20 14:02:04 | 000,000,080 | ---- | M] () -- C:\Users\christian\Desktop\hosts
[2012.05.18 16:30:10 | 000,000,044 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs
[2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.14 08:25:29 | 000,002,995 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.lnk
[2012.06.14 08:23:38 | 001,402,880 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.msi
[2012.06.14 07:24:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.12 07:30:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.12 07:30:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.12 07:05:26 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.20 14:13:34 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2012.05.18 16:30:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\InstallationInfs
[2012.04.12 15:33:00 | 006,157,872 | ---- | C] () -- C:\Program Files (x86)\tfbl.db4
[2012.04.12 15:32:55 | 000,603,580 | ---- | C] () -- C:\Program Files (x86)\tfwl.db5
[2012.04.12 15:32:55 | 000,047,812 | ---- | C] () -- C:\Program Files (x86)\Statistics.xml
[2012.04.12 15:32:55 | 000,004,339 | ---- | C] () -- C:\Program Files (x86)\Blogs.htm
[2012.04.11 08:18:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2012.04.11 08:18:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2012.04.11 08:18:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.11 08:16:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.10 12:15:16 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2012.02.10 12:14:02 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.02.10 12:11:48 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.02.10 12:11:30 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.22 20:14:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.10.06 23:01:46 | 000,000,036 | ---- | C] () -- C:\Users\christian\AppData\Local\housecall.guid.cache
[2010.09.30 22:47:58 | 000,004,129 | ---- | C] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist
[2010.09.21 19:52:15 | 000,007,617 | ---- | C] () -- C:\Users\christian\AppData\Local\Resmon.ResmonCfg
[2010.08.31 20:23:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.08.01 19:20:11 | 000,011,776 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 22:09:26 | 000,000,600 | ---- | C] () -- C:\Users\christian\AppData\Local\PUTTY.RND
[2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
 
========== LOP Check ==========
 
[2011.05.17 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acer Arcade Live
[2010.04.28 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acer GameZone Console
[2010.04.28 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Artisteer
[2010.06.10 21:40:19 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ASCON Installer
[2010.06.10 21:42:30 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ASCON Programme
[2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Broad Intelligence
[2010.10.21 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Bytescout SWF To Video Scout
[2011.07.23 13:46:36 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\DAEMON Tools Lite
[2012.06.14 17:03:58 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Dropbox
[2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Epson
[2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\eSobi
[2012.06.13 23:19:16 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FileZilla
[2011.10.25 01:21:02 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FRITZ!
[2011.10.25 01:16:06 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.03.18 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\GoodSync
[2012.05.28 14:46:48 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\gpdf2swf
[2010.08.28 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\gtk-2.0
[2012.05.21 08:48:26 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ICQ
[2012.04.09 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\IrfanView
[2010.12.15 07:54:36 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\JAM Software
[2010.04.28 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Juniper Networks
[2011.02.04 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Leadertech
[2012.03.27 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Lexware
[2012.01.18 09:49:20 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\MyPhoneExplorer
[2012.03.27 23:11:56 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Notepad++
[2011.03.02 22:33:11 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\OpenOffice.org
[2011.09.29 23:39:29 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Origin
[2011.05.17 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\PowerCinema
[2012.06.12 08:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\QuickScan
[2012.03.01 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Samsung
[2011.04.09 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Sony
[2010.04.28 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\springlobby
[2010.04.28 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\springsettings
[2012.02.16 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TeamViewer
[2012.04.09 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Temp
[2010.08.15 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Thunderbird
[2010.09.30 22:41:33 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\timeEdition
[2011.07.23 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TS3Client
[2010.12.30 11:30:16 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\WD
[2010.09.09 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Win7codecs
[2012.05.18 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\XMedia Recode
[2012.06.03 11:37:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/CODE]

EXTRAS

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.06.2012 17:05:43 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 50,81% Memory free
8,63 Gb Paging File | 6,48 Gb Available in Paging File | 75,09% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,74 Gb Total Space | 28,89 Gb Free Space | 20,38% Space Free | Partition Type: NTFS
Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32
 
Computer Name: PCNAME | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BB73FF-798F-40DB-A1DB-8A07EDE78904}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2189C906-7B8C-402D-8DF2-24C0ADBC9568}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47CA5C7B-AE68-4696-A984-0637FCAAD9A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51F39388-F022-4C21-BB43-7FC2AE1AE4F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61C22ECB-9A8E-4E3A-AEB0-D6922A11AB80}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{6E0E4D0A-4250-4FD5-A226-CA3FC642DA24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{754F2325-4E56-4346-8ED3-8EBBC21C2BAF}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{A291A0FA-41D6-4688-B033-104E22DF9451}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8A7AB7D-ECD4-4D01-AB0D-44A74F81F283}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C61C8ED3-593B-4AB1-98A0-DDA266217725}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CACF043D-3E0F-4812-9993-C89AF0E2E4B6}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{D4C5D12D-522D-46CD-B77E-D514C1D79C1F}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{DD076F0E-D76B-45E6-8B21-8116BFDF056E}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02895136-2953-4AA3-91D9-5ABE8679C608}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{04318EAD-44D7-4673-97A3-850E7C31CFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{06310750-BC8F-466F-BD46-B00E790CB92D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{0C25CB91-000C-4CCD-ADE1-6ABDFB3F80E3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{11E6FD0E-43D7-4602-AAF6-C3DA44C21421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1483C3B7-9A4C-4D2B-807A-BA5241E13C61}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{171FC6A2-88BE-428D-9B2E-E9D20FE16BB7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{24E8AC26-6B79-4BE3-A5E4-81A907CB2198}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BF66F0A-B2AC-4D88-AC2E-738BC9874EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{2F95D6D5-0CBD-4DF9-A36F-35E971FA6020}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{39926324-1000-4A95-B5F2-89B7EBF27FF2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4A632540-2024-4F80-8EDE-EC41525095DF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{50441755-6B61-4D46-8C42-178299A09876}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{50B26A08-DBD4-4CE8-861D-6C68BB38152F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52CB2D54-2DAD-47EF-A5D1-2ED89DC49FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{562B8D58-C7BD-478C-AF21-8C9E1B1E41FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{5C809487-561D-466B-9074-48EC8B535D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{5CDA88D4-177C-4ED6-9C5D-B75A0E14C08A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6416E59D-6A4F-4EED-8B59-907F1BD3A449}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{685FA085-8D5F-4ECD-B1C0-4063DE3BF2CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D61298E-83F6-4CB3-AB73-80A28119AD00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7CFBF133-2DA0-4678-B03E-68AC77211389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81287567-F451-42FD-94E3-C9B48E48C272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{82B8E191-916E-4C9C-A71D-B0080812BF1E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{838E071C-3FAE-4C3A-B0EE-9CE5EC4A750A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{871B1655-6758-49BB-90A4-C07872CB5AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{897AF581-A425-4F43-A330-3FA82A58422E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89B56BBC-C1F9-43E9-AA1D-1B63F2CE72E3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{8D015DFF-36A9-426D-BF9E-C1B9DB4E3A97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E95CF50-C816-4867-BC09-C99F58815AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{8F317029-672D-4ED6-BC4D-518190288307}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9049EF3A-F1B5-431A-953C-087647B556CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{97206B30-C2A9-4EB7-9CC0-EC0C453AFF27}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A491E7AE-EDE6-4C48-9DC5-C08F7F651035}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{ACF6D1C6-796C-4CC6-9F71-9A8E59A4A0BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AF1D213D-5AC4-44CD-9CA8-326CE54DE968}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{BF0782E6-983C-4D2A-82F1-76F3B31D4983}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{CCE08ABF-AB11-4C8C-B155-007C20373CF4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{CE22AB43-7630-4AC5-965C-7DB5A9479142}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D0363F90-F40A-49C3-A784-1B4D03CADC1A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D4A97559-5287-45A4-9E61-F023160578D8}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{D4F756F9-7538-40C4-9E5A-EEBB871497C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D556BCB8-D64F-4903-A1DC-2F0C3233A270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC34362F-1768-4AE7-8EC7-1C704487F5BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{DE018B22-F774-473E-80BB-DC1DAAA2AD63}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{E17FB817-9D85-4574-A049-1DDF3603D896}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{E2A36AE3-9D88-4272-BB12-A15BAECA97BF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E7B038DC-0881-40C9-82AB-97399B26F073}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{E8A071C8-9D9C-4A7B-BC61-FEE96653D199}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{EC71FA35-43A4-4197-B913-E0AD3B220269}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{ED5EE59D-5F6B-4C11-8D16-F98EB84B4EE4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{F5DB139F-ADFC-4631-B3B2-0AABD89F4B07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F862E470-0D86-4A38-BEEC-31B8DEA03937}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FBD9CA5A-756C-40FE-9D37-9DE2561DC37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD82090E-71D4-4065-86F1-B75010396D1F}" = protocol=6 | dir=out | app=system | 
"TCP Query User{0F6885B1-4261-4327-9A0F-90D0AAAA3704}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{0FA38312-AFA6-4B91-A81E-52A8E84A12FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{18A14C63-BC6C-46AB-9668-44B0F694F800}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{38C73711-8557-4A7A-BC59-5E2697F9918D}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{71D52A7B-A1AE-462D-B8FB-E473F03D315E}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{8A81B094-A79D-4206-A815-EF3A25895382}E:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=e:\wd discovery software\wd discovery.exe | 
"TCP Query User{970D6D71-56CC-4DE9-A293-D6059EB31B24}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"TCP Query User{A4ACBC05-E34E-4DEC-8F78-64A136D8A8E1}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"TCP Query User{BF0E2C38-9F2D-4B50-8DB1-FA4825C026F2}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | 
"UDP Query User{157BAB03-D439-4828-AD36-D2149C4CD4D1}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"UDP Query User{26930EC0-F54D-413A-A376-7118631638D3}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"UDP Query User{6B12DCCD-35A0-47CF-8E7F-608D6F39137C}E:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=e:\wd discovery software\wd discovery.exe | 
"UDP Query User{78A9CDE5-7A0A-4EB5-9A09-7BD5497839EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8842D711-2F11-4F9A-A05B-F0BAF7196647}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{95FCF307-A24D-4451-9879-E3E05B7EFE66}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{C1879AD7-CF55-41C9-A5AF-0E226B7A93C5}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{C1F06034-7F75-41C9-AA70-E5C7644E0016}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{F7CC42D6-06DC-4ABA-998C-01A9FC431512}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{239558A4-D19F-44CE-5546-3C6653306B27}" = AMD Drag and Drop Transcoding
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}" = Gigaset QuickSync
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DCDC59E6-A428-D091-C5A2-AC15B54FEFF1}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7BBC6A1-A3C9-4745-BFFF-6BAA485D89C3}" = PG583_64_inf
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"C5AA3B5CB0B86D325AD6960FFC90ABB1076B8FA7" = Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (12/14/2007 6.1.64.42)
"CCleaner" = CCleaner
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-5 (x64)
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}" = Application Profiles
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}" = Lexware Abschreibungsrechner
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{41581163-87FB-4E8E-92C2-10366F8A3291}" = Lexware büro easy 2012 Vorteilsedition
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5880E4AC-88AC-AADB-0DCB-2A78093A8259}" = HydraVision
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}" = Lexware Elster
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}" = Lexware online banking
"{CD82DA39-2F2D-433E-5CB7-1C17A8C50E77}" = Catalyst Control Center InstallProxy
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA2A851C-6E2B-4677-9DA5-5ED9A3B227E2}" = Quake Live Internet Explorer Plugin
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"AmoK Find More!" = AmoK Find More! 1.1
"Architektur Designer 2007_is1" = Architektur Designer 2007
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Battlelog Web Plugins" = Battlelog Web Plugins
"DirSync" = DirSync  2.93
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.3 (01/04/2012) Qt
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"IMAPSize_is1" = IMAPSize 0.3.7
"Imgares_is1" = Imgares
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaCoder" = MediaCoder 0.7.3.4602
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"Origin" = Origin
"PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.2
"PDF to Flip Book - freeware_is1" = PDF to Flip Book - freeware
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (1.9.0.5004)
"Sweet Home 3D_is1" = Sweet Home 3D version 2.3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Regex Coach_is1" = The Regex Coach 0.9.2
"TreeSize Free_is1" = TreeSize Free V2.5
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.6.8
"XMind" = XMind
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 16:13:06 | Computer Name = PCNAME | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15476
 
Error - 13.06.2012 16:13:06 | Computer Name = PCNAME | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15476
 
Error - 13.06.2012 17:21:11 | Computer Name = PCNAME | Source = Application Hang | ID = 1002
Description = Programm QBW32.exe, Version 25.30.4.56 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1840    Startzeit:
 01cd49a633314567    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe

Berichts-ID:
 9bb8f998-b59d-11e1-861f-002268080226  
 
Error - 13.06.2012 17:25:00 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 01:13:06 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 01:53:22 | Computer Name = PCNAME | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x082f08be  ID des fehlerhaften
 Prozesses: 0x1860  Startzeit der fehlerhaften Anwendung: 0x01cd49ed67c6e0c5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 3f9386c1-b5e5-11e1-8706-002268080226
 
Error - 14.06.2012 02:17:09 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 10:18:58 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 10:32:28 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 10:46:14 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 11:02:45 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 14.06.2012 10:31:36 | Computer Name = PCNAME | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 14.06.2012 10:32:19 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 14.06.2012 10:44:39 | Computer Name = PCNAME | Source = DCOM | ID = 10010
Description = 
 
Error - 14.06.2012 10:45:23 | Computer Name = PCNAME | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 14.06.2012 10:46:04 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 14.06.2012 11:01:08 | Computer Name = PCNAME | Source = DCOM | ID = 10010
Description = 
 
Error - 14.06.2012 11:01:58 | Computer Name = PCNAME | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 14.06.2012 11:02:37 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 14.06.2012 11:04:42 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 14.06.2012 11:04:42 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---

hijacke

Code:
ATTFilter
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:48, on 14.06.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\christian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\sgskies\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 191.1.1.51:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 109.237.137.53 www.rs-werbung.de
O1 - Hosts: 109.237.137.53 www.kanalreinigung-graesel.de
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: PAYBACK Toolbar Browserhilfsobjekt - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: PAYBACK Toolbar - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll
O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Adobe Version Cue CS3 {de_DE}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\ThreatFire\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15017 bytes
         
--- --- ---

hiho,

bin mit allem Anweisungen fertig.

grüsse
christian


Geändert von Diakon (14.06.2012 um 09:36 Uhr)

Alt 14.06.2012, 17:03   #6
Diakon
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



Hi,

das System fühlt sich nun sehr aufgeräumt an aber es öffnen nun seit dem Aufräumen immer 4 Tabs im IE?

1) MSN
2) leer
3) leer 1 UTF-Zeichen in der URL als Ascii stehen Beispiel: x--s9d
4) anderes zeichen so wie in 3)

Kann ich doch einfach aus der reg. löschen oder?

grüsse

Alt 14.06.2012, 19:42   #7
kira
/// Helfer-Team
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



1.
wozu wird benötigt?:
PAYBACK Toolbar
meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
 
:Files
C:\Users\christian\AppData\Roaming\gpdf2swf
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
Empfehlungen/Vorschläge:
An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen:
Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll.
Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden!

Code:
ATTFilter
Du solltest nie deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
         
Es ist immer Benutzerspezifisch (ein allgemein gültiges Rezept gibt es nicht), Tipps kann ich Dir geben

um den Autostart von Windows XP zu verwalten:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart
► Vista u. Win7: "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK -> Systemstart-> Häckhen weg

(Autostart-Einträge, die Du nicht findest, einfach mit HijackThis fixen:
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
         
Achtung!:
Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren ggf erneut deaktivieren muss!

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

das Problem besteht weiterhin?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 15.06.2012, 07:20   #8
Diakon
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
C:\Users\christian\AppData\Roaming\gpdf2swf folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\christian\Desktop\cmd.bat deleted successfully.
C:\Users\christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: christian
->Temp folder emptied: 699077 bytes
->Temporary Internet Files folder emptied: 26128596 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 645 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: katja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4404 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 26,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06152012_081208

Files\Folders moved on Reboot...
C:\Users\christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.06.2012 08:24:43 - Run 3
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,40% Memory free
8,63 Gb Paging File | 6,84 Gb Available in Paging File | 79,25% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,74 Gb Total Space | 25,62 Gb Free Space | 18,07% Space Free | Partition Type: NTFS
Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32
 
Computer Name: PCNAME | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
PRC - [2012.06.05 09:57:08 | 000,243,256 | ---- | M] (PAYBACK GmbH) -- C:\Users\christian\AppData\LocalLow\PaybackToolbar32\bin\PaybackWorker_1_2_0\PaybackWorker.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.18 16:29:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.18 16:29:10 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.18 16:29:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.18 16:29:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.18 16:29:10 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.18 16:29:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.05 13:09:05 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.21 21:18:53 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2011.09.30 00:19:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
PRC - [2010.01.14 16:08:18 | 000,148,752 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFUN.exe
PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2009.08.26 01:11:06 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 08:09:16 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.13 08:09:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.05.09 23:11:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.09 23:11:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.05.09 23:10:53 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.09 23:10:46 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.07.08 05:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.18 16:29:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.18 16:29:10 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.18 16:29:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.18 16:29:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.18 16:29:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 13:17:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.26 22:48:54 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.30 00:19:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.09.11 17:39:49 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.09 15:24:32 | 000,838,200 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010.08.31 20:16:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.08.26 01:11:06 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009.08.13 15:54:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.10.22 14:49:47 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.08 04:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.10 03:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2010.11.10 03:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.11.06 01:10:47 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010.11.06 01:10:24 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010.11.06 01:10:24 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.19 21:27:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010.01.14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010.01.14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009.11.04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.26 00:43:18 | 000,034,600 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.04 01:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.02.20 19:09:18 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008.04.02 06:40:18 | 000,215,568 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.09.30 10:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 24 1C B4 BE 4A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 191.1.1.51:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.5.5
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.3
FF - prefs.js..extensions.enabledItems: {66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.backup.ftp: "191.1.XX.XX"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "191.1.XX.XX"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "191.1.XX.XX"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "191.1.XX.XX"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "191.1.XX.XX"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "191.1.XX.XX"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "191.1.XX.XX"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,intdddddt,doddddddom"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "191.1.XX.XX"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "191.1.XX.XX"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.26 22:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 22:06:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 23:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.12 08:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions
[2012.04.11 09:10:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.12.29 18:47:32 | 000,000,000 | ---D | M] (FoxGuide) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}
[2012.06.12 08:13:54 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.06.03 23:49:03 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.04.26 22:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.09 10:04:59 | 000,009,489 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\{E6C93316-271E-4B3D-8D7E-FE11B4350AEB}.XPI
[2012.05.17 20:26:01 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.04.26 22:48:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.27 20:35:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.26 10:52:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.26 10:52:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AT_ChloeV4 = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pillplnpmfjckedkedpaoembffbpklnf\2_0\
CHR - Extension: Google Mail = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.06.14 08:27:38 | 000,000,085 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 1xxxxxxxx3	wxxxxxde
O1 - Hosts: 1xxx3	wwxxxxx.de
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - Startup: C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006F36B7-495D-459B-B7E7-10E559DB48D4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.12 21:53:42 | 000,000,277 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008.11.03 14:30:00 | 000,000,043 | ---- | M] () - M:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 16:38:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.06.14 08:23:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012.06.14 07:57:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.14 07:57:27 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.06.13 07:41:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 07:41:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 07:41:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 07:41:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 07:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 07:41:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 07:41:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 07:41:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 07:41:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 07:41:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 07:41:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 07:41:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 07:41:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 07:39:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 07:39:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 07:39:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 07:39:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 07:39:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 07:39:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 07:39:13 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 07:38:31 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 07:38:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 08:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.06.12 08:14:10 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\QuickScan
[2012.06.12 07:52:21 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2012.06.12 07:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.06.12 07:30:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.06.12 07:30:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.06.12 07:30:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.06.12 07:30:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.06.12 07:30:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.06.12 07:30:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.06.12 07:30:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.06.12 07:30:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.06.12 07:30:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.06.12 07:30:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.06.12 07:30:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.06.12 07:30:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.06.12 07:30:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.06.12 07:30:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.06.12 07:30:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.06.12 07:30:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.06.12 07:30:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.06.12 07:30:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.06.12 07:30:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.06.12 07:30:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.06.12 07:30:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.06.12 07:30:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.06.12 07:30:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.06.12 07:30:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.06.12 07:30:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.06.12 07:30:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.06.12 07:30:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.06.12 07:30:14 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.06.12 07:30:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.06.12 07:30:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.06.12 07:30:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.06.12 07:30:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.06.12 07:30:14 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.06.12 07:30:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.06.12 07:30:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.06.12 07:30:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.06.12 07:30:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.06.12 07:30:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.06.12 07:30:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.06.12 07:30:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.06.12 07:30:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.06.12 07:30:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.06.12 07:30:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.06.12 07:30:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.06.12 07:30:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.06.12 07:30:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.06.12 07:30:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.06.12 07:30:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.06.12 07:30:13 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.06.12 07:30:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.06.12 07:30:13 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.06.12 07:30:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.06.12 07:30:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.06.12 07:30:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.06.12 07:30:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.06.12 07:30:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.06.12 07:30:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.06.12 07:30:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.12 07:30:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.06.11 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.28 14:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\fptffb
[2012.05.28 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Kvisoft
[2012.05.28 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kvisoft
[2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\flippagemaker
[2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2012.05.28 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Flip Book - freeware
[2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF to Flip Book - freeware
[2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook
[2012.05.28 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Boxtools
[2012.05.28 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlipPDF to Flash (freeware)
[2012.05.28 14:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf2swf
[2012.05.28 14:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWFTools
[2012.05.26 09:46:47 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Installer6972
[2012.05.20 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\FastStone
[2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
[2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2012.05.20 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.18 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\XMedia Recode
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.15 08:21:36 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 08:21:36 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 08:17:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.15 08:13:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.15 08:13:51 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 09:00:50 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.14 08:27:38 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.14 08:25:29 | 000,002,995 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.lnk
[2012.06.14 08:23:42 | 001,402,880 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.msi
[2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012.06.14 08:00:24 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 08:00:24 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 08:00:24 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 08:00:24 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 08:00:24 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 07:24:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.13 19:30:55 | 002,321,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 01:01:53 | 000,004,129 | ---- | M] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist
[2012.06.12 07:30:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.06.12 07:30:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.06.12 07:30:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.06.12 07:30:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.06.12 07:30:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.06.12 07:30:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.06.12 07:30:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.06.12 07:30:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.06.12 07:30:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.06.12 07:30:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.06.12 07:30:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.06.12 07:30:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.06.12 07:30:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.06.12 07:30:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.06.12 07:30:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.06.12 07:30:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.12 07:30:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.06.12 07:30:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.06.12 07:30:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.06.12 07:30:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.06.12 07:30:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.06.12 07:30:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.06.12 07:30:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.06.12 07:30:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.06.12 07:30:15 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.06.12 07:30:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.06.12 07:30:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.06.12 07:30:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.06.12 07:30:14 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.06.12 07:30:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.06.12 07:30:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.06.12 07:30:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.06.12 07:30:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.06.12 07:30:14 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.06.12 07:30:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.06.12 07:30:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.06.12 07:30:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.06.12 07:30:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.06.12 07:30:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.06.12 07:30:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.06.12 07:30:14 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.06.12 07:30:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.06.12 07:30:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.06.12 07:30:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.06.12 07:30:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.06.12 07:30:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.06.12 07:30:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.06.12 07:30:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.06.12 07:30:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.06.12 07:30:13 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.06.12 07:30:13 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.06.12 07:30:13 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.06.12 07:30:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.06.12 07:30:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.06.12 07:30:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.06.12 07:30:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.06.12 07:30:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.12 07:30:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.06.12 07:30:13 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.06.12 07:30:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.12 07:30:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.06.12 07:05:26 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 05:26:16 | 000,002,384 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk
[2012.06.06 09:03:49 | 000,002,012 | -H-- | M] () -- C:\Users\christian\Documents\Default.rdp
[2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 09:41:14 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Lexware büro easy.lnk
[2012.05.26 09:40:07 | 000,001,055 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.26 09:39:45 | 000,001,031 | ---- | M] () -- C:\Users\christian\Desktop\Dropbox.lnk
[2012.05.20 14:13:34 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2012.05.20 14:02:04 | 000,000,080 | ---- | M] () -- C:\Users\christian\Desktop\hosts
[2012.05.18 16:30:10 | 000,000,044 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs
[2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.14 08:25:29 | 000,002,995 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.lnk
[2012.06.14 08:23:38 | 001,402,880 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.msi
[2012.06.14 07:24:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.12 07:30:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.06.12 07:30:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.06.12 07:05:26 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.20 14:13:34 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2012.05.18 16:30:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\InstallationInfs
[2012.04.12 15:33:00 | 006,157,872 | ---- | C] () -- C:\Program Files (x86)\tfbl.db4
[2012.04.12 15:32:55 | 000,603,580 | ---- | C] () -- C:\Program Files (x86)\tfwl.db5
[2012.04.12 15:32:55 | 000,047,812 | ---- | C] () -- C:\Program Files (x86)\Statistics.xml
[2012.04.12 15:32:55 | 000,004,339 | ---- | C] () -- C:\Program Files (x86)\Blogs.htm
[2012.04.11 08:18:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2012.04.11 08:18:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2012.04.11 08:18:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.11 08:16:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.10 12:15:16 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2012.02.10 12:14:02 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.02.10 12:11:48 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.02.10 12:11:30 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.22 20:14:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.10.06 23:01:46 | 000,000,036 | ---- | C] () -- C:\Users\christian\AppData\Local\housecall.guid.cache
[2010.09.30 22:47:58 | 000,004,129 | ---- | C] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist
[2010.09.21 19:52:15 | 000,007,617 | ---- | C] () -- C:\Users\christian\AppData\Local\Resmon.ResmonCfg
[2010.08.31 20:23:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.08.01 19:20:11 | 000,011,776 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 22:09:26 | 000,000,600 | ---- | C] () -- C:\Users\christian\AppData\Local\PUTTY.RND
[2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
 
========== LOP Check ==========
 
[2011.05.17 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acer Arcade Live
[2010.04.28 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acer GameZone Console
[2010.04.28 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Artisteer
[2010.06.10 21:40:19 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ASCON Installer
[2010.06.10 21:42:30 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ASCON Programme
[2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Broad Intelligence
[2010.10.21 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Bytescout SWF To Video Scout
[2011.07.23 13:46:36 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\DAEMON Tools Lite
[2012.06.15 08:17:06 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Dropbox
[2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Epson
[2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\eSobi
[2012.06.13 23:19:16 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FileZilla
[2011.10.25 01:21:02 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FRITZ!
[2011.10.25 01:16:06 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.03.18 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\GoodSync
[2010.08.28 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\gtk-2.0
[2012.05.21 08:48:26 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ICQ
[2012.04.09 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\IrfanView
[2010.12.15 07:54:36 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\JAM Software
[2010.04.28 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Juniper Networks
[2011.02.04 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Leadertech
[2012.03.27 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Lexware
[2012.01.18 09:49:20 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\MyPhoneExplorer
[2012.03.27 23:11:56 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Notepad++
[2011.03.02 22:33:11 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\OpenOffice.org
[2011.09.29 23:39:29 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Origin
[2011.05.17 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\PowerCinema
[2012.06.12 08:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\QuickScan
[2012.03.01 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Samsung
[2011.04.09 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Sony
[2010.04.28 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\springlobby
[2010.04.28 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\springsettings
[2012.02.16 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TeamViewer
[2012.04.09 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Temp
[2010.08.15 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Thunderbird
[2010.09.30 22:41:33 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\timeEdition
[2011.07.23 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TS3Client
[2010.12.30 11:30:16 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\WD
[2010.09.09 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Win7codecs
[2012.05.18 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\XMedia Recode
[2012.06.03 11:37:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.06.2012 08:24:44 - Run 3
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,40% Memory free
8,63 Gb Paging File | 6,84 Gb Available in Paging File | 79,25% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,74 Gb Total Space | 25,62 Gb Free Space | 18,07% Space Free | Partition Type: NTFS
Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS
Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32
 
Computer Name: PCNAME | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BB73FF-798F-40DB-A1DB-8A07EDE78904}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2189C906-7B8C-402D-8DF2-24C0ADBC9568}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47CA5C7B-AE68-4696-A984-0637FCAAD9A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51F39388-F022-4C21-BB43-7FC2AE1AE4F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61C22ECB-9A8E-4E3A-AEB0-D6922A11AB80}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{6E0E4D0A-4250-4FD5-A226-CA3FC642DA24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{754F2325-4E56-4346-8ED3-8EBBC21C2BAF}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{A291A0FA-41D6-4688-B033-104E22DF9451}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8A7AB7D-ECD4-4D01-AB0D-44A74F81F283}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C61C8ED3-593B-4AB1-98A0-DDA266217725}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CACF043D-3E0F-4812-9993-C89AF0E2E4B6}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{D4C5D12D-522D-46CD-B77E-D514C1D79C1F}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{DD076F0E-D76B-45E6-8B21-8116BFDF056E}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02895136-2953-4AA3-91D9-5ABE8679C608}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{04318EAD-44D7-4673-97A3-850E7C31CFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{06310750-BC8F-466F-BD46-B00E790CB92D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{0C25CB91-000C-4CCD-ADE1-6ABDFB3F80E3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{11E6FD0E-43D7-4602-AAF6-C3DA44C21421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1483C3B7-9A4C-4D2B-807A-BA5241E13C61}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{171FC6A2-88BE-428D-9B2E-E9D20FE16BB7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{24E8AC26-6B79-4BE3-A5E4-81A907CB2198}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BF66F0A-B2AC-4D88-AC2E-738BC9874EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{2F95D6D5-0CBD-4DF9-A36F-35E971FA6020}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{39926324-1000-4A95-B5F2-89B7EBF27FF2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4A632540-2024-4F80-8EDE-EC41525095DF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{50441755-6B61-4D46-8C42-178299A09876}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{50B26A08-DBD4-4CE8-861D-6C68BB38152F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52CB2D54-2DAD-47EF-A5D1-2ED89DC49FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{562B8D58-C7BD-478C-AF21-8C9E1B1E41FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{5C809487-561D-466B-9074-48EC8B535D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{5CDA88D4-177C-4ED6-9C5D-B75A0E14C08A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6416E59D-6A4F-4EED-8B59-907F1BD3A449}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{685FA085-8D5F-4ECD-B1C0-4063DE3BF2CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D61298E-83F6-4CB3-AB73-80A28119AD00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7CFBF133-2DA0-4678-B03E-68AC77211389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81287567-F451-42FD-94E3-C9B48E48C272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{82B8E191-916E-4C9C-A71D-B0080812BF1E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{838E071C-3FAE-4C3A-B0EE-9CE5EC4A750A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{871B1655-6758-49BB-90A4-C07872CB5AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{897AF581-A425-4F43-A330-3FA82A58422E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89B56BBC-C1F9-43E9-AA1D-1B63F2CE72E3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{8D015DFF-36A9-426D-BF9E-C1B9DB4E3A97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E95CF50-C816-4867-BC09-C99F58815AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{8F317029-672D-4ED6-BC4D-518190288307}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9049EF3A-F1B5-431A-953C-087647B556CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{97206B30-C2A9-4EB7-9CC0-EC0C453AFF27}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A491E7AE-EDE6-4C48-9DC5-C08F7F651035}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{ACF6D1C6-796C-4CC6-9F71-9A8E59A4A0BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AF1D213D-5AC4-44CD-9CA8-326CE54DE968}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{BF0782E6-983C-4D2A-82F1-76F3B31D4983}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{CCE08ABF-AB11-4C8C-B155-007C20373CF4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{CE22AB43-7630-4AC5-965C-7DB5A9479142}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D0363F90-F40A-49C3-A784-1B4D03CADC1A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D4A97559-5287-45A4-9E61-F023160578D8}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{D4F756F9-7538-40C4-9E5A-EEBB871497C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D556BCB8-D64F-4903-A1DC-2F0C3233A270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC34362F-1768-4AE7-8EC7-1C704487F5BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{DE018B22-F774-473E-80BB-DC1DAAA2AD63}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{E17FB817-9D85-4574-A049-1DDF3603D896}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{E2A36AE3-9D88-4272-BB12-A15BAECA97BF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E7B038DC-0881-40C9-82AB-97399B26F073}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{E8A071C8-9D9C-4A7B-BC61-FEE96653D199}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{EC71FA35-43A4-4197-B913-E0AD3B220269}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{ED5EE59D-5F6B-4C11-8D16-F98EB84B4EE4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{F5DB139F-ADFC-4631-B3B2-0AABD89F4B07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F862E470-0D86-4A38-BEEC-31B8DEA03937}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FBD9CA5A-756C-40FE-9D37-9DE2561DC37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD82090E-71D4-4065-86F1-B75010396D1F}" = protocol=6 | dir=out | app=system | 
"TCP Query User{0F6885B1-4261-4327-9A0F-90D0AAAA3704}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{0FA38312-AFA6-4B91-A81E-52A8E84A12FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{18A14C63-BC6C-46AB-9668-44B0F694F800}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{38C73711-8557-4A7A-BC59-5E2697F9918D}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{71D52A7B-A1AE-462D-B8FB-E473F03D315E}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{8A81B094-A79D-4206-A815-EF3A25895382}E:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=e:\wd discovery software\wd discovery.exe | 
"TCP Query User{970D6D71-56CC-4DE9-A293-D6059EB31B24}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"TCP Query User{A4ACBC05-E34E-4DEC-8F78-64A136D8A8E1}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"TCP Query User{BF0E2C38-9F2D-4B50-8DB1-FA4825C026F2}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | 
"UDP Query User{157BAB03-D439-4828-AD36-D2149C4CD4D1}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"UDP Query User{26930EC0-F54D-413A-A376-7118631638D3}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"UDP Query User{6B12DCCD-35A0-47CF-8E7F-608D6F39137C}E:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=e:\wd discovery software\wd discovery.exe | 
"UDP Query User{78A9CDE5-7A0A-4EB5-9A09-7BD5497839EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8842D711-2F11-4F9A-A05B-F0BAF7196647}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{95FCF307-A24D-4451-9879-E3E05B7EFE66}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{C1879AD7-CF55-41C9-A5AF-0E226B7A93C5}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{C1F06034-7F75-41C9-AA70-E5C7644E0016}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{F7CC42D6-06DC-4ABA-998C-01A9FC431512}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{239558A4-D19F-44CE-5546-3C6653306B27}" = AMD Drag and Drop Transcoding
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}" = Gigaset QuickSync
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DCDC59E6-A428-D091-C5A2-AC15B54FEFF1}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7BBC6A1-A3C9-4745-BFFF-6BAA485D89C3}" = PG583_64_inf
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"C5AA3B5CB0B86D325AD6960FFC90ABB1076B8FA7" = Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (12/14/2007 6.1.64.42)
"CCleaner" = CCleaner
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-5 (x64)
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}" = Application Profiles
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}" = Lexware Abschreibungsrechner
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{41581163-87FB-4E8E-92C2-10366F8A3291}" = Lexware büro easy 2012 Vorteilsedition
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5880E4AC-88AC-AADB-0DCB-2A78093A8259}" = HydraVision
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}" = Lexware Elster
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}" = Lexware online banking
"{CD82DA39-2F2D-433E-5CB7-1C17A8C50E77}" = Catalyst Control Center InstallProxy
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA2A851C-6E2B-4677-9DA5-5ED9A3B227E2}" = Quake Live Internet Explorer Plugin
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"AmoK Find More!" = AmoK Find More! 1.1
"Architektur Designer 2007_is1" = Architektur Designer 2007
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Battlelog Web Plugins" = Battlelog Web Plugins
"DirSync" = DirSync  2.93
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.3 (01/04/2012) Qt
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"IMAPSize_is1" = IMAPSize 0.3.7
"Imgares_is1" = Imgares
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaCoder" = MediaCoder 0.7.3.4602
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"Origin" = Origin
"PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.2
"PDF to Flip Book - freeware_is1" = PDF to Flip Book - freeware
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (1.9.0.5004)
"Sweet Home 3D_is1" = Sweet Home 3D version 2.3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Regex Coach_is1" = The Regex Coach 0.9.2
"TreeSize Free_is1" = TreeSize Free V2.5
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.6.8
"XMind" = XMind
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 17:25:00 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 01:13:06 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 01:53:22 | Computer Name = PCNAME | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x082f08be  ID des fehlerhaften
 Prozesses: 0x1860  Startzeit der fehlerhaften Anwendung: 0x01cd49ed67c6e0c5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 3f9386c1-b5e5-11e1-8706-002268080226
 
Error - 14.06.2012 02:17:09 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 10:18:58 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 10:32:28 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 10:46:14 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 11:02:45 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 12:43:57 | Computer Name = PCNAME | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 15.06.2012 02:05:45 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2012 02:14:29 | Computer Name = PCNAME | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 14.06.2012 11:01:58 | Computer Name = PCNAME | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 14.06.2012 11:02:37 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 14.06.2012 11:04:42 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 14.06.2012 11:04:42 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 15.06.2012 02:02:59 | Computer Name = PCNAME | Source = DCOM | ID = 10010
Description = 
 
Error - 15.06.2012 02:04:56 | Computer Name = PCNAME | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 15.06.2012 02:05:35 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 15.06.2012 02:12:55 | Computer Name = PCNAME | Source = DCOM | ID = 10010
Description = 
 
Error - 15.06.2012 02:13:40 | Computer Name = PCNAME | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 15.06.2012 02:14:21 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
 
< End of report >
         
--- --- ---

-------------

Rechner ist übrigends nun wieder so schnell beim Starten wie bei einer neuinstallation?!

Alt 09.07.2012, 08:37   #9
kira
/// Helfer-Team
 
Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Standard

Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck



** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:
Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck
acer, aktiv, appdata, autorun.inf, avira, computer, datei, dateien, escan, exe, frage, gelöscht, gen, inf/autorun.gen, java, java/trojandownloader.openstream.ncm, live, löschen, nicht mehr, rechner, system, temp, trojaner, viren, virenscanner, virus, win32/agent.dyxwumy, zugriff



Ähnliche Themen: Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck


  1. Ramnit.A 4909 Viren wurden von Avira erkannt! Wie kann ich diesen Virus/Wurm bekämpfen ohne dass Benutzer Dateien zu schaden kommen?
    Plagegeister aller Art und deren Bekämpfung - 16.08.2014 (3)
  2. Taskmanager , RegEdit sowie GPEdit.msc wurden von einem bösartigem Programm deaktiviert.
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (1)
  3. Nach einem Bundespolizei Trojaner foto und film dateien .enc codiert und in RTF dateien umgewandelt
    Antiviren-, Firewall- und andere Schutzprogramme - 10.04.2014 (2)
  4. Malwarebytes findet verdächtige Dateien - was soll ich damit tun?
    Mülltonne - 24.01.2014 (1)
  5. Verdächtige Hooks in diversen Dateien laut GMER
    Log-Analyse und Auswertung - 13.06.2013 (11)
  6. Sie wurden mit einem temporären Profil angemeldet
    Alles rund um Windows - 16.10.2012 (3)
  7. 22 Verdächtige Dateien
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (1)
  8. Verdächtige Dateien
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (0)
  9. BKA Virus eingefangen und Dateien wurden überschrieben !
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (1)
  10. Computer öffnet .exe Dateien nicht , IE - Popups öffnen sich alle 2 Minuten > Folgen von Viren?
    Alles rund um Windows - 04.04.2011 (3)
  11. Verdächtige Dateien und Win-Taste deaktiviert?
    Log-Analyse und Auswertung - 07.12.2008 (0)
  12. Hab verdächtige Dateien - Was tun??
    Plagegeister aller Art und deren Bekämpfung - 30.07.2008 (1)
  13. E-Scan legt verdächtige Dateien an
    Diskussionsforum - 03.10.2007 (2)
  14. verdächtige dateien löschen? mota113.exe
    Plagegeister aller Art und deren Bekämpfung - 14.03.2007 (13)
  15. Verdächtige EXE-Dateien in C:\Windows\Temp
    Log-Analyse und Auswertung - 17.07.2005 (6)
  16. Verdächtige Dateien überprüfen und einsenden!
    Archiv - 25.06.2005 (0)
  17. Mehrere verdächtige Dateien, z.B. IWurm.Numgame
    Plagegeister aller Art und deren Bekämpfung - 28.12.2003 (2)

Zum Thema Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck - Hallo, bei einem Standard-Scan ohne vorherige Meldung meines Virenscanner (AVIRA Premium) habe ich 2-3 mögliche Viren entdeckt. So bin ich vorgegangen: Trotz AVIRA Firewall/Virenscanner scanne ich alle paar Monate mit - Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck...
Archiv
Du betrachtest: Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.