Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: e.ligatus.com

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.04.2013, 11:52   #1
duese91
 
e.ligatus.com - Standard

e.ligatus.com



Hi,

ich habe ein Problem, und zwar öffnete sich vorgestern Abend ständig in meinem Mozilla Firefox ein neuer Tab mit der Adresse: e. ligatus. com/LigatusFallback.gif?ids=34088. Da die Seite immer und immer wieder aufging, benutzte ich Google und sah, dass vor ca. 2 Wochen jemand das gleiche Problem auf eurem Board (http://www.trojaner-board.de/132879-...com-virus.html) postete und es sich wohl um einen Virus handelt. Also habe ich heute Morgen die http://www.trojaner-board.de/51187-a...i-malware.html durchgearbeitet und die logfiles erstellt.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 12.04.2013 09:41:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 61,96% Memory free
7,35 Gb Paging File | 5,48 Gb Available in Paging File | 74,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,54 Gb Total Space | 130,49 Gb Free Space | 19,04% Space Free | Partition Type: NTFS
 
Computer Name: DUESE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.11 12:08:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2013.03.27 23:53:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 23:53:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.27 23:53:17 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.01.07 12:03:32 | 000,446,648 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.12.27 18:58:42 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.09 11:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.04.30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
PRC - [2011.08.03 16:07:47 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.24 00:35:05 | 000,519,632 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.05.25 02:21:56 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.22 21:17:44 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll
MOD - [2013.03.22 21:17:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.02.01 12:50:02 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll
MOD - [2013.02.01 12:47:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013.02.01 12:47:13 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.02.01 12:47:02 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013.02.01 12:46:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\816e1f3b6d8812d4ae88c13e12192412\System.Xml.ni.dll
MOD - [2013.02.01 12:46:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.02.01 12:46:54 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.02.01 12:46:50 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2013.01.08 17:03:34 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
MOD - [2013.01.08 17:02:52 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.09.24 17:44:26 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PbkVista.dll
MOD - [2012.09.03 23:18:42 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012.07.26 11:51:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2012.04.30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012.04.04 14:33:24 | 000,139,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2010.09.19 01:32:18 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.25 02:16:18 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.01.11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.11 13:24:30 | 000,126,520 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.04.06 09:38:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.27 23:53:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 23:53:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.15 00:08:30 | 001,871,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2013.03.09 08:57:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.21 22:50:16 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.30 01:57:05 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.08.03 16:07:47 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.11 14:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.07 23:16:09 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013.03.27 23:53:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 23:53:28 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 23:53:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.24 00:25:38 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.03.24 00:25:14 | 000,094,864 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2007.08.29 16:56:50 | 000,139,264 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2)
DRV:64bit: - [2007.08.22 16:26:32 | 000,021,648 | ---- | M] (SRS Labs, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV:64bit: - [2007.07.13 12:45:24 | 000,172,928 | ---- | M] (OmniVision Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov530vx.sys -- (OM0530)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.vka.rwth-aachen.de/index.php?id=66"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.668.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.22 16:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.668.0\firefox\extensions [2011.04.25 23:09:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.20 17:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 08:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 08:24:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird2\components [2013.04.03 16:26:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird2\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.22 16:50:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 08:57:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 08:24:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird2\components [2013.04.03 16:26:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird2\plugins
 
[2010.10.14 22:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2013.02.14 14:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\pwfxskt4.default\extensions
[2012.02.08 21:15:30 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\pwfxskt4.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.15 18:12:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\pwfxskt4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 14:30:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\pwfxskt4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.09 08:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 08:57:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.21 11:03:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 20:14:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 11:03:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 11:03:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 11:03:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 11:03:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: Domain = kawo1.rwth-aachen.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A038630B-1ECF-4A60-B5F9-755AF369B7EC}: DhcpNameServer = 134.130.4.1 134.130.5.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0cf3ac62-ea33-11e1-91b6-60eb69562ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{0cf3ac62-ea33-11e1-91b6-60eb69562ce7}\Shell\AutoRun\command - "" = D:\SISetup.exe
O33 - MountPoints2\{0d3c2c3c-a1e8-11e2-b04c-4c0f6e75664a}\Shell - "" = AutoRun
O33 - MountPoints2\{0d3c2c3c-a1e8-11e2-b04c-4c0f6e75664a}\Shell\AutoRun\command - "" = D:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 12:08:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.04.10 17:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.04.10 17:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013.04.10 17:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013.04.07 23:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013.04.07 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.03 16:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird2
[2013.04.01 09:50:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\TU Ilmenau
[2013.04.01 09:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.31 11:17:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Finanzen
[2013.03.27 23:53:34 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 23:53:34 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 23:53:34 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.27 22:23:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Office Installation
[2013.03.27 18:21:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Benutzerdefinierte Office-Vorlagen
[2013.03.26 21:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013.03.26 21:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.03.26 21:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013.03.23 00:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.23 00:07:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Hochschulsport - Anmeldebestätigung-Dateien
[2013.03.22 12:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.22 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.22 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.22 12:05:49 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira
[2013.03.22 12:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.22 11:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.22 11:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.16 22:37:44 | 000,000,000 | ---D | C] -- C:\SWSetup
[2011.11.25 02:37:20 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Christian\AppData\Roaming\SetupGFD.exe
[2011.11.25 02:37:01 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Christian\AppData\Roaming\Imgburn.exe
[2011.11.25 02:36:54 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Christian\AppData\Roaming\Avisynth.exe
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 09:34:30 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.12 09:34:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.12 09:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 23:46:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.11 12:21:00 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2013.04.11 12:08:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2013.04.11 12:07:54 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2013.04.11 01:38:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 01:38:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 01:31:07 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.11 01:31:07 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.11 01:31:07 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.11 01:31:07 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.11 01:31:07 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.10 17:07:43 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.04.10 16:08:47 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.04.10 16:08:15 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.10 16:08:13 | 219,315,131 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.07 23:16:29 | 000,707,378 | ---- | M] () -- C:\Windows\SysNative\oem40.inf
[2013.04.07 23:16:09 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2013.04.03 21:53:39 | 000,503,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.27 23:53:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 23:53:28 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 23:53:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.26 21:55:39 | 001,804,512 | ---- | M] () -- C:\Windows\GABRIOLA.tt2
[2013.03.23 00:07:17 | 000,005,307 | ---- | M] () -- C:\Users\Christian\Documents\Hochschulsport - Anmeldebestätigung.htm
[2013.03.22 12:00:26 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.21 01:18:21 | 000,015,742 | ---- | M] () -- C:\Users\Christian\Documents\Stundenerfassung.ods
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.11 12:21:00 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2013.04.11 12:17:57 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2013.04.10 17:07:43 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.04.07 23:16:35 | 000,707,378 | ---- | C] () -- C:\Windows\SysNative\oem40.inf
[2013.04.07 23:16:15 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2013.04.06 09:38:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.26 21:56:49 | 001,804,512 | ---- | C] () -- C:\Windows\GABRIOLA.tt2
[2013.03.23 00:07:16 | 000,005,307 | ---- | C] () -- C:\Users\Christian\Documents\Hochschulsport - Anmeldebestätigung.htm
[2013.03.22 12:00:26 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.21 00:17:02 | 000,015,742 | ---- | C] () -- C:\Users\Christian\Documents\Stundenerfassung.ods
[2013.03.16 22:42:42 | 000,696,680 | ---- | C] () -- C:\Windows\SysNative\oem7.inf
[2013.03.10 22:05:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.01 14:36:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.02.20 16:57:54 | 000,008,192 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.04 16:43:11 | 000,000,173 | ---- | C] () -- C:\Users\Christian\AppData\Local\msmathematics.qat.Christian
[2012.09.05 19:29:07 | 000,017,408 | ---- | C] () -- C:\Users\Christian\AppData\Local\WebpageIcons.db
[2011.11.25 02:37:13 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Christian\AppData\Roaming\AvsP.exe
[2011.11.25 02:37:10 | 001,357,348 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\MatroskaSplitter.exe
[2011.11.25 02:37:08 | 000,117,723 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\yuvcodecs-1.3.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.03 16:07:51 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.03 16:07:47 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.08.03 16:07:47 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.11.15 15:54:50 | 000,000,218 | ---- | C] () -- C:\Users\Christian\.recently-used.xbel
[2010.10.20 20:27:50 | 000,007,602 | ---- | C] () -- C:\Users\Christian\AppData\Local\Resmon.ResmonCfg
[2010.07.02 13:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.20 15:32:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AnvSoft
[2011.11.15 00:06:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Auslogics
[2012.08.19 22:39:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Autodesk
[2013.03.12 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVM
[2011.11.14 23:46:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe Limited
[2011.04.25 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ClickPotatoLite
[2012.08.03 00:56:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Dropbox
[2013.02.20 17:48:26 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2013.02.20 17:45:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.15 00:42:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GlarySoft
[2013.04.11 23:59:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2010.10.21 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ImgBurn
[2010.11.10 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\inkscape
[2012.03.01 15:29:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2011.11.24 14:49:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LibreOffice
[2013.03.04 20:44:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Liteon
[2010.10.24 13:45:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2010.11.18 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PASCO
[2012.02.29 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PowerCinema
[2011.09.18 23:53:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy
[2013.04.07 23:16:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client
[2013.04.10 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify
[2011.09.09 11:25:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird
[2010.11.10 17:28:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP
[2013.02.05 08:29:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Xerox
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 12.04.2013 09:41:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 61,96% Memory free
7,35 Gb Paging File | 5,48 Gb Available in Paging File | 74,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,54 Gb Total Space | 130,49 Gb Free Space | 19,04% Space Free | Partition Type: NTFS
 
Computer Name: DUESE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B21E7E-4922-4D93-A4FB-C119CFF54C61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0590CBA2-AE1B-4080-A421-EB5349CFAF79}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0E30C3B1-4A22-43CD-B93D-D193838C4FFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E51B959-DF98-48C5-9F36-1F5B60F5132F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1476037C-6D3D-4CBA-A31A-F60FFDF995B4}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port | 
"{2046820B-7237-4B13-805A-A7593D01C56B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20BF8B0B-1D9B-4BD5-9A99-4823DE7B7A28}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2C58CF3C-39E3-435F-8CD5-E3D5D972F7B3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C1F34D9-8BCE-495F-9446-B1FE720B179E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D1404F0-5EE9-4299-8ECF-DBAD327B1F95}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{45FCD671-21A8-4723-B1E5-E8C6C15E186C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{73A472CA-3D72-4944-8299-10C4568D2611}" = rport=139 | protocol=6 | dir=out | app=system | 
"{772258E3-4A29-4677-9357-0DC9FD8E642D}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port | 
"{81E7EF9C-D88C-4E70-B6BE-DA4F3F377E24}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{86A17A5E-A3E7-4BB7-B26B-19750E0D3198}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8A4D2944-9DDB-4A19-BAC7-8D98B77BBFA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E38EC48-9CC7-471A-A1BC-79D173A1386D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9FA847C9-9002-4B3A-8E8B-8E59A24EC774}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A2348B8A-94CC-4944-88B4-B7EBADC7B981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4683FAF-E079-44BC-9E96-0B83258BE00E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A6FC6230-0B3A-407D-B6C1-B75F44A5B90A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A9D51A70-E196-48AC-8805-D9B4588676E6}" = lport=54594 | protocol=6 | dir=in | name=akamai netsession interface | 
"{AE9ACDC6-3D5F-4828-9A81-B81155BFF80F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF596069-1DD7-4689-B2BC-B97EFB00F086}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port | 
"{C2EE0042-9120-4E63-831A-61C656CEAA8F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{CBABC41A-4C43-4AE1-8DB1-C08FD247C77C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CDEABB76-7BC8-45CD-82CC-07866B72BBA4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{D25DD16D-5117-4301-B6BE-1554924E9C76}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D79A6FF0-1004-45BB-9450-A51A22116638}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DF4E4CC8-DF70-4531-9374-A384C8FF3856}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F38D3AEB-0BCA-4CD1-8595-FB6B04CF56B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F962A63E-5ACA-4875-A57E-79606E8318B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0143E9F6-0271-4138-89F6-F3C24F806AA9}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{0378D8AE-285E-4E0C-873B-EBAB577806EE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe | 
"{0880F774-EF16-4CB5-A803-345D10F1E1FB}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe | 
"{15E643AB-9FFB-42C9-90CC-C5FBF4E9CF70}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | 
"{1AED2ECE-4E3D-4511-9294-0C5F8F152A0E}" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1C0E61A2-1BF6-4B69-865F-B8FF8D76AD5A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{1CE608C2-B1C3-4F23-A5E0-823D890CAA08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{1D87B760-F879-43FA-96B7-66CCC914CF11}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | 
"{1E973475-5CF7-41D2-B845-A23A7ECC0071}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{1F065372-6902-4409-9A6B-54A434812E02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{1F264316-378C-4E12-9EE1-3181F1CA1638}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2B788F59-7C1E-4160-99DD-6B8225366F28}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{2C4261C5-7261-4341-977E-BA3207C3F96C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{2CA550AE-9B92-4C35-82B8-5D96914721A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2ECEEB30-05D2-4CB9-BC8B-F0C5B3126FC4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{35E9D0F6-44A0-49E6-AA73-699891ABCFB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{39E18D43-EB44-41D0-8BA4-C8B379B348C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{3C941A51-57DE-4D19-8500-EE6DEDF8413D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4A5FDB3F-74E2-45EC-A64F-4326606999ED}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"{4D9318AE-AFEC-4391-8FCB-FD7ADB633D64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{53DC6F04-6BE3-4F78-94BA-1ED36B5A1D16}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\cf_downloader.exe | 
"{54B504F8-6D78-4433-BC13-926B46EF7F64}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | 
"{56456AB5-1413-4B7C-97CE-C51829011A19}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{58BB93C8-713E-47DC-A3CA-0502F3DA90AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{59D9FF9A-674D-4C01-B660-2B4AC35C5D1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5BDBAA29-E46C-4744-9DEE-1CF5BF745A53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{5CF483E3-EF12-44F9-B86B-A768E5737A05}" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5CF85BDB-B2C7-40F2-96BD-9FAB3912D530}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{601A6E61-D617-411E-A9AC-CDF9471E436F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6381C635-E344-4A36-90EB-3DE36223A13B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{64F3F431-2F4E-4C54-B3A1-024D363434B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{68361DDB-23B7-44F5-B04F-6EE6C76925E5}" = dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe | 
"{68B0B8B6-278C-4B4E-B964-1BBB0535A0E4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{6DBF370F-31FE-4711-AE64-B1BAF4F1474B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{70197BB6-6291-4E57-9792-F9D8711EE2ED}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe | 
"{716DDE0A-63AF-4E4E-805A-D27D2A991EE3}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe | 
"{717732BE-841E-407D-BC5E-47424B86952E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72EBF6EF-7799-4C52-ADC2-26C3F15E0039}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{7701C7BC-5638-454E-9837-00EBA7BA6234}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7F6A2B7C-2A8B-4C57-83C4-D8FF9DD21808}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{85ACD477-AE0D-4033-9795-D914646B3A5A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{87ECE0BB-B47D-4F89-B70A-C0013AE96DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{883E400D-5A15-423D-B442-06D98D9EAA82}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe | 
"{889A4A91-253A-414E-9B5F-5AC3BF538F93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A507BCA-1E13-429B-8B70-608F680B05DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{90EC54A8-0216-47F3-90AA-4EDD4054B32E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{94C36C36-3571-46A2-9B52-1BA5D36A9313}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\cf_downloader.exe | 
"{9858CC88-BD42-4404-A0AD-8B07CB5D9407}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe | 
"{9A4B0A09-E7CB-45C4-BA48-53E9BFA0D90D}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"{9B774277-0008-44E4-B825-1EE523F3744A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{9FC66301-3F07-4A24-BC58-5610D062CA32}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe | 
"{A591EDC3-B69D-4288-B26D-0AA0C19F6A28}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A5DA9484-DC95-4E40-968A-5F79D8F0388F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{A6737B58-9871-4441-A8F7-E7DE23EADE20}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{A9E2B9DE-EBA8-4BE4-A952-0A03104F6D16}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{AA17A602-B006-488B-86EB-F3FD4B21DFBC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{AB7DEDCE-824A-412D-B27B-917D663289FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ADE411BA-8D65-4D59-A86F-91060FAE8DB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{B10DEBE3-B4FB-41BB-A84B-7E0D7EAF6FFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B51C76AC-C85A-473F-AEC5-FDBEC1F41739}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\7zs508e\easyinst64.exe | 
"{BAA9841E-2997-4D17-9BAD-31A109325844}" = dir=in | app=d:\setup\hpznui40.exe | 
"{BD372510-DB8B-4C1E-9A97-E0C1E7B0C7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{C2095126-2EDF-4B5C-A3F6-28F1BE59B6DF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C35BC5FB-31F0-4D5D-AAFA-05F35E3A9616}" = protocol=6 | dir=out | app=system | 
"{C492FD03-F47D-44D5-B034-6305BC737D14}" = dir=in | app=%programfiles% (x86)\videolan\vlc\vlc.exe | 
"{C8454323-0EFA-40AB-814D-FCBBD5F7A4DC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{C94F1C4B-EF28-4776-BDCB-9E275271FA3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CA3881E0-4581-45D7-8E86-AD0CF6184823}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{CEA6F53B-7419-4F87-B504-8A3EACE39D05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D2A53FBC-63E6-4D73-82B6-D3AFF958954F}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\7zs508e\easyinst64.exe | 
"{D302088F-3482-4F26-85D5-AAA366558AA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D41AB6D8-A11D-4B25-92ED-34D75C3A15AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D566994E-8A71-4640-8385-7D1ECD77A713}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{D77D4716-808A-4707-B88F-1C92E5A2BB34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D7E92FEC-C8E2-4912-A337-D75E1BDEE0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{D9BA372D-ACF4-400D-9650-820A5886B166}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{D9DEC332-948A-4DCF-9F29-4D4208FAFF85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{E480B816-3D56-4CBE-8655-3B3789E40315}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E5662360-4593-4A6D-8EC3-8BBC204DF70E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{E7F7FC98-DC47-4936-A48C-B69AE887C695}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{E8E31A9C-CD58-4F86-ABCA-1A4C3A24E380}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBC5F7C8-95B2-45CF-9788-3FD15F22D064}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{F1188481-578D-478D-B437-785C0C25DC14}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe | 
"{F1BCD143-F8B0-4E6E-B844-C61D51D3B654}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F27717A8-8A0D-4938-B4B7-16B7818508F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{F34959A3-E621-498F-8983-7DFC4FCECEDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6AC09BD-7BF8-456A-85DA-5BC33469FC7E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F832ED20-4049-49E8-BF63-889FEDB2B149}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{F953DDE5-8343-4F7C-9F26-0394CB7CF7DA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{FCCEAD95-BFF7-4DF3-B5FC-DC8101093E0F}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"TCP Query User{139FAE8C-9F6E-47B3-BF5E-FE1CBD1FD159}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{2B154E3B-8D45-4DB9-A26B-612A5E603F62}C:\program files (x86)\videolan\vlc1.1.4\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc1.1.4\vlc.exe | 
"TCP Query User{38FD4632-F889-4345-92A0-A64427E335F2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{4F7E4DF4-8D56-4EB7-86B3-CB629CE38248}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{6AE512CC-212D-4AFA-9A32-45D3D1953831}C:\users\christian\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{707D0775-3934-4D42-B378-FFE24E8477F9}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{7E396AF9-8EB6-45BB-A37C-DC3F3777103D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{7F9CE826-E7B4-4F08-924B-2BD65FFD2EDA}C:\program files (x86)\videolan\vlc1.1.4\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc1.1.4\vlc.exe | 
"TCP Query User{952AA632-900F-4DED-AFC9-48340A89C61E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{9AAC8745-6CFB-4FFC-94B7-E544039E37EC}C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hercules\webcam station evolution se\stationevse.exe | 
"TCP Query User{A67FE5CC-7F81-447F-B55C-0200F2A414F2}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{CB73223B-2949-4F61-BE64-DA69A78DED9F}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{EEC169DB-0641-4FB9-A32D-F21F71273D1F}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"TCP Query User{F65CA51B-030E-469A-BF06-3619DBFF30D9}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"TCP Query User{FF9DF8C1-026D-401E-ABB5-8B62AF7AFD4E}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"UDP Query User{07C12A38-4E84-418C-A35F-E49E7E846E19}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0C6AEE0E-76D6-4931-840C-C8607F5B43A0}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"UDP Query User{1679A22F-9D64-4057-932F-2E973A365E51}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{3C65314D-3567-43B8-A090-FF68D1B73B55}C:\users\christian\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{685AB127-7F47-498E-BDB1-E92CE25D0134}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{6F0A4E23-9A34-447F-88F0-49D821D58938}C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hercules\webcam station evolution se\stationevse.exe | 
"UDP Query User{788C8009-2F9C-4B44-B339-B3414D0C5B79}C:\program files (x86)\videolan\vlc1.1.4\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc1.1.4\vlc.exe | 
"UDP Query User{916AFE6F-BFB9-48DE-9B52-0E4D27993464}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{AEC56E5B-FE38-43EE-8DC0-5F18C861891B}C:\program files (x86)\videolan\vlc1.1.4\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc1.1.4\vlc.exe | 
"UDP Query User{BB6D8B1B-10B2-4724-A17F-207742ABE68A}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"UDP Query User{BD3344B1-3D2B-4BBD-B327-77824BCAA1EF}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{C4417805-A3BE-41C0-8CA4-BC74198A36AF}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"UDP Query User{D2E3F702-5C1A-4B69-9017-75A7E0FDA65E}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D450E1BA-28E2-4671-98EE-FE2C150C1940}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{E031CA2F-3C3F-49C5-8AC7-CCB6D1F3D689}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6982BB9D-D9F0-4134-BBC4-5F8E17CABB82}" = RT 7 Lite x64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981D96C5-41F7-43DB-90AA-F781BBD302B9}" = HP Officejet 4620 series - Grundlegende Software für das Gerät
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{5B1F04DA-0F27-45B7-96F2-37190D5E11AE}" = Cisco AnyConnect Secure Mobility Client
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5F0EE12C-44B1-4FCB-87E3-4686C888774A}" = Hercules Classic Webcam Drivers
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Webcam Deluxe
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{EFADD989-D9F2-49F6-A280-675951CC78D3}" = FRITZ!Box-Fernzugang einrichten
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"7-Zip" = 7-Zip 9.15 beta
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.22.128
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"GFWL_{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"Glary Utilities_is1" = Glary Utilities 2.39.0.1310
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PunkBusterSvc" = PunkBuster Services
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 218" = Source SDK Base 2007
"Super Mario: Blue Twilight DX (v1.04.1)" = Super Mario: Blue Twilight DX (v1.04.1)
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"pdfsam" = pdfsam
"RT 7 Lite x64" = RT 7 Lite (64-Bit)
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.01.2013 13:14:48 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm shift.exe, Version 1.0.0.0 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 24e4    Startzeit:
 01cdf8c0a30ce40d    Endzeit: 57    Anwendungspfad: C:\Program Files (x86)\Electronic Arts\Need
 for Speed SHIFT\shift.exe    Berichts-ID:   
 
Error - 23.01.2013 14:55:55 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.4.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 191c    Startzeit:
 01cdf99b3dac1df4    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Berichts-ID:
 8217dd84-658e-11e2-a3f3-60eb69562ce7  
 
Error - 24.01.2013 22:02:29 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.4.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 52c    Startzeit: 
01cdfa9fdc95f2f5    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Berichts-ID:
 4376d0ce-6693-11e2-a3f3-60eb69562ce7  
 
Error - 24.01.2013 22:07:06 | Computer Name = duese | Source = VSS | ID = 12310
Description = 
 
Error - 27.01.2013 05:37:44 | Computer Name = duese | Source = CVHSVC | ID = 100
Description = 
 
Error - 27.01.2013 15:09:39 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.7.0.6547 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1d4    Startzeit: 
01cdfae98b3f7994    Endzeit: 74    Anwendungspfad: C:\Program Files (x86)\ICQ7.7\ICQ.exe

Berichts-ID:
 16bbb776-68b5-11e2-b5ff-60eb69562ce7  
 
Error - 30.01.2013 02:52:07 | Computer Name = duese | Source = CVHSVC | ID = 100
Description = 
 
Error - 01.02.2013 02:01:15 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16f4    Startzeit:
 01cdffaaa69e7d4f    Endzeit: 955    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 c08cccb3-6c34-11e2-9c01-60eb69562ce7  
 
Error - 01.02.2013 02:04:03 | Computer Name = duese | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.4.0, Zeitstempel:
 0x4c76f9fe  Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.4.0, Zeitstempel:
 0x4c76f9fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001749  ID des fehlerhaften Prozesses:
 0x1904  Startzeit der fehlerhaften Anwendung: 0x01ce0041e6f349d5  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC1.1.4\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\VideoLAN\VLC1.1.4\vlc.exe  Berichtskennung: 2d39dc51-6c35-11e2-9c01-60eb69562ce7
 
Error - 02.02.2013 10:26:35 | Computer Name = duese | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be07e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000003c880
ID
 des fehlerhaften Prozesses: 0x74  Startzeit der fehlerhaften Anwendung: 0x01ce00688cbc9db3
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 8beae67c-6d44-11e2-91eb-60eb69562ce7
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 11.04.2013 12:04:07 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8453 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:07 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4719
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:07 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:07 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8453 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4719
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
[ System Events ]
Error - 11.04.2013 12:00:51 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst wlidsvc erreicht.
 
Error - 11.04.2013 17:32:35 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 11.04.2013 17:33:05 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 11.04.2013 17:33:11 | Computer Name = duese | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 11.04.2013 17:33:35 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 11.04.2013 17:33:42 | Computer Name = duese | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 11.04.2013 17:34:05 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 11.04.2013 17:34:35 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 11.04.2013 17:35:05 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 11.04.2013 17:35:16 | Computer Name = duese | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >
         
Da es sonst zu lang wird, folgt Gmer.txt in einem weiterem Post.

Ich hoffe Ihr könnt auch mir weiterhelfen

Viele Grüße und Danke

Christian

Alt 12.04.2013, 11:54   #2
duese91
 
e.ligatus.com - Standard

e.ligatus.com



Hier nun noch Gmer.txt:


Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 11:22:16
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgldapoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075201465 2 bytes [20, 75]
.text   C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752014bb 2 bytes [20, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000075201465 2 bytes [20, 75]
.text   C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000752014bb 2 bytes [20, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                         00000000726b1a22 2 bytes [6B, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                         00000000726b1ad0 2 bytes [6B, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                         00000000726b1b08 2 bytes [6B, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                         00000000726b1bba 2 bytes [6B, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                         00000000726b1bda 2 bytes [6B, 72]
.text   C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075201465 2 bytes [20, 75]
.text   C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000752014bb 2 bytes [20, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000075201465 2 bytes [20, 75]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155   00000000752014bb 2 bytes [20, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Program Files (x86)\Launch Manager\LManager.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075201465 2 bytes [20, 75]
.text   C:\Program Files (x86)\Launch Manager\LManager.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000752014bb 2 bytes [20, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075201465 2 bytes [20, 75]
.text   C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000752014bb 2 bytes [20, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Windows\SysWOW64\RunDll32.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000075201465 2 bytes [20, 75]
.text   C:\Windows\SysWOW64\RunDll32.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000752014bb 2 bytes [20, 75]
.text   ...                                                                                                                                             * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:3760]                                                                          0000000077413e59
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:3768]                                                                          00000000750e7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:3808]                                                                          0000000071310cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:3844]                                                                          0000000077412e3e
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:4604]                                                                          0000000077413e59
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:5372]                                                                          0000000077413e59
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:5796]                                                                          0000000077417129
Thread  C:\Windows\SysWOW64\ntdll.dll [4656:4660]                                                                                                       0000000001003fe1
Thread  C:\Windows\SysWOW64\ntdll.dll [4656:4992]                                                                                                       000000006a768c3c
Thread  C:\Windows\SysWOW64\ntdll.dll [4656:4996]                                                                                                       000000006a768f11
Thread  C:\Windows\SysWOW64\ntdll.dll [4656:5000]                                                                                                       000000006a76882e
Thread  C:\Windows\SysWOW64\ntdll.dll [4656:5004]                                                                                                       000000006e777861

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbf2a365                                                                     
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbf2a365 (not active ControlSet)                                                 

---- Files - GMER 2.1 ----

File    C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_524b9cbaffaceb20                               0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_524b9cbaffaceb20\glu32.dll.mui                 5632 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8                                          0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8\glu32.dll                                165376 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8\opengl32.dll                             1039872 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d                            0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\audiodepthconverter.ax     50688 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\directshowtap.ax           61440 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\fieldswitch.ax             41472 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\offset.ax                  43008 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\OMD-API-ppdlic.xrm-ms      2987 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\OmdBase.dll                14967808 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\OmdProject.dll             4400640 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\rtstreamsink.ax            78848 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\rtstreamsource.ax          52736 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\soniccolorconverter.ax     79360 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\sonicsptransform.ax        51712 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa                                0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa\OptionalFeatures.exe           97792 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f5a37599ba370001                         0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f5a37599ba370001\hidphone.tsp.mui        3584 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f5a37599ba370001\tcmsetup.exe.mui        6656 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d                                    0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d\hidphone.tsp                       38912 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d\tcmsetup.exe                       15360 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe                          5511248 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe                          5475712 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe                          5562240 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe                          5561728 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561                          0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\cero.rs                  55296 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\csrr.rs                  7680 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\esrb.rs                  51712 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\grb.rs                   16896 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\oflc.rs                  23552 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\pegi-fi.rs               20480 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\pegi-pt.rs               20480 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\pegi.rs                  37376 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\pegibbfc.rs              53760 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\usk.rs                   31232 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-policy-definitions_31bf3856ad364e35_6.1.7600.16385_none_0d613e3ee80c0882                          0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-p..-policy-definitions_31bf3856ad364e35_6.1.7600.16385_none_0d613e3ee80c0882\PowerMigPlugin.dll       111104 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe                          5509008 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe                          5507968 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe                          5510528 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe                          5509504 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2                                       0 bytes
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2\ntoskrnl.exe                          5507968 bytes executable
File    C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_c8730eb3cd997710                                       0 bytes

---- EOF - GMER 2.1 ----
         
Guten Abend,

ich habe eben gesehen, dass ich heute Vormittag einen falschen Link eingestellt habe, ich habe nicht die "Anleitung: Malwarebytes Anti-Malware " durchgearbeitet, sondern lediglich die http://www.trojaner-board.de/69886-a...beachten.html.
Das tud mir wirklich leid, da hatte ich wohl noch einen falschen Link in der Zwischenablage.

Viele Grüße

Christian
__________________


Alt 22.04.2013, 18:21   #3
t'john
/// Helfer-Team
 
e.ligatus.com - Standard

e.ligatus.com





Leider hast du mit deiner Antwort das Thema vergraben.

Besteht das Problem immer noch?
__________________
__________________

Alt 22.04.2013, 22:16   #4
duese91
 
e.ligatus.com - Standard

e.ligatus.com



Hallo t'john,

ja so etwas in der Art hatte ich mir schon fast gedacht....
Also, da ich nichts gehört hatte, bin ich hergegangen und habe meine eigenen Dokumente und wichtigen Daten auf eine externe Festplatte kopiert. Dann habe ich Windows neu aufgesetzt und im Anschluss auf meine zweite Festplatte ein Backup des frischen Systems gemacht. Danach habe ich spaßeshalber mal meinen Virenscanner über die Externe Festplatte laufen lassen. Dort hat er in einer alten Sicherung eines anderen PC's meines Vaters Malware/Trojaner gefunden. Das habe ich natürlich meinem Vater erzählt, der erzählte mir dann am Tag darauf, dass er unter Knoppix auf die Festplatte ist und den infizierten Ordner gelöscht hat. Ob das allerdings so schlau war weiß ich nicht. Ich würde jetzt gerne irgendwie überprüfen ob meine beiden Festplatten sauber sind, da sich dort fast alle Urlaubs Bilder und Videos liegen und ich diese nicht formatieren möchte. Könnt ihr mir helfen das alles zu checken? Momentan findet mein Virenscanner (Sophos) nichts mehr auf den Festplatten ob sie wirklich clean sind weiß ich leider nicht, denn den Ligatus hatte mein Virenscanner (damals noch Avira) leider auch nicht gefunden.

Liebe Grüße
Christian

Alt 23.04.2013, 11:49   #5
t'john
/// Helfer-Team
 
e.ligatus.com - Standard

e.ligatus.com



ok:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

__________________
Mfg, t'john
Das TB unterstützen

Alt 28.04.2013, 16:05   #6
duese91
 
e.ligatus.com - Standard

e.ligatus.com



Hi,

ich hatte diese Woche viel zu tun und bin erst jetzt dazu gekommen Malwarebytes drüber laufen zu lassen.
Es wurden keine Infizierten Dateien gefunden:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
duese :: DUESE-PC [Administrator]

Schutz: Aktiviert

28.04.2013 14:39:23
mbam-log-2013-04-28 (14-39-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382910
Laufzeit: 1 Stunde(n), 10 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Hier die OTL.txt

Code:
ATTFilter
OTL logfile created on: 28.04.2013 15:54:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\duese\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 26,79% Memory free
7,36 Gb Paging File | 3,87 Gb Available in Paging File | 52,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,54 Gb Total Space | 648,58 Gb Free Space | 94,61% Space Free | Partition Type: NTFS
Drive D: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 585,94 Gb Total Space | 89,08 Gb Free Space | 15,20% Space Free | Partition Type: NTFS
Drive F: | 112,64 Gb Total Space | 112,64 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive G: | 931,51 Gb Total Space | 0,98 Gb Free Space | 0,11% Space Free | Partition Type: NTFS
 
Computer Name: DUESE-PC | User Name: duese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\duese\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (Sophos Client Firewall Manager) -- C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Limited)
SRV - (Sophos Client Firewall) -- C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Sophos Limited)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (scfdriver) -- C:\Windows\SysNative\drivers\scfdriver.sys (Sophos Limited)
DRV:64bit: - (scfndis) -- C:\Windows\SysNative\drivers\scfndis.sys (Sophos Limited)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 4E F4 5F 35 3A CE 01  [binary data]
IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 02:36:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.04.16 02:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duese\AppData\Roaming\mozilla\Extensions
[2013.04.16 08:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duese\AppData\Roaming\mozilla\Firefox\Profiles\s8uc6yol.default\extensions
[2013.04.16 08:08:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\duese\AppData\Roaming\mozilla\firefox\profiles\s8uc6yol.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.16 02:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.130.180.5 134.130.5.1 134.130.4.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C660D14D-3B6A-47B2-AEBC-C228CCD87723}: DhcpNameServer = 134.130.180.5 134.130.5.1 134.130.4.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEF40241-9940-4F69-B1D0-957279F9044E}: DhcpNameServer = 172.23.23.22
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.06.17 10:50:18 | 000,000,054 | R--- | M] () - D:\autorun.bat -- [ CDFS ]
O32 - AutoRun File - [2003.02.23 05:23:19 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004.05.01 22:35:55 | 000,000,967 | R--- | M] () - D:\autorun.pif -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.28 15:52:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\duese\Desktop\OTL.exe
[2013.04.28 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Malwarebytes
[2013.04.28 14:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.28 14:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.28 14:01:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.28 14:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.28 14:01:02 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Programs
[2013.04.28 12:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2013.04.28 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\ICQ
[2013.04.28 12:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2013.04.28 12:11:56 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\ICQ-Profile
[2013.04.26 16:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.04.26 15:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.04.26 11:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013.04.26 11:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.04.26 11:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.04.26 11:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013.04.26 11:03:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.26 10:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office 15
[2013.04.26 10:54:43 | 000,000,000 | ---D | C] -- C:\Users\duese\Local Settings
[2013.04.25 16:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.24 22:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.22 23:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.22 23:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.22 23:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.04.22 08:51:04 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\ElevatedDiagnostics
[2013.04.18 17:28:24 | 000,000,000 | ---D | C] -- C:\Users\duese\Documents\Bafög
[2013.04.17 21:33:30 | 000,000,000 | ---D | C] -- C:\OkiDriver
[2013.04.17 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Macromedia
[2013.04.17 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Macromedia
[2013.04.17 18:07:44 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.17 18:07:44 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.17 18:07:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.04.17 18:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.04.17 06:18:44 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\ImgBurn
[2013.04.17 05:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013.04.17 05:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013.04.17 05:44:05 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013.04.17 05:44:05 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013.04.17 05:44:01 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013.04.17 05:44:01 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013.04.17 05:44:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2013.04.17 05:44:01 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013.04.17 05:44:00 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.04.17 05:44:00 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013.04.17 05:44:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2013.04.16 22:09:16 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\vlc
[2013.04.16 22:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.04.16 21:20:53 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Sophos
[2013.04.16 20:16:05 | 000,000,000 | ---D | C] -- C:\Users\duese\Documents\Kalender
[2013.04.16 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Adobe
[2013.04.16 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Adobe
[2013.04.16 16:28:38 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.04.16 16:28:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.04.16 16:22:55 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.04.16 16:21:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.16 16:21:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.16 16:21:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.04.16 16:21:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.16 16:21:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.16 16:21:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.16 16:21:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.16 16:21:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.16 16:21:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.16 16:21:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.16 16:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.16 16:21:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.16 16:21:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.16 16:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.16 16:21:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.16 16:21:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.16 16:21:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.16 16:21:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.16 16:21:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.16 16:21:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.16 16:21:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.04.16 16:21:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.16 16:21:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.16 16:21:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.16 16:21:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.16 16:21:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.16 16:21:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.16 16:21:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.04.16 16:21:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.04.16 16:21:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.16 16:21:20 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.16 16:21:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.04.16 16:21:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.16 16:21:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.16 16:21:19 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.04.16 16:21:19 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.16 16:21:19 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.16 16:21:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.16 16:21:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.04.16 16:21:19 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.04.16 16:21:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.16 16:21:19 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.16 16:21:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.16 16:21:19 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.04.16 16:21:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.16 16:21:19 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.16 16:21:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.16 16:21:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.16 16:21:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.16 16:21:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.16 16:21:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.16 16:21:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.16 16:21:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.16 16:21:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.16 16:21:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.16 16:21:18 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.16 16:21:18 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.16 16:21:18 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.16 16:21:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.16 16:21:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.16 16:21:18 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.16 16:21:18 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.16 16:21:18 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.16 16:21:18 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.16 16:21:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.16 16:21:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.16 16:21:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.16 16:21:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.16 16:21:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.16 16:21:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.16 16:21:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.16 16:21:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.16 16:14:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.04.16 16:14:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.04.16 16:14:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.04.16 16:13:59 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.04.16 16:13:59 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.04.16 16:13:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.04.16 16:12:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.04.16 16:12:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.04.16 16:12:48 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.04.16 16:12:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.04.16 16:10:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.04.16 16:10:01 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013.04.16 12:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013.04.16 12:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer
[2013.04.16 12:08:11 | 000,000,000 | ---D | C] -- C:\OEM
[2013.04.16 12:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2013.04.16 12:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM
[2013.04.16 12:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2013.04.16 11:46:32 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Intel Corporation
[2013.04.16 11:44:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.04.16 11:43:49 | 000,538,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2013.04.16 11:41:58 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Broadcom
[2013.04.16 11:41:58 | 000,000,000 | ---D | C] -- C:\Users\duese\Documents\Bluetooth-Exchange-Ordner
[2013.04.16 11:40:22 | 000,342,056 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys
[2013.04.16 11:40:21 | 000,135,720 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2013.04.16 11:40:21 | 000,039,464 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2013.04.16 11:40:21 | 000,021,544 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2013.04.16 11:40:20 | 000,102,952 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2013.04.16 11:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2013.04.16 11:36:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.04.16 11:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.04.16 11:36:13 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.04.16 11:36:13 | 001,958,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.04.16 11:36:13 | 001,146,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.04.16 11:36:13 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.04.16 11:36:13 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.04.16 11:36:13 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.04.16 11:36:13 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.04.16 11:36:12 | 002,607,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.04.16 11:36:12 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.04.16 11:36:12 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.04.16 11:36:12 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.04.16 11:36:12 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.04.16 11:36:12 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.04.16 11:36:12 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.04.16 11:36:12 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.04.16 11:36:11 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.04.16 11:36:11 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.04.16 11:36:11 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.04.16 11:36:11 | 000,070,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2013.04.16 11:36:10 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.04.16 11:36:10 | 000,332,192 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.04.16 11:36:10 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.04.16 11:36:09 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.04.16 11:36:09 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.04.16 11:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.04.16 11:36:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.04.16 11:36:06 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.04.16 11:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.16 11:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2013.04.16 11:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun
[2013.04.16 11:27:53 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.04.16 11:21:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfc42loc.dll
[2013.04.16 11:20:20 | 003,552,768 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2013.04.16 11:20:20 | 002,978,296 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2013.04.16 11:20:20 | 002,978,296 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwl664.sys
[2013.04.16 11:20:20 | 002,661,368 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwl6.sys
[2013.04.16 11:20:20 | 000,095,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi64.dll
[2013.04.16 11:20:20 | 000,095,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2013.04.16 11:20:20 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devIA64.exe
[2013.04.16 11:20:20 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devAMD64.exe
[2013.04.16 11:20:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devcon.exe
[2013.04.16 11:20:19 | 003,888,128 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2013.04.16 11:20:19 | 003,862,528 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv.dll
[2013.04.16 11:20:19 | 003,551,232 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui.dll
[2013.04.16 11:20:19 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013.04.16 11:20:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.04.16 11:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Broadcom
[2013.04.16 11:19:44 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\InstallShield
[2013.04.16 11:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.04.16 11:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.04.16 11:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.04.16 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.04.16 10:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.04.16 08:27:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2013.04.16 08:27:25 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.04.16 08:27:25 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.04.16 08:27:23 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2013.04.16 08:27:23 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2013.04.16 08:27:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2013.04.16 08:27:22 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2013.04.16 08:27:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2013.04.16 08:27:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2013.04.16 08:27:22 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2013.04.16 08:27:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2013.04.16 08:27:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2013.04.16 08:27:20 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.04.16 08:27:16 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.04.16 08:27:16 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.04.16 08:26:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.04.16 08:26:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.04.16 08:26:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.04.16 08:26:40 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.16 08:26:39 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.16 08:26:39 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.16 08:26:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.16 08:26:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.16 08:26:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.16 08:26:32 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.04.16 08:26:32 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013.04.16 08:26:14 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2013.04.16 08:26:13 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2013.04.16 08:26:13 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2013.04.16 08:26:13 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2013.04.16 08:26:12 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2013.04.16 08:26:12 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2013.04.16 08:26:09 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2013.04.16 08:26:09 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2013.04.16 08:26:09 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.04.16 08:26:09 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.04.16 08:26:05 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2013.04.16 08:26:03 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.04.16 08:26:03 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.04.16 08:26:02 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.04.16 08:26:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.04.16 08:26:01 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.04.16 08:26:01 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.04.16 08:26:01 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.04.16 08:26:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.04.16 08:26:01 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.04.16 08:26:00 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.04.16 08:26:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013.04.16 08:26:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.04.16 08:26:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013.04.16 08:25:56 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013.04.16 08:25:56 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013.04.16 08:25:54 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013.04.16 08:25:54 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013.04.16 08:25:45 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2013.04.16 08:25:45 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2013.04.16 08:25:45 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2013.04.16 08:25:44 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2013.04.16 08:25:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.04.16 08:25:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.04.16 08:25:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.04.16 08:25:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.04.16 08:25:33 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.04.16 08:25:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.04.16 08:25:32 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.04.16 08:25:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.04.16 08:25:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013.04.16 08:25:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013.04.16 08:25:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013.04.16 08:25:27 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2013.04.16 08:25:25 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.04.16 08:25:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.04.16 08:25:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.04.16 08:25:24 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.04.16 08:25:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.04.16 08:25:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.04.16 08:25:18 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.04.16 08:25:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.04.16 08:24:45 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013.04.16 08:24:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2013.04.16 08:24:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013.04.16 08:24:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.04.16 08:24:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.04.16 08:24:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.04.16 08:24:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.04.16 08:24:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.04.16 08:24:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.04.16 08:24:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.04.16 08:24:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.04.16 08:24:33 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.04.16 08:23:53 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.04.16 08:23:51 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.04.16 08:23:51 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.04.16 08:23:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.04.16 08:23:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.04.16 08:23:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.04.16 08:23:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.04.16 08:23:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.04.16 08:23:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.04.16 08:23:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.04.16 08:23:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.04.16 08:23:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.04.16 08:23:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.04.16 08:23:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.04.16 08:23:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.04.16 08:23:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.04.16 08:23:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.04.16 08:23:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.04.16 08:23:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.04.16 08:23:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.04.16 08:23:45 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.04.16 08:23:45 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.04.16 08:23:45 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.04.16 08:23:45 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.04.16 08:23:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.04.16 08:23:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.04.16 08:23:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.04.16 08:23:43 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.04.16 08:23:43 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.04.16 08:23:43 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.04.16 08:23:43 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.04.16 08:23:43 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.04.16 08:23:43 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.04.16 08:23:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.04.16 08:23:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.04.16 08:23:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2013.04.16 08:23:26 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2013.04.16 08:23:26 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2013.04.16 08:23:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2013.04.16 08:22:36 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.04.16 08:22:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.04.16 08:22:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.04.16 08:22:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.04.16 08:22:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.04.16 08:22:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.04.16 08:22:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.04.16 08:22:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.04.16 08:22:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.04.16 08:22:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.04.16 08:22:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.04.16 08:22:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.04.16 08:22:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.04.16 08:22:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.04.16 08:22:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.04.16 08:22:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.04.16 08:22:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.04.16 08:22:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.04.16 08:22:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.04.16 08:22:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.04.16 08:22:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.04.16 08:22:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.04.16 08:22:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.04.16 08:22:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.04.16 08:22:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.04.16 08:22:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.04.16 08:22:02 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.04.16 08:22:01 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.04.16 08:22:01 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.04.16 08:22:01 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.04.16 08:22:01 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2013.04.16 08:22:01 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2013.04.16 08:22:01 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2013.04.16 08:21:45 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.04.16 08:21:43 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013.04.16 08:21:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2013.04.16 08:21:42 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013.04.16 08:21:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013.04.16 08:21:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013.04.16 08:21:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2013.04.16 08:21:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2013.04.16 08:21:32 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2013.04.16 08:21:14 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013.04.16 08:21:11 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2013.04.16 08:21:08 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.04.16 08:21:06 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2013.04.16 08:21:05 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013.04.16 08:21:03 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2013.04.16 08:21:02 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2013.04.16 08:20:55 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.16 08:20:55 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.16 08:20:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.16 08:20:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.16 08:20:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.16 08:20:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.16 08:20:51 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013.04.16 08:20:50 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.04.16 08:20:41 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.04.16 08:20:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013.04.16 08:20:34 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.04.16 08:20:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.04.16 08:19:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013.04.16 08:19:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013.04.16 08:03:52 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013.04.16 08:03:52 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013.04.16 02:58:58 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\ATI
[2013.04.16 02:58:58 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\ATI
[2013.04.16 02:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.16 02:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.16 02:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.04.16 02:54:41 | 022,623,232 | ---- | C] (Advanced Micro Devices, Inc.) --
         
ich muss sie leider splitte, da sie sonst zu lang ist....

Alt 28.04.2013, 16:10   #7
duese91
 
e.ligatus.com - Standard

e.ligatus.com



und der Rest der OTL.txt
Code:
ATTFilter
C:\Windows\SysNative\atio6axx.dll
[2013.04.16 02:54:41 | 017,469,952 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2013.04.16 02:54:41 | 015,032,832 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2013.04.16 02:54:41 | 011,040,256 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll
[2013.04.16 02:54:41 | 010,611,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdpmd64.sys
[2013.04.16 02:54:41 | 010,611,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2013.04.16 02:54:41 | 009,319,424 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2013.04.16 02:54:41 | 007,467,520 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2013.04.16 02:54:41 | 006,547,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2013.04.16 02:54:41 | 006,098,432 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2013.04.16 02:54:41 | 005,395,968 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2013.04.16 02:54:41 | 005,080,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2013.04.16 02:54:41 | 004,967,424 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2013.04.16 02:54:41 | 004,720,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2013.04.16 02:54:41 | 004,411,904 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2013.04.16 02:54:41 | 004,304,896 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2013.04.16 02:54:41 | 004,246,016 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2013.04.16 02:54:41 | 003,631,104 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2013.04.16 02:54:41 | 003,420,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2013.04.16 02:54:41 | 003,156,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2013.04.16 02:54:41 | 001,912,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2013.04.16 02:54:41 | 001,208,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2013.04.16 02:54:41 | 000,830,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2013.04.16 02:54:41 | 000,787,968 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2013.04.16 02:54:41 | 000,672,256 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2013.04.16 02:54:41 | 000,571,904 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2013.04.16 02:54:41 | 000,508,952 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2013.04.16 02:54:41 | 000,480,256 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.04.16 02:54:41 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2013.04.16 02:54:41 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2013.04.16 02:54:41 | 000,415,256 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2013.04.16 02:54:41 | 000,386,584 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2013.04.16 02:54:41 | 000,380,416 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2013.04.16 02:54:41 | 000,361,984 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2013.04.16 02:54:41 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2013.04.16 02:54:41 | 000,303,616 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2013.04.16 02:54:41 | 000,271,360 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2013.04.16 02:54:41 | 000,258,048 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2013.04.16 02:54:41 | 000,228,864 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2013.04.16 02:54:41 | 000,223,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2013.04.16 02:54:41 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.04.16 02:54:41 | 000,161,304 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2013.04.16 02:54:41 | 000,147,456 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2013.04.16 02:54:41 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2013.04.16 02:54:41 | 000,122,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2013.04.16 02:54:41 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.04.16 02:54:41 | 000,119,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2013.04.16 02:54:41 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2013.04.16 02:54:41 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2013.04.16 02:54:41 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2013.04.16 02:54:41 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2013.04.16 02:54:41 | 000,087,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2013.04.16 02:54:41 | 000,087,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2013.04.16 02:54:41 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2013.04.16 02:54:41 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2013.04.16 02:54:41 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2013.04.16 02:54:41 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2013.04.16 02:54:41 | 000,083,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2013.04.16 02:54:41 | 000,083,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2013.04.16 02:54:41 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2013.04.16 02:54:41 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2013.04.16 02:54:41 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2013.04.16 02:54:41 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2013.04.16 02:54:41 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2013.04.16 02:54:41 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2013.04.16 02:54:41 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2013.04.16 02:54:41 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2013.04.16 02:54:41 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2013.04.16 02:54:41 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2013.04.16 02:54:41 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2013.04.16 02:54:41 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2013.04.16 02:54:41 | 000,040,448 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2013.04.16 02:54:41 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2013.04.16 02:54:41 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2013.04.16 02:54:41 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2013.04.16 02:54:41 | 000,031,232 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2013.04.16 02:54:41 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2013.04.16 02:54:41 | 000,027,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2013.04.16 02:54:41 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2013.04.16 02:54:41 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.04.16 02:54:41 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2013.04.16 02:54:41 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2013.04.16 02:50:19 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Diagnostics
[2013.04.16 02:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.16 02:47:31 | 000,114,704 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2013.04.16 02:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.04.16 02:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.04.16 02:36:57 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Mozilla
[2013.04.16 02:36:57 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Mozilla
[2013.04.16 02:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.16 02:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.04.16 02:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.16 02:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.04.16 02:29:41 | 000,000,000 | ---D | C] -- C:\Intel
[2013.04.16 02:22:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.04.16 02:00:06 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.04.16 02:00:05 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.04.16 02:00:05 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.04.16 01:59:56 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.04.16 01:59:56 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.04.16 01:59:56 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.04.16 01:59:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.04.16 01:59:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.04.16 01:53:39 | 000,074,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2013.04.16 01:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.04.16 01:44:10 | 000,102,688 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\scfdriver.sys
[2013.04.16 01:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos
[2013.04.16 01:43:25 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2013.04.16 01:43:25 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2013.04.16 01:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.04.16 01:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2013.04.16 01:42:46 | 000,037,440 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2013.04.16 01:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.04.16 01:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.04.16 01:42:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.04.16 01:36:03 | 000,154,952 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2013.04.16 01:36:03 | 000,055,072 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\scfndis.sys
[2013.04.16 01:36:03 | 000,025,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2013.04.16 01:35:59 | 000,000,000 | ---D | C] -- C:\escw_102_sa
[2013.04.16 01:33:04 | 000,000,000 | R--D | C] -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.16 01:33:04 | 000,000,000 | R--D | C] -- C:\Users\duese\Searches
[2013.04.16 01:33:04 | 000,000,000 | R--D | C] -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.16 01:32:52 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Identities
[2013.04.16 01:32:50 | 000,000,000 | R--D | C] -- C:\Users\duese\Contacts
[2013.04.16 01:32:49 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\VirtualStore
[2013.04.16 01:32:40 | 000,000,000 | --SD | C] -- C:\Users\duese\AppData\Roaming\Microsoft
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Videos
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Saved Games
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Pictures
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Music
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Links
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Favorites
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Downloads
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Documents
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Desktop
[2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Vorlagen
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\AppData\Local\Verlauf
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\AppData\Local\Temporary Internet Files
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Startmenü
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\SendTo
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Recent
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Netzwerkumgebung
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Lokale Einstellungen
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Documents\Eigene Videos
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Documents\Eigene Musik
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Eigene Dateien
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Documents\Eigene Bilder
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Druckumgebung
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Cookies
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\AppData\Local\Anwendungsdaten
[2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Anwendungsdaten
[2013.04.16 01:32:40 | 000,000,000 | -H-D | C] -- C:\Users\duese\AppData
[2013.04.16 01:32:40 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Temp
[2013.04.16 01:32:40 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Microsoft
[2013.04.16 01:32:40 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Media Center Programs
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.04.16 01:26:01 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.04.16 01:23:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.04.16 01:23:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.28 15:52:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\duese\Desktop\OTL.exe
[2013.04.28 15:23:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.28 14:59:25 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.04.28 14:23:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.28 14:23:21 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.28 14:23:21 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.28 14:23:21 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.28 14:23:21 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.28 14:01:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.28 13:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.28 12:26:42 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2013.04.28 11:10:42 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 11:10:42 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 11:02:59 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.24 22:17:18 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.17 18:07:44 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.17 18:07:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.17 05:59:07 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.04.16 20:16:13 | 000,086,566 | ---- | M] () -- C:\Users\duese\Documents\Uni.ics
[2013.04.16 17:42:41 | 000,436,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.16 16:21:23 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.16 16:21:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.16 16:21:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.04.16 16:21:23 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.16 16:21:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.16 16:21:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.16 16:21:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.16 16:21:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.16 16:21:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.16 16:21:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.16 16:21:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.16 16:21:22 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.16 16:21:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.16 16:21:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.16 16:21:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.16 16:21:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.16 16:21:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.16 16:21:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.16 16:21:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.16 16:21:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.16 16:21:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.04.16 16:21:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.16 16:21:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.16 16:21:22 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.16 16:21:22 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.16 16:21:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.16 16:21:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.16 16:21:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.16 16:21:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.04.16 16:21:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.04.16 16:21:20 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.16 16:21:20 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.16 16:21:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.04.16 16:21:19 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.16 16:21:19 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.16 16:21:19 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.04.16 16:21:19 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.16 16:21:19 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.16 16:21:19 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.16 16:21:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.04.16 16:21:19 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.04.16 16:21:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.16 16:21:19 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.16 16:21:19 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.16 16:21:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.04.16 16:21:19 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.16 16:21:19 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.16 16:21:19 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.16 16:21:19 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.16 16:21:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.16 16:21:19 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.16 16:21:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.16 16:21:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.16 16:21:18 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.16 16:21:18 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.16 16:21:18 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.16 16:21:18 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.16 16:21:18 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.16 16:21:18 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.16 16:21:18 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.16 16:21:18 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.16 16:21:18 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.16 16:21:18 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.16 16:21:18 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.16 16:21:18 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.16 16:21:18 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.16 16:21:18 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.16 16:21:18 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.16 16:21:18 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.16 16:21:18 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.16 16:21:18 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.16 16:21:18 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.16 16:21:18 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.16 16:21:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.16 12:09:59 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI
[2013.04.16 12:09:47 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2013.04.16 11:40:39 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.04.16 11:35:25 | 000,021,544 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2013.04.16 11:35:24 | 000,342,056 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys
[2013.04.16 11:35:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2013.04.16 11:35:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2013.04.16 11:35:24 | 000,039,464 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2013.04.16 11:20:53 | 000,681,508 | ---- | M] () -- C:\Windows\SysNative\oem11.inf
[2013.04.16 11:16:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.04.16 11:13:14 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.04.16 02:57:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.04.16 02:36:51 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.16 01:27:07 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.04.16 01:27:07 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.28 14:01:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.28 12:26:42 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2013.04.24 22:17:18 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.17 18:07:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.17 05:59:07 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013.04.17 05:59:07 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.04.16 20:16:13 | 000,086,566 | ---- | C] () -- C:\Users\duese\Documents\Uni.ics
[2013.04.16 16:28:41 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.04.16 16:21:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.16 16:21:18 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.16 16:12:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.04.16 12:09:59 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2013.04.16 12:09:47 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2013.04.16 11:38:20 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.04.16 11:36:15 | 000,247,560 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2013.04.16 11:36:15 | 000,033,060 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2013.04.16 11:36:15 | 000,001,448 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2013.04.16 11:36:15 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2013.04.16 11:36:15 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2013.04.16 11:36:15 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2013.04.16 11:36:15 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2013.04.16 11:36:15 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat
[2013.04.16 11:36:15 | 000,000,024 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2013.04.16 11:21:03 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem11.inf
[2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4328_Update64D.BAT
[2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4328_Update64C.BAT
[2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Update64D.BAT
[2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Update64C.BAT
[2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Update64D.BAT
[2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Update64C.BAT
[2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4315_Update64D.BAT
[2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4315_Update64C.BAT
[2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4328_Remove64D.BAT
[2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4328_Remove64C.BAT
[2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Remove64D.BAT
[2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Remove64C.BAT
[2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Remove64D.BAT
[2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Remove64C.BAT
[2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4315_Remove64D.BAT
[2013.04.16 11:20:20 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\bcmwl6.inf
[2013.04.16 11:20:20 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4312_Update64D.BAT
[2013.04.16 11:20:20 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4312_Update64C.BAT
[2013.04.16 11:20:20 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4311_Update64D.BAT
[2013.04.16 11:20:20 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4311_Update64C.BAT
[2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4315_Remove64C.BAT
[2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4312_Remove64D.BAT
[2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4312_Remove64C.BAT
[2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4311_Remove64D.BAT
[2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4311_Remove64C.BAT
[2013.04.16 11:20:19 | 000,012,067 | ---- | C] () -- C:\Windows\SysNative\bcm43xx64.cat
[2013.04.16 11:20:19 | 000,011,638 | ---- | C] () -- C:\Windows\SysNative\bcm43xx.cat
[2013.04.16 11:20:19 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4357_Update64D.BAT
[2013.04.16 11:20:19 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4357_Update64C.BAT
[2013.04.16 11:20:19 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\4357_Update32D.BAT
[2013.04.16 11:20:19 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\4357_Update32C.BAT
[2013.04.16 11:20:19 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4357_Remove64D.BAT
[2013.04.16 11:20:19 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4357_Remove64C.BAT
[2013.04.16 11:20:19 | 000,000,061 | ---- | C] () -- C:\Windows\SysNative\4357_Remove32D.BAT
[2013.04.16 11:20:19 | 000,000,061 | ---- | C] () -- C:\Windows\SysNative\4357_Remove32C.BAT
[2013.04.16 11:16:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.04.16 11:13:14 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.04.16 11:13:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.04.16 02:57:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.04.16 02:55:52 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013.04.16 02:55:52 | 000,003,914 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat
[2013.04.16 02:54:41 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013.04.16 02:54:41 | 000,916,704 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.04.16 02:54:41 | 000,916,704 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.04.16 02:54:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2013.04.16 02:54:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysNative\igkrng575.bin
[2013.04.16 02:54:41 | 000,233,012 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013.04.16 02:54:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2013.04.16 02:54:41 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\iglhsip64.dll
[2013.04.16 02:54:41 | 000,189,408 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2013.04.16 02:54:41 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\iglhcp64.dll
[2013.04.16 02:54:41 | 000,178,288 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2013.04.16 02:54:41 | 000,165,251 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2013.04.16 02:54:41 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2013.04.16 02:54:41 | 000,150,184 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.04.16 02:54:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2013.04.16 02:54:41 | 000,139,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2013.04.16 02:54:41 | 000,136,327 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2013.04.16 02:54:41 | 000,133,680 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2013.04.16 02:54:41 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2013.04.16 02:54:41 | 000,127,868 | ---- | C] () -- C:\Windows\SysNative\igcompkrng575.bin
[2013.04.16 02:54:41 | 000,125,477 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2013.04.16 02:54:41 | 000,123,164 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2013.04.16 02:54:41 | 000,122,858 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2013.04.16 02:54:41 | 000,122,638 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2013.04.16 02:54:41 | 000,121,121 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2013.04.16 02:54:41 | 000,120,695 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2013.04.16 02:54:41 | 000,120,287 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2013.04.16 02:54:41 | 000,119,533 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2013.04.16 02:54:41 | 000,119,513 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2013.04.16 02:54:41 | 000,119,286 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2013.04.16 02:54:41 | 000,118,997 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2013.04.16 02:54:41 | 000,118,684 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2013.04.16 02:54:41 | 000,118,631 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2013.04.16 02:54:41 | 000,118,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2013.04.16 02:54:41 | 000,117,984 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2013.04.16 02:54:41 | 000,114,779 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2013.04.16 02:54:41 | 000,114,308 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2013.04.16 02:54:41 | 000,114,179 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2013.04.16 02:54:41 | 000,110,156 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2013.04.16 02:54:41 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2013.04.16 02:54:41 | 000,104,796 | ---- | C] () -- C:\Windows\SysNative\igfcg575m.bin
[2013.04.16 02:54:41 | 000,103,997 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2013.04.16 02:54:41 | 000,102,843 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2013.04.16 02:54:41 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013.04.16 02:54:41 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013.04.16 02:54:41 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013.04.16 02:54:41 | 000,030,831 | ---- | C] () -- C:\Windows\atiogl.xml
[2013.04.16 02:54:41 | 000,005,396 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2013.04.16 02:54:41 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2013.04.16 02:54:41 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013.04.16 02:54:41 | 000,003,914 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2013.04.16 02:54:41 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2013.04.16 02:36:51 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.16 02:36:51 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.16 01:48:39 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.04.16 01:33:20 | 000,001,409 | ---- | C] () -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.04.16 01:33:16 | 000,001,443 | ---- | C] () -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.16 01:27:01 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.04.16 01:26:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.04.16 01:23:00 | 2962,243,584 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.13 22:28:34 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.28 12:27:14 | 000,000,000 | ---D | M] -- C:\Users\duese\AppData\Roaming\ICQ
[2013.04.28 12:20:07 | 000,000,000 | ---D | M] -- C:\Users\duese\AppData\Roaming\ICQ-Profile
[2013.04.17 06:28:31 | 000,000,000 | ---D | M] -- C:\Users\duese\AppData\Roaming\ImgBurn
 
========== Purity Check ==========
 
 

< End of report >
         
und zu guter letzt noch die Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 28.04.2013 15:54:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\duese\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 26,79% Memory free
7,36 Gb Paging File | 3,87 Gb Available in Paging File | 52,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,54 Gb Total Space | 648,58 Gb Free Space | 94,61% Space Free | Partition Type: NTFS
Drive D: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 585,94 Gb Total Space | 89,08 Gb Free Space | 15,20% Space Free | Partition Type: NTFS
Drive F: | 112,64 Gb Total Space | 112,64 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive G: | 931,51 Gb Total Space | 0,98 Gb Free Space | 0,11% Space Free | Partition Type: NTFS
 
Computer Name: DUESE-PC | User Name: duese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2359444012-4041525454-2629415603-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFCAAEC-FFE1-4F7E-89BD-E12FC0C2A7E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0DA18329-2A33-47FE-896F-916CD70BDB15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0E8B506A-5464-474E-8BE2-A3FAB05CB352}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{29E77FB6-30BA-4D91-9AB6-11AEEBB41E3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E728144-02F0-4F38-84C2-A49F5702AE1B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3D487977-4F27-4C3B-B310-E518E76AFA52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3EEA7223-973D-4F36-A33B-5F4B7F6F358D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3F4E84B6-E533-45B8-95C6-A4903E353F89}" = rport=445 | protocol=6 | dir=out | app=system | 
"{400CA198-42A4-4B79-A235-4F7FAF0DA72E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A92A74F-33B0-44BD-8802-B89878CA653A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4FABAAEC-D8BC-4095-88AC-DD0418DF75C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5A178D52-A2E5-4D3C-A3BA-EC61C4E9A394}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79BC8CDE-4701-4798-A2D8-BE1FE34FEB09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{85AA44A7-4D35-4871-8966-5EE14BDC5385}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{89E8BAB8-F63B-4023-9C9E-1EB4680BA89F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E8BFA24-94EA-48A6-A60D-E004A083288A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9BA57DFB-A2B4-4D68-87E5-12B8D0235BF8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1B72158-698F-4994-9983-134147D297B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B35A84C3-825B-4A79-A91E-FAEE8BB5FBC2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BA77305C-E1DE-4EAA-B40A-EA53106957AC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CB46D95E-874E-4F24-A982-EAC5280B4738}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{CB6FA65A-2876-46D6-8185-D7DBD5867C84}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DB4F0D28-6046-4F06-9371-7D1F25A015A0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E51241EB-42CD-4813-A9E8-3E6ABA731B24}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050A7606-B9E3-459D-9642-225DF5472374}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{0F868D44-686F-4785-8CD4-1E15E687F53E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23A826AC-BABE-44B5-BFAA-80D70189E026}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{35A50A51-4301-407C-8B7A-511816E1CB8F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A5BD6DD-DCEB-496D-B711-8421D6E54125}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46041571-A6E6-483A-9D77-2D87F9C7E7AB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{4A06ED18-9C7C-4414-AEFE-0E6A1307B261}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{535CBC69-8FE5-427D-B752-9892CD6F441E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C7BDCBE-80E0-4A78-B1E7-1FBFE98183EC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{77AD18ED-22DB-4C37-8AD3-A393759055D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{78DA42D4-9B51-4F30-B84C-6642E5E6A84B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{908145B8-6B7B-477C-A16F-4C6130737362}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{9AB385A1-E0F5-4FA3-A99A-3144663FE511}" = protocol=6 | dir=out | app=system | 
"{9EF5C358-59C0-4D42-9680-9F70F068F3E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A05978FA-5554-49C6-BC65-0F4D0AF939EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{A16ADE2E-90FC-46DE-A3B4-FD6BE9B8BAB6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{A8B2C394-1E0C-4223-8751-896CA8A6F9EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{B63030CD-092C-48B9-B334-1E0020197F7E}" = protocol=6 | dir=in | app=c:\users\duese\appdata\roaming\icqm\icq.exe | 
"{B9D048C8-FC31-4A1B-83D0-3B909BA81939}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BDD31C9F-D38C-495D-AF26-4F4B2E49C952}" = protocol=17 | dir=in | app=c:\users\duese\appdata\roaming\icqm\icq.exe | 
"{C233F874-EB55-412E-B8A8-CE35D1125897}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5CAE030-3D27-45D7-A4F7-BC8827561928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD6A69D9-30AB-4D36-B3BD-D0964CE1E7DE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{D50F8FAD-0667-42FA-B204-FD8876EBCFC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E94CDCD8-951C-4737-8EB5-128C49A5A928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA6BA64B-7B48-4587-8663-D549F8E95BBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EAECDA26-CAA6-449B-B237-D16BDF1CFDB3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F0A29024-8763-43C9-B246-4723A3CB3544}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F514342E-A893-4832-A2E9-5B2B085176F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FB8EA05A-2F66-4057-944B-681114C6E05A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FE370C53-7FC6-4E40-8BA4-0A6CA5E714FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{960BBD34-54DC-4C54-9D59-C491F51B3C3F}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{0D8FE2BC-E0B3-41A6-867C-FF757084EC32}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B674B1E-1905-4830-ABD1-F6892F1C4394}" = ATI Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{9BAC7DBC-CFDB-62D3-0F88-2D231F0B4402}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0276A4D3-8450-8E49-C44B-9326DBD89E1E}" = Catalyst Control Center
"{078CCC02-D3A4-82D2-D98A-8737024E7124}" = CCC Help Chinese Traditional
"{12C00299-B8B4-40D3-9663-66ABEA3198AB}" = Sophos Client Firewall
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{182136CD-9EE5-57F6-3DC8-E62392E93E93}" = CCC Help Italian
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2360EC6E-C287-02C3-59D5-303040922C12}" = CCC Help Swedish
"{24D1C3CC-B529-C9B2-F349-8E0E0F464A43}" = CCC Help Russian
"{2B365FA7-BC10-2164-0F2F-871DBC603A8A}" = CCC Help Turkish
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41086B94-324A-0977-5098-38EB25AAA244}" = CCC Help Chinese Standard
"{478B37C5-64AB-0CEE-04B5-0B8F9FEA41C5}" = CCC Help Portuguese
"{49328737-A2E9-55C7-019D-C2A1C4EA1C32}" = Catalyst Control Center InstallProxy
"{49BC5CBB-27F7-E523-AE61-D1625FAEDDE1}" = CCC Help Japanese
"{4F5AF4FD-A590-7530-4D5D-4A9772961420}" = Catalyst Control Center Localization All
"{55A9990A-E980-71C4-B90F-01C4235C79FB}" = CCC Help Thai
"{57CA189D-BAEB-49BC-AE75-CE70E9B775E1}" = Catalyst Control Center - Branding
"{5A15E450-0894-D4A5-9E25-1D3DDA1F123F}" = CCC Help Dutch
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{64427AF4-5D83-C673-68D5-A067FF1002EC}" = CCC Help Finnish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A1419E0-4ECA-0DBE-F469-B79FDE3544C0}" = CCC Help Danish
"{6B5F27E0-38D1-15E2-A0BC-0FCE7064CE67}" = CCC Help French
"{6D5E077E-B748-299D-FD98-159CF35779E5}" = CCC Help Korean
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Wireless LAN Driver Installation Program for Windows7
"{8AE21DF5-B8C8-A53A-19E3-A84A2E143ED0}" = CCC Help Czech
"{8D5D02EB-C2BC-D8BD-FD88-5C362A50D945}" = Catalyst Control Center Profiles Mobile
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{927C832C-91DF-69C3-D468-476AC83E4D85}" = CCC Help Spanish
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A53E6062-D674-A400-2A7C-AF35A3D56324}" = CCC Help Polish
"{A7FDA790-9CE0-AE8F-94B9-6CAE8E07E396}" = CCC Help Hungarian
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ADE9605B-0432-B54C-8907-F89EB63C0DD0}" = CCC Help German
"{C30773F5-0746-C580-B32E-BF6F6854A5E2}" = PX Profile Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E1431A6A-C3B9-6573-DE0C-D004B500EF0C}" = CCC Help Norwegian
"{ED7BD1FD-2294-8515-32B7-991DE931A97E}" = CCC Help English
"{EDE01FC9-4790-0FFA-5B92-C401C865F9A5}" = CCC Help Greek
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ImgBurn" = ImgBurn
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2013 01:30:40 | Computer Name = duese-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2013 01:48:51 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.04.2013 10:19:51 | Computer Name = duese-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Microsoft Windows Search Protocol Host"
 konnte nicht heruntergefahren werden.
 
Error - 26.04.2013 02:14:18 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.04.2013 05:07:20 | Computer Name = duese-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2013 10:23:00 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.04.2013 18:13:13 | Computer Name = duese-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.6.0, Zeitstempel:
 0x516335f9  Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.6.0, Zeitstempel:
 0x516335f9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000006ebf  ID des fehlerhaften
 Prozesses: 0x15b4  Startzeit der fehlerhaften Anwendung: 0x01ce42cb3bce1a66  Pfad der
 fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\VideoLAN\VLC\vlc.exe  Berichtskennung: 7c2f30b3-aebe-11e2-8166-4c0f6e75664a
 
Error - 27.04.2013 13:02:42 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 28.04.2013 02:56:18 | Computer Name = duese-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.04.2013 03:06:26 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 28.04.2013 05:04:06 | Computer Name = duese-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 27.04.2013 13:24:24 | Computer Name = duese-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 27.04.2013 20:02:55 | Computer Name = duese-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst iphlpsvc erreicht.
 
Error - 27.04.2013 20:03:06 | Computer Name = duese-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.04.2013 02:53:39 | Computer Name = duese-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.04.2013 02:54:03 | Computer Name = duese-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 28.04.2013 02:55:27 | Computer Name = duese-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.04.2013 03:06:06 | Computer Name = duese-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 28.04.2013 04:11:37 | Computer Name = duese-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.04.2013 05:04:06 | Computer Name = duese-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 28.04.2013 08:07:45 | Computer Name = duese-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
         

Vielen Dank schonmal

Geändert von duese91 (28.04.2013 um 16:16 Uhr) Grund: doppelpost

Alt 28.04.2013, 16:59   #8
t'john
/// Helfer-Team
 
e.ligatus.com - Standard

e.ligatus.com



Alles unauffaellig.



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.06.2013, 10:10   #9
t'john
/// Helfer-Team
 
e.ligatus.com - Standard

e.ligatus.com



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu e.ligatus.com
7-zip, akamai, antivir, autorun, avira, bho, converter, dvdvideosoft ltd., e.ligatus, error, excel, failed, firefox, flash player, google, home, igdpmd64.sys, install.exe, launch, lightning, mozilla, mp3, officejet, problem, realtek, registry, rundll, scan, security, software, spotify web helper, super, svchost.exe, symantec, windows, wlansvc



Ähnliche Themen: e.ligatus.com


  1. e.ligatus.com taucht bei mir in Internet Explorer auch auf
    Log-Analyse und Auswertung - 27.01.2014 (7)
  2. e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite
    Log-Analyse und Auswertung - 19.05.2013 (10)
  3. e.ligatus.com 34088 Poppup
    Log-Analyse und Auswertung - 10.05.2013 (30)
  4. Firefox öffnet eigenständig ein Tab(http://e.ligatus.com/LigatusFallback.gif?ids=34088)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (1)
  5. Das "e. ligatus. com/Fallback..."-Problem: Mögliche Lösung
    Plagegeister aller Art und deren Bekämpfung - 05.05.2013 (1)
  6. e.ligatus.com Virus, Tab in Firefox öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (11)
  7. e.ligatus Trojaner auf Handy?
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (0)
  8. Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)
    Log-Analyse und Auswertung - 24.04.2013 (13)
  9. Firefox öffnet "e.ligatus..." automatisch
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (26)
  10. Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (16)
  11. e.ligatus.com Virus
    Log-Analyse und Auswertung - 30.03.2013 (10)
  12. Firefox öffnet eigenständig neuen Tab mit http://e.ligatus.com/LigatusFallback.gif?ids=34088
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (1)

Zum Thema e.ligatus.com - Hi, ich habe ein Problem, und zwar öffnete sich vorgestern Abend ständig in meinem Mozilla Firefox ein neuer Tab mit der Adresse: e. ligatus. com/LigatusFallback.gif?ids=34088. Da die Seite immer und - e.ligatus.com...
Archiv
Du betrachtest: e.ligatus.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.