Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Firefox hat hohe CPU-Auslastung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.02.2013, 21:55   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox hat hohe CPU-Auslastung - Standard

Firefox hat hohe CPU-Auslastung



Eine neue Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 22:09   #17
blumenwiese7
 
Firefox hat hohe CPU-Auslastung - Standard

Firefox hat hohe CPU-Auslastung



Code:
ATTFilter
OTL Extras logfile created on: 04.02.2013 21:57:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 75,34% Memory free
5,86 Gb Paging File | 5,08 Gb Available in Paging File | 86,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,39 Gb Total Space | 4,69 Gb Free Space | 9,13% Space Free | Partition Type: NTFS
Drive D: | 65,22 Gb Total Space | 10,68 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3983005813-3181968773-4197894644-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0386E5C2-66B2-48CE-B6A3-7D094768B47F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{05DD103A-9735-4937-A217-A1CA8056E0B2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{105172D8-0DEE-43EF-8608-6D8FB0A62FD2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{192255A1-07AE-4CFB-B52E-7F7110728DCC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{243E28EA-0890-4CE4-AB06-D769050285CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2555D3B0-639E-4A52-9626-3B1A2285C584}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | 
"{2768A460-3043-45FA-8095-BFEE8978CEEE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{31D8F21D-7668-4610-915B-899E8D83D208}" = lport=68 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{36CAB5BD-0066-4295-9DFE-0480B2B37E58}" = lport=67 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{4C7163AC-EB8E-4D16-812A-64A3278525CA}" = lport=1303 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{4CD67B54-6D4D-4ABA-A170-DDD8FAA37294}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4F2D1451-5F91-40BB-8A2A-4A6FEBA43B10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{525D7E11-582B-4D89-A268-61B31AC5EF11}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{567EDA82-D625-4BD0-8DAC-6E147476A7E7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{83EF2ECA-425F-4C45-B26F-CBB1911F3265}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97E3B364-E749-4C17-82F1-266A95EF10AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9BDBDD67-0093-426B-9AA5-46BE8BAFE0C3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A42DEC5E-4963-489F-978A-F93D3BFD47F6}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | 
"{A5BE2544-5C8F-49DE-A8D5-502132F79AA8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A6D7ABD0-F319-48D9-BABD-1B40E1C8C5D9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{AF9554A1-67F2-4EC4-9D7D-52A54064CEC8}" = lport=53 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{BE2D7BE2-05C5-490B-8141-311D3DA7F9BB}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | 
"{D268A709-BB1D-4AA0-9ECC-86AE0652B259}" = lport=2987 | protocol=6 | dir=in | app=c:\program files\connectify\connectify.exe | 
"{D3F31F1D-04D6-4DD9-9704-4EAE101B823E}" = lport=1317 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{F035B2BF-7B24-4A2F-8E44-DAEF6F9B2261}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F366747D-62F4-40DB-B8EA-5BCA8453C1E0}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{217FB26A-6EA4-42B5-8F90-81B0FFFC0528}" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe | 
"{27340B18-5133-4092-80DF-EE0497CC7516}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{2ABCE00A-59F9-4E0A-A054-952DC9900A2C}" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"{322F4934-62FD-4982-ABD4-41D2C4F91B79}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{3C65B061-0F81-4458-806B-0F5CD2585BD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6332D44F-5B81-4924-B279-2B6AF60AC6E0}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{6928C79A-FD77-4A62-8CBB-814A22EDE0A1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{6AC207D3-229D-4304-9ABB-27D2FA10F374}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) | 
"{6E908FFB-5C2D-4182-9B7B-7B9B0E3C724A}" = dir=out | app=c:\windows\system32\svchost.exe | 
"{7054730B-8B07-4D28-BA9B-C1FAAF14B09D}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe | 
"{7532D3A1-583C-4137-990F-9EC5B659690B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{76436E96-64A4-4BB5-ACFF-119BC432B82E}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{94144068-FF00-4358-84B6-D13E28FCD419}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C3DE0A6-57B7-4CCE-9406-C88D42B86011}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A16C5977-93C2-499A-9C61-16C530C4E468}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B37A50FD-EC2C-4CA9-8313-55C7E5B081BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B725AE19-933E-4E46-8D8C-58314CA91C71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C6C12E3A-A221-4FB9-8403-6582FEA0410A}" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe | 
"{CFDD84AE-5293-4DA2-A210-488D4A6BA4BF}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{D568E12C-F9A8-4522-9BFD-D4A77ADA3CF0}" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"{E8AECBD9-3755-418B-84F9-9B22B67277B7}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{EA4527BD-B939-492D-B801-E4379A0211C1}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{EB2F5C85-7DE6-480A-B230-827DD0523B08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB6F6336-DE68-4E78-BD0E-1F774A51AAB5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{FC76DC8C-EDBA-46FD-86DC-DAE0CD6B9E46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FFCA82EC-B52B-4725-B51F-F41609B80BCD}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{1AD5496C-D3F5-40FC-AA91-3E72B0DC4563}C:\users\***\desktop\eclipse-jee-juno-sr1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\eclipse-jee-juno-sr1-win32\eclipse\eclipse.exe | 
"TCP Query User{4A9EFB0A-3C7F-4637-AA1F-7D4A12CA977B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{57585630-DFDB-45BE-B189-0497009B0AE5}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5FA4B996-49C2-4D50-8946-B55101C445B2}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"TCP Query User{8C4E1E4C-043F-45BF-B311-44CA3D71CC53}C:\program files\ispy\ispy\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe | 
"TCP Query User{8F1B85EE-1178-4530-9DFF-6D264045C402}C:\program files\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files\connectify\connectify.exe | 
"UDP Query User{10661907-BBBD-49BB-A60B-48F198B592DE}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"UDP Query User{35AD4070-88C9-4575-B59B-026100464D2E}C:\program files\ispy\ispy\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe | 
"UDP Query User{86BCDA29-AD97-43A5-918A-71FBF6222EFF}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{AF91FE90-4269-455D-B099-6314C0872BB9}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{B49C6AEE-C030-4A56-B92A-E17ED6247AEC}C:\program files\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files\connectify\connectify.exe | 
"UDP Query User{D2B2ACBE-110A-45A5-87CC-473F70F1BA22}C:\users\***\desktop\eclipse-jee-juno-sr1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\eclipse-jee-juno-sr1-win32\eclipse\eclipse.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E91951D-0114-4692-8F55-F95E1B2F3542}" = SlimDrivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2BF9702B-52EE-4841-83C4-B5E640B6C97A}" = Media Go
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 4.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}" = Enterprise Architect 10  - 30 Day Trial Edition
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EB84CEC-6819-4E51-9E32-C756835637B0}" = PlayMemories Home
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A30EE8A6-6B9F-4973-B5ED-2A60B40576E4}_is1" = StudNET Login Client
"{A4F094CE-9B05-FB0C-DD73-A85DE5D8D283}" = Media Go Video Playback Engine 1.92.169.06150
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EBC147FC-1A82-448F-AE35-914AF96194C6}" = Oracle VM VirtualBox 4.2.4
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D70D18-6CDC-4839-A01B-660D19CA3A5E}" = iSpy
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.2
"AnyDVD" = AnyDVD
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Connectify" = Connectify Hotspot
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"EAGLE 5.1.0" = EAGLE 5.1.0
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.2
"Foxit Reader_is1" = Foxit Reader
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MiniLyrics" = MiniLyrics
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Omnius for SE" = Omnius for SE v1.38
"Opera 12.12.1707" = Opera 12.12
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
"VSO Inspector_is1" = VSO Inspector 2.0.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3983005813-3181968773-4197894644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.02.2013 22:15:28 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Trillian\plugins\ingame\ingame_64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.02.2013 22:16:44 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
 1701\Tools\Tages\DrvSetup_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.02.2013 22:17:00 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.02.2013 08:44:52 | Computer Name = ***-PC | Source = VSS | ID = 12310
Description = 
 
Error - 03.02.2013 08:44:52 | Computer Name = ***-PC | Source = VSS | ID = 12298
Description = 
 
Error - 03.02.2013 17:16:36 | Computer Name = ***-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 04.02.2013 10:10:20 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052cc7  ID des fehlerhaften
 Prozesses: 0xb5c  Startzeit der fehlerhaften Anwendung: 0x01ce02e0b2bb6530  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 9b8ebbb0-6ed4-11e2-baa5-0017c4a9b538
 
Error - 04.02.2013 11:23:21 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm trillian.exe, Version 5.3.0.14 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 90    Startzeit: 01ce02e9dab859f4

Endzeit:
 32    Anwendungspfad: C:\Program Files\Trillian\trillian.exe    Berichts-ID: c584cf85-6ede-11e2-bdfa-0017c4a9b538

 
Error - 04.02.2013 12:09:19 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Trillian\plugins\ingame\ingame_64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.02.2013 12:10:43 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 04.02.2013 08:47:49 | Computer Name = ***-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 04.02.2013 08:47:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 04.02.2013 10:40:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Connectify" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt:
 Restart the service.
 
Error - 04.02.2013 10:40:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 04.02.2013 10:42:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Connectify" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt:
 Restart the service.
 
Error - 04.02.2013 10:46:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 04.02.2013 10:47:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Connectify" wurde unerwartet beendet. Dies ist bereits
 3 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Restart the service.
 
Error - 04.02.2013 10:49:23 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Connectify" wurde unerwartet beendet. Dies ist bereits
 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Restart the service.
 
Error - 04.02.2013 10:52:09 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?02.?2013 um 15:50:29 unerwartet heruntergefahren.
 
Error - 04.02.2013 16:26:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "UMVPFSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 04.02.2013 21:57:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 75,34% Memory free
5,86 Gb Paging File | 5,08 Gb Available in Paging File | 86,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,39 Gb Total Space | 4,69 Gb Free Space | 9,13% Space Free | Partition Type: NTFS
Drive D: | 65,22 Gb Total Space | 10,68 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Connectify\ConnectifyD.exe (Connectify)
PRC - C:\Program Files\Connectify\ConnectifyService.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\studnet\studnet.exe (Dossin-Brade GbR)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (Connectify) -- C:\Program Files\Connectify\ConnectifyService.exe ()
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (cnnctfy2) -- C:\Windows\System32\drivers\cnnctfy2.sys (Connectify)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039bus) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3983005813-3181968773-4197894644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3983005813-3181968773-4197894644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 BF C5 63 0E EC CD 01  [binary data]
IE - HKU\S-1-5-21-3983005813-3181968773-4197894644-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3983005813-3181968773-4197894644-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3983005813-3181968773-4197894644-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3983005813-3181968773-4197894644-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.01.27 21:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.22 23:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.13 19:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.22 23:24:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.13 19:49:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.08.20 21:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.02.02 23:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ztegzhix.default\extensions
[2013.02.02 23:37:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ztegzhix.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.01.13 18:48:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ztegzhix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.21 15:35:14 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ztegzhix.default\extensions\DeviceDetection@logitech.com
[2013.01.10 21:54:31 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ztegzhix.default\extensions\firefox@ghostery.com
[2012.09.15 15:02:52 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ztegzhix.default\extensions\ich@maltegoetz.de
[2013.01.23 12:25:05 | 000,157,239 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
[2012.10.29 15:20:46 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\extensions\translator@zoli.bod.xpi
[2012.12.04 19:20:37 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2013.02.02 23:37:43 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.02 13:56:51 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.01.31 18:46:00 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.29 16:28:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.10.23 19:58:54 | 000,012,703 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\searchplugins\imdb.xml
[2012.08.25 23:14:07 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ztegzhix.default\searchplugins\youtube-videosuche.xml
[2013.01.22 23:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.01.27 21:56:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.01.22 23:24:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.12 12:50:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.02.04 21:26:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3983005813-3181968773-4197894644-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3983005813-3181968773-4197894644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47943D23-72D3-45CE-9007-96CB1931B882}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFC03C6C-4D56-40CE-9FEB-FAD9B0E2EF9C}: NameServer = 139.18.25.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 21:26:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.04 21:23:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.04 19:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013.02.04 15:53:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.04 15:51:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.04 15:38:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.04 15:38:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.04 15:38:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.04 15:38:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.04 15:38:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.04 13:26:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar-1.01.0.1017
[2013.02.04 00:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.03 22:39:55 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Chatverläufe
[2013.02.03 13:42:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.02.03 13:40:26 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 13:40:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 13:40:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 13:40:16 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 02:18:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.02.03 02:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.03 02:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.03 02:17:41 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.03 02:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.03 02:17:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.02.03 02:16:54 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.02 19:24:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Trillian
[2013.02.02 19:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2013.02.02 12:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2013.02.02 12:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2013.02.02 12:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.02.02 12:10:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3
[2013.02.02 12:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013.02.02 12:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.02.02 12:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013.02.01 18:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.01 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.01 18:24:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.02.01 00:45:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Jitsi
[2013.01.27 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sparx Systems
[2013.01.27 22:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sparx Systems
[2013.01.27 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enterprise Architect 10
[2013.01.27 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.01.26 23:29:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\musik
[2013.01.26 16:22:50 | 000,000,000 | ---D | C] -- C:\Users\***\UniGrid_Profile
[2013.01.24 21:13:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\BWL
[2013.01.24 21:12:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Technische Informatik II
[2013.01.24 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2013.01.24 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2013.01.24 18:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013.01.24 08:19:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ubuntufiles
[2013.01.23 15:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.01.22 23:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.22 23:10:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\aglotze54
[2013.01.15 13:54:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\binäruhr
[2013.01.13 19:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.12 21:52:45 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.12 21:52:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.12 21:52:09 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.12 21:52:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.12 21:52:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.12 21:52:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.12 21:52:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.12 21:52:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.12 21:52:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.12 21:52:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.12 21:52:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.12 21:52:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.12 21:52:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.12 21:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.12 21:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.12 21:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.12 21:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.12 21:52:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.12 21:52:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.12 21:52:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.12 21:52:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.12 21:52:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.12 21:52:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.12 21:52:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.12 21:52:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.12 21:52:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.12 21:52:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.12 21:52:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.12 21:52:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.12 21:52:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.12 21:52:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.12 21:52:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.12 21:51:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.01.12 21:51:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.01.12 21:51:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.01.12 21:51:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.01.12 21:51:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.01.12 21:51:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.01.12 21:51:38 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.01.12 21:51:38 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.01.12 21:51:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.01.12 21:51:37 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.01.12 21:51:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.01.12 21:51:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.01.12 21:51:29 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.01.12 21:51:28 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.01.12 21:51:28 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.01.12 21:51:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.01.12 21:46:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.01.06 21:06:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\P
[2013.01.06 17:58:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Prag
[2012.12.17 21:54:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 21:33:05 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 21:33:05 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 21:28:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.04 21:27:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 21:27:36 | 2359,980,032 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 21:26:48 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.02.04 21:23:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.04 21:16:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.04 21:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 19:30:09 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013.02.04 14:31:39 | 001,305,400 | ---- | M] () -- C:\Users\***\Desktop\Formelsammlung Physik.pdf
[2013.02.04 13:29:01 | 000,694,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.04 13:29:01 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.04 13:29:01 | 000,147,802 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.04 13:29:01 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.03 22:41:55 | 001,913,307 | ---- | M] () -- C:\Users\***\Desktop\IMG_20130203_154524.jpg
[2013.02.03 13:40:11 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 13:40:09 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 13:40:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 13:40:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 13:40:07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.03 13:40:07 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.03 13:36:51 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.03 13:31:52 | 000,001,919 | ---- | M] () -- C:\Users\***\Desktop\Update Checker.lnk
[2013.02.03 02:23:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.02.03 02:17:12 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.02 23:50:55 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.29 18:40:36 | 000,001,133 | ---- | M] () -- C:\Users\***\Desktop\Pinball.lnk
[2013.01.28 12:20:46 | 000,005,849 | ---- | M] () -- C:\Users\***\Desktop\Fach.odt
[2013.01.24 18:09:21 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.01.23 15:30:45 | 000,001,124 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013.01.23 15:30:45 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.01.17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.01.13 21:26:44 | 000,030,710 | ---- | M] () -- C:\Users\***\Desktop\Studienjahresablaufplan_2012.pdf
[2013.01.13 18:17:04 | 000,451,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.13 17:53:19 | 000,871,321 | ---- | M] () -- C:\Users\***\Desktop\DSC00333.JPG
[2013.01.11 23:11:28 | 000,000,245 | ---- | M] () -- C:\Users\***\.swfinfo
[2013.01.11 18:53:33 | 000,229,537 | R--- | M] () -- C:\Users\***\Desktop\67301055551239_3f6200d9.pdf
[2013.01.10 23:06:09 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.10 23:06:09 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.06 17:50:33 | 000,003,497 | ---- | M] () -- C:\Users\***\Neues Profil.xml
 
========== Files Created - No Company Name ==========
 
[2013.02.04 19:30:09 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013.02.04 15:38:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.04 15:38:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.04 15:38:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.04 15:38:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.04 15:38:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.04 14:31:38 | 001,305,400 | ---- | C] () -- C:\Users\***\Desktop\Formelsammlung Physik.pdf
[2013.02.03 22:41:52 | 001,913,307 | ---- | C] () -- C:\Users\***\Desktop\IMG_20130203_154524.jpg
[2013.02.03 13:31:52 | 000,001,919 | ---- | C] () -- C:\Users\***\Desktop\Update Checker.lnk
[2013.02.02 23:50:55 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.02 19:24:06 | 000,001,071 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2013.01.29 18:40:36 | 000,001,133 | ---- | C] () -- C:\Users\***\Desktop\Pinball.lnk
[2013.01.28 12:20:41 | 000,005,849 | ---- | C] () -- C:\Users\***\Desktop\Fach.odt
[2013.01.24 18:09:21 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.01.24 18:09:21 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.01.23 15:30:45 | 000,001,124 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013.01.23 15:30:45 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.01.13 21:26:42 | 000,030,710 | ---- | C] () -- C:\Users\***\Desktop\Studienjahresablaufplan_2012.pdf
[2013.01.13 17:53:13 | 000,871,321 | ---- | C] () -- C:\Users\***\Desktop\DSC00333.JPG
[2013.01.11 23:11:28 | 000,000,245 | ---- | C] () -- C:\Users\***\.swfinfo
[2013.01.11 19:32:59 | 015,590,900 | ---- | C] () -- C:\Users\***\Desktop\Sony Ericsson J10 Elm Working Instructions v1.pdf
[2013.01.11 19:32:52 | 024,325,044 | ---- | C] () -- C:\Users\***\Desktop\Sony Ericsson J10 Elm Repair Movies v1.pdf
[2013.01.11 18:53:35 | 000,229,537 | R--- | C] () -- C:\Users\***\Desktop\67301055551239_3f6200d9.pdf
[2013.01.06 17:50:33 | 000,003,497 | ---- | C] () -- C:\Users\***\Neues Profil.xml
[2012.12.17 21:54:40 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2012.12.17 21:54:40 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2012.12.12 19:49:10 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.09.22 23:50:49 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.20 10:42:30 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.09.20 10:42:29 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012.09.20 10:42:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.09.18 20:02:41 | 000,684,916 | ---- | C] () -- C:\Windows\unins000.exe
[2012.09.18 20:02:41 | 000,012,451 | ---- | C] () -- C:\Windows\unins000.dat
[2012.09.14 22:23:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012.09.09 19:53:43 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012.09.09 18:04:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.09.09 18:03:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.03 10:09:13 | 000,694,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.09.03 10:09:13 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.09.03 10:09:13 | 000,147,802 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.09.03 10:09:13 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.17 02:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.08.12 11:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 14:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Vielen Dank für die Hilfe
__________________


Alt 04.02.2013, 22:18   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox hat hohe CPU-Auslastung - Standard

Firefox hat hohe CPU-Auslastung



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
__________________

Alt 05.02.2013, 16:24   #19
blumenwiese7
 
Firefox hat hohe CPU-Auslastung - Standard

Firefox hat hohe CPU-Auslastung



Danke, also es kam bei beiden nichts mehr raus!

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

04.02.2013 22:23:36
mbam-log-2013-02-04 (22-23-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203857
Laufzeit: 4 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 06.02.2013, 09:31   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox hat hohe CPU-Auslastung - Standard

Firefox hat hohe CPU-Auslastung



Bitte das Log von ESET noch posten

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Firefox hat hohe CPU-Auslastung
anderes, anzeige, anzeigen, aufrufe, community, cpu-auslastung, einfach, einzelne, einzelnen, firefox, hohe, merkwürdig, minimiert, natürlich, plötzlich, problem, prozesse, rechner, schonmal, schädliches, sinkt, steigt, systemwiederherstellung, systemwiederherstellung gemacht, taskmanager, taskmanger, verursacht



Ähnliche Themen: Firefox hat hohe CPU-Auslastung


  1. Firefox hat immer wieder eine Hohe CPU auslastung
    Log-Analyse und Auswertung - 14.11.2014 (3)
  2. Immer wieder mal hohe Auslastung durch explorer.exe, manchmal auch firefox
    Plagegeister aller Art und deren Bekämpfung - 11.07.2014 (3)
  3. Zu hohe CPU-Auslastung
    Log-Analyse und Auswertung - 04.08.2013 (43)
  4. Hohe CPU/Ram-Auslastung
    Alles rund um Windows - 17.11.2012 (5)
  5. Hohe CPU Auslastung!
    Log-Analyse und Auswertung - 22.04.2011 (6)
  6. hohe cpu auslastung
    Antiviren-, Firewall- und andere Schutzprogramme - 10.11.2010 (5)
  7. zu hohe CPU Auslastung
    Log-Analyse und Auswertung - 07.11.2010 (13)
  8. Hohe CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 11.11.2009 (2)
  9. Hohe CPU-Auslastung
    Log-Analyse und Auswertung - 09.09.2009 (20)
  10. FireFox Lags & dazu hohe CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 21.03.2009 (15)
  11. Hohe CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (1)
  12. hohe cpu auslastung
    Log-Analyse und Auswertung - 11.12.2008 (0)
  13. Firefox öffnet eigenständig, services.exe hat verursacht hohe Auslastung
    Log-Analyse und Auswertung - 16.10.2007 (1)
  14. Hohe Auslastung
    Log-Analyse und Auswertung - 26.12.2006 (5)
  15. Hohe CPU-Auslastung..Help!!!
    Log-Analyse und Auswertung - 12.12.2006 (3)
  16. Hohe CPU-Auslastung
    Log-Analyse und Auswertung - 22.05.2006 (1)
  17. cmd.exe und hohe cpu auslastung ?
    Plagegeister aller Art und deren Bekämpfung - 13.06.2004 (8)

Zum Thema Firefox hat hohe CPU-Auslastung - Eine neue Kontrolle mit OTL bitte: Doppelklick auf die OTL.exe Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen Setze oben mittig den Haken bei Scanne alle Benutzer - Firefox hat hohe CPU-Auslastung...
Archiv
Du betrachtest: Firefox hat hohe CPU-Auslastung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.