Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rechner startet und läuft immer langsamer, Verdacht auf Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2013, 11:55   #1
Haegar-d.s
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Hallo zusammen.
Nachdem wir meinen Hauptrechner erfolgreich sauber bekommen hatten, habe ich noch ein 2. Problem:
Mein 2.-Rechner läuft und reagiert im laufe der Zeit immer langsamer. Startzeit war Anfangs z. B. ca 1 Min., inzwischen fast 3! Auch glaube ich, im Hintergrund laufen irgendwelche unerwünschten Programme. Ich vermute irgendwelche Schadsoftware im System. Dieser Rechner fungiert in erster Linie als Werkstatt- und Test-Rechner, soll heißen, es wird auch schon mal die ein oder andere (legale) Software zum testen aufgespielt. Im Zweifel ist eine Formatierung nicht schlimm, es sind keine wichtigen Daten vorhanden, aber die benötigte Software erneut aufzuspielen und zu konfigurieren, ist doch sehr mühselig Ich habe mbam und LanmanCheck durchlaufen lassen. Letzteres hat einen Verdacht auf einen Trojaner gemeldet. Die beiden Logfiles hänge ich gleich mal an. Vielleicht hat jemand Zeit, mal darüber zu schauen?
System:
Lenovo G575 mit AMD E350, 4GB Ram, 500GB HDD
Win7, Standard-Browser Iron,
Virenscanner: AVG
Vielen Dank im Voraus und einen schönen Tag.

Markus
mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Kfz-Technik :: LENOVO [Administrator]

Schutz: Aktiviert

24.05.2013 12:56:16
mbam-log-2013-05-24 (12-56-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218591
Laufzeit: 8 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
LanmanCheck-Log:
Code:
ATTFilter
DLL im Lanmanworkstation Schlüssel: %SystemRoot%\System32\wkssvc.dll
Geladene DLL: C:\windows\System32\wkssvc.dll
Signatur der DLL: Microsoft Windows
Rückgabe der Signaturermittlung: Der Vorgang wurde erfolgreich beendet.
MD5 der DLL: 851A1382EED3E3A7476DB004F4EE3E1A

DLL im Dnscache Schlüssel: %SystemRoot%\System32\pouafoaw8.dll
Geladene DLL: C:\windows\System32\pouafoaw8.dll
Signatur der DLL: 
Rückgabe der Signaturermittlung: Das System kann die angegebene Datei nicht finden.
MD5 der DLL: 


Die im Dnscache Schlüssel angegebene DLL konnte nicht gefunden werden!
Auf ihrem Rechner wurde eine Datei gefunden, die auf eine Infektion mit einem 
Mediyes Trojaner hindeuten könnte!
         

Alt 28.05.2013, 12:10   #2
Psychotic
/// Malwareteam
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.




Schritt 2: Gmer



Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Hacken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!




Schritt 3: OTL Custom Scan




Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /600
C:\Windows\SysNative\*.dll /600
C:\Windows\SysWOW64\*.dll /600
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Geändert von Psychotic (28.05.2013 um 12:20 Uhr)

Alt 28.05.2013, 22:15   #3
Haegar-d.s
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Hallo Marius,
vorab erst einmal vielen Dank für deine Hilfe.

Defogger lief einwandfrei. Keine Fehlermeldung, kein Neustart.

Gmer.txt:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-28 18:29:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000072 HITACHI_ rev.PB3Z 298,09GB
Running: ohtmziq9.exe; Driver: C:\Users\KFZ-TE~1\AppData\Local\Temp\pxldapog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                                                                                    fffff800031ff000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574                                                                                                                                                                    fffff800031ff00e 3 bytes [00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                       00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                      00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                  00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                 00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[1480] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                              00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[1480] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                             00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                          00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                         00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3776] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                             00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3776] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                            00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
?         C:\windows\system32\mssprxy.dll [3776] entry point in ".rdata" section                                                                                                                                                                0000000074bc71e6
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                                                                            000000007746f991 7 bytes {MOV EDX, 0x988a28; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                                                                                 000000007746fbd5 7 bytes {MOV EDX, 0x988a68; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                                                                                     000000007746fc05 7 bytes {MOV EDX, 0x9889a8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                                                                              000000007746fc1d 7 bytes {MOV EDX, 0x988928; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                                                                                000000007746fc35 7 bytes {MOV EDX, 0x988b28; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                                                                              000000007746fc65 7 bytes {MOV EDX, 0x988b68; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                                                                               000000007746fce5 7 bytes {MOV EDX, 0x988ae8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                                                                              000000007746fcfd 7 bytes {MOV EDX, 0x988aa8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                                                                                        000000007746fd49 7 bytes {MOV EDX, 0x988868; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                                                                             000000007746fe41 7 bytes {MOV EDX, 0x9888a8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                                                                                      0000000077470099 7 bytes {MOV EDX, 0x988828; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                                                                                00000000774710a5 7 bytes {MOV EDX, 0x9889e8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                                                                                      000000007747111d 7 bytes {MOV EDX, 0x988968; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                                                                         0000000077471321 7 bytes {MOV EDX, 0x9888e8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                             00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[3384] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                            00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                                                                            000000007746f991 7 bytes {MOV EDX, 0xedea28; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                                                                                 000000007746fbd5 7 bytes {MOV EDX, 0xedea68; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                                                                                     000000007746fc05 7 bytes {MOV EDX, 0xede9a8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                                                                              000000007746fc1d 7 bytes {MOV EDX, 0xede928; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                                                                                000000007746fc35 7 bytes {MOV EDX, 0xedeb28; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                                                                              000000007746fc65 7 bytes {MOV EDX, 0xedeb68; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                                                                               000000007746fce5 7 bytes {MOV EDX, 0xedeae8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                                                                              000000007746fcfd 7 bytes {MOV EDX, 0xedeaa8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                                                                                        000000007746fd49 7 bytes {MOV EDX, 0xede868; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                                                                             000000007746fe41 7 bytes {MOV EDX, 0xede8a8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                                                                                      0000000077470099 7 bytes {MOV EDX, 0xede828; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                                                                                00000000774710a5 7 bytes {MOV EDX, 0xede9e8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                                                                                      000000007747111d 7 bytes {MOV EDX, 0xede968; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                                                                         0000000077471321 7 bytes {MOV EDX, 0xede8e8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                             00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[2392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                            00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                             00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                            00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                                                                            000000007746f991 7 bytes {MOV EDX, 0x18c228; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                                                                                 000000007746fbd5 7 bytes {MOV EDX, 0x18c268; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                                                                                     000000007746fc05 7 bytes {MOV EDX, 0x18c1a8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                                                                              000000007746fc1d 7 bytes {MOV EDX, 0x18c128; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                                                                                000000007746fc35 7 bytes {MOV EDX, 0x18c328; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                                                                              000000007746fc65 7 bytes {MOV EDX, 0x18c368; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                                                                               000000007746fce5 7 bytes {MOV EDX, 0x18c2e8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                                                                              000000007746fcfd 7 bytes {MOV EDX, 0x18c2a8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                                                                                        000000007746fd49 7 bytes {MOV EDX, 0x18c068; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                                                                             000000007746fe41 7 bytes {MOV EDX, 0x18c0a8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                                                                                      0000000077470099 7 bytes {MOV EDX, 0x18c028; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                                                                                00000000774710a5 7 bytes {MOV EDX, 0x18c1e8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                                                                                      000000007747111d 7 bytes {MOV EDX, 0x18c168; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                                                                         0000000077471321 7 bytes {MOV EDX, 0x18c0e8; JMP RDX}
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                             00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\SRWare Iron\iron.exe[5168] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                            00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[5152] C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960  000000002dff5984 4 bytes [DD, A0, C9, C9]
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[5152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                     00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[5152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                    00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtClose                                                                                                000000007746f9c0 5 bytes JMP 000000015ece5b27
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                          000000007746f9d8 5 bytes JMP 000000015ece5fef
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                              000000007746fa08 5 bytes JMP 000000015ecdffc6
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                    000000007746fa20 5 bytes JMP 000000015ecdf9d7
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                             000000007746fa70 5 bytes JMP 000000015ecdf851
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                        000000007746fa88 5 bytes JMP 000000015ecdf95f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                            000000007746fb20 5 bytes JMP 000000015ece027d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                   000000007746fc18 5 bytes JMP 000000015ece3ece
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                         000000007746fd2c 5 bytes JMP 000000015ecdf7d9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                             000000007746fd44 5 bytes JMP 000000015ece44c1
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                   000000007746fd78 5 bytes JMP 000000015ece3543
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                      000000007746fe24 5 bytes JMP 000000015ece5ba2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                  000000007746fe3c 5 bytes JMP 000000015ece4643
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                           0000000077470094 5 bytes JMP 000000015ece42f9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                          00000000774701a4 5 bytes JMP 000000015ecdfa4f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                           00000000774709c4 5 bytes JMP 000000015ece4112
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                            00000000774709dc 5 bytes JMP 000000015ecdca09
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                       0000000077470a24 5 bytes JMP 000000015ecdcad7
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                             0000000077470b60 5 bytes JMP 000000015ecdca70
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                      0000000077470f50 5 bytes JMP 000000015ecdfac7
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                                                             0000000077470f68 5 bytes JMP 000000015ecdfd9e
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                            0000000077470ff8 5 bytes JMP 000000015ece0056
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                              000000007747131c 5 bytes JMP 000000015ece46d3
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                000000007747145c 5 bytes JMP 000000015ecdfd22
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                  0000000077471508 5 bytes JMP 000000015ece5f67
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                            00000000774716f8 5 bytes JMP 000000015ecdcee6
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                    0000000077471a38 5 bytes JMP 000000015ecdf8d9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                    0000000077471b7c 5 bytes JMP 000000015ece5d24
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                                                      00000000755f103d 5 bytes JMP 000000015ecb9203
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                                                      00000000755f1072 5 bytes JMP 000000015ecb9341
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                000000007561c9b5 5 bytes JMP 000000015ecb9577
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW                                                                                    00000000756700c3 5 bytes JMP 000000015ecb9d58
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA                                                                                    000000007567016b 5 bytes JMP 000000015ecba08b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\kernel32.dll!WinExec                                                                                             0000000075672c91 5 bytes JMP 000000015ecb98fa
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\kernel32.dll!AllocConsole                                                                                        0000000075696b3e 5 bytes JMP 000000015ece7054
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\kernel32.dll!AttachConsole                                                                                       0000000075696c02 5 bytes JMP 000000015ece7066
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                    00000000752b2aa4 5 bytes JMP 000000015ecba2e4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                                       0000000075368a29 5 bytes JMP 000000015ece703c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                                                       000000007536d22e 5 bytes JMP 000000015ece7024
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\GDI32.dll!AddFontResourceW                                                                                       00000000754dd2b2 5 bytes JMP 000000015ecc74e3
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\GDI32.dll!AddFontResourceA                                                                                       00000000754dd7bb 5 bytes JMP 000000015ecc74c7
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW                                                                              00000000758f1e3a 7 bytes JMP 000000015ecca2f2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW                                                                               00000000758fb466 7 bytes JMP 000000015eccb213
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW                                                                                  00000000759178ff 7 bytes JMP 000000015ecca999
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW                                                                              00000000759179bb 7 bytes JMP 000000015eccab4a
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA                                                                               000000007591a3e2 7 bytes JMP 000000015eccb2d9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                0000000075932538 5 bytes JMP 000000015ecb96b9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA                                                                                  0000000075951b94 7 bytes JMP 000000015eccaa51
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA                                                                              0000000075951c31 7 bytes JMP 000000015eccac02
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA                                                                                 0000000075952021 7 bytes JMP 000000015eccb155
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA                                                                              0000000075952104 7 bytes JMP 000000015ecca3a9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW                                                                                 0000000075952221 5 bytes JMP 000000015eccb097
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!ControlService                                                                                       0000000076004d5c 7 bytes JMP 000000015ecca137
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle                                                                                   0000000076004dc3 7 bytes JMP 000000015ecca460
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus                                                                                   0000000076004e4b 7 bytes JMP 000000015ecca1c3
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx                                                                                 0000000076004eaf 7 bytes JMP 000000015ecca256
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!StartServiceW                                                                                        0000000076004f35 7 bytes JMP 000000015ecc9fb2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!StartServiceA                                                                                        000000007600508d 7 bytes JMP 000000015ecca048
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity                                                                           00000000760050f4 7 bytes JMP 000000015eccaf65
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                             0000000076005181 7 bytes JMP 000000015eccb001
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                 0000000076005254 7 bytes JMP 000000015ecca661
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                 00000000760053d5 7 bytes JMP 000000015ecca57c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                                00000000760054c2 7 bytes JMP 000000015ecca903
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                                00000000760055e2 7 bytes JMP 000000015ecca86d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!CreateServiceA                                                                                       000000007600567c 7 bytes JMP 000000015ecc9d94
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!CreateServiceW                                                                                       000000007600589f 7 bytes JMP 000000015ecc9cbe
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!DeleteService                                                                                        0000000076005a22 7 bytes JMP 000000015ecca4ee
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA                                                                                  0000000076005a83 7 bytes JMP 000000015eccad94
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW                                                                                  0000000076005b29 7 bytes JMP 000000015eccacfb
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!ControlServiceExA                                                                                    0000000076005ca0 7 bytes JMP 000000015ecc946e
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!ControlServiceExW                                                                                    0000000076005d8c 7 bytes JMP 000000015ecc93f5
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW                                                                                       00000000760063ad 7 bytes JMP 000000015ecc99bc
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA                                                                                       00000000760064f0 7 bytes JMP 000000015ecc9a48
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A                                                                                 0000000076006633 7 bytes JMP 000000015eccaec9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W                                                                                 000000007600680c 7 bytes JMP 000000015eccae2d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!OpenServiceW                                                                                         000000007600714b 7 bytes JMP 000000015ecc9b31
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\SysWOW64\sechost.dll!OpenServiceA                                                                                         0000000076007245 7 bytes JMP 000000015ecc9bbd
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid                                                                                      0000000074f1c56e 5 bytes JMP 000000015ecd0fac
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                                                               0000000074f1ea09 7 bytes JMP 000000015ecd157d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!OleRun                                                                                                 0000000074f207de 5 bytes JMP 000000015ecd1438
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                  0000000074f221e1 5 bytes JMP 000000015ecd20ad
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!OleUninitialize                                                                                        0000000074f2eba1 6 bytes JMP 000000015ecd1357
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!OleInitialize                                                                                          0000000074f2efd7 5 bytes JMP 000000015ecd12e7
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoGetPSClsid                                                                                           0000000074f326b9 5 bytes JMP 000000015ecd1124
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoGetClassObject                                                                                       0000000074f454ad 5 bytes JMP 000000015ecd263b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoInitializeEx                                                                                         0000000074f509ad 5 bytes JMP 000000015ecd1197
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoUninitialize                                                                                         0000000074f586d3 5 bytes JMP 000000015ecd1219
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                                                       0000000074f59d0b 5 bytes JMP 000000015ecd3909
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                     0000000074f59d4e 5 bytes JMP 000000015ecd1a44
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                                                              0000000074f7bb09 7 bytes JMP 000000015ecd14a8
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                    0000000074f9eacf 5 bytes JMP 000000015ecd0a09
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                                                  0000000074fd340b 5 bytes JMP 000000015ecd2afb
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                                                    000000007501cfd9 5 bytes JMP 000000015ecd13c2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\oleaut32.dll!RegisterActiveObject                                                                                0000000075c6279e 5 bytes JMP 000000015ecd0c9c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\oleaut32.dll!RevokeActiveObject                                                                                  0000000075c63294 5 bytes JMP 000000015ecd0dbd
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3300] C:\windows\syswow64\oleaut32.dll!GetActiveObject                                                                                     0000000075c78f40 5 bytes JMP 000000015ecd0e30

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                                                                                                                                                           
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)                                                                                                                                       

---- EOF - GMER 2.1 ----
         

OTL Dateien folgen...

Liebe Grüße

Markus

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 28.05.2013 22:17:36 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kfz-Technik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 56,33% Memory free
7,21 Gb Paging File | 5,21 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 173,21 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,96 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO | User Name: Kfz-Technik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6B808-6FA5-4669-8F32-16AF93C8ECBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{07CA57A9-8197-4FCE-95CB-A19DC73AD577}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{172418C1-B6EA-4947-8837-59B05AB1EFDB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1D66CAF8-1C82-4257-AD32-51BC303023C5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1E209C1F-29D6-45BE-BDC0-CE22C6AE0FDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E98EEFD-86EB-47C3-B258-BDCFB4F57292}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36E862DF-5406-4666-8C21-E636A5B2493B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{436DC802-FFA6-4B48-98C7-A727D1C794C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43A9D5C6-F585-432B-9536-B328FBBD55A4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4F8BAA63-0634-4E64-A247-2EC6F89942CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5F8F85A0-44E1-49A8-8525-30890EB23D4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{711DC43A-C1F3-421A-8840-DFDAD183B295}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C68D105-5673-4141-B541-A6A70FF139CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C95BCC0-8891-4D46-BE8B-3E0D1EE2C4D9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7D6FA3DB-C4A2-4518-8E33-68005EBA034A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8088677F-08A0-45A8-9820-FF6E438EB39C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{81C625CF-3A77-4196-9889-15B35A96BE13}" = rport=139 | protocol=6 | dir=out | app=system | 
"{891DB712-8AD2-4C2D-90F5-8DB4CFE27EC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8D11B2BD-399C-4106-963B-100C3A47640E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9FA9A3E7-B34C-46D7-8967-CD7ACB586344}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7F450E0-1043-41DA-9305-F1E484FB70FD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A9E82F06-D3CA-4594-B3B7-1F524F2B4BD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACF26393-AF82-4813-A128-85815A3FC16D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BFF144EF-5F22-4575-865E-40AD6681C2F4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C2E56CCC-BB88-4CFB-B52C-24352AFCEF23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C9254BEF-F735-4110-8AD3-754C866FFD93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD2DEC5D-E6AC-4717-B673-E318CBD95AFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D3E5A8EE-DA4E-4D07-82A6-6C321834D043}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D87379A9-D0C7-4C5B-83DA-B3E8C7A7F063}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DBBC72FC-03D0-4810-AC22-CC3062E68420}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EA8F3504-3B7D-4713-92F9-161F3119BA4E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EDBD1EE1-AA78-4389-906F-38CF780E3765}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{EDCAEE87-018C-43B3-BB08-F048FBE8C5CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F106C9E2-F974-460A-ADD0-735B73B15F90}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038545DF-D789-49A8-B871-F2688AC6F09A}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{0394FA4C-E213-4751-86E2-07C76096FBE0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{05B8476E-1412-4282-B299-1B5EA5DF204D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{06942360-B6E4-4041-A4D0-AB19460860B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{0EED0E2F-29F6-4DAB-A3C4-2B5A079AE203}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{10DEB323-7D9C-4F29-98F5-7896346CF915}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{121B0BE2-85B7-4D2B-8A77-F23EB58DAF65}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{14B6A787-2D67-4071-8A22-FC011E73F1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{197B5CF4-4B29-41C9-B1DC-E6B5BCEAF366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23DFE3D7-AE55-4AAC-BE33-C65A784D3D45}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{243CB316-0DFE-4DF9-94EF-A2807FD8539D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{28DE21F3-FCC6-4BC4-8CCA-8FBAE68D4A44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3EEB99DA-E453-43DC-B51E-3A365F5C1A82}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{454EC166-5244-45E2-97FD-9AC85E1FEE99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{506B1212-546A-4FF2-A0F2-0A7F9F68F7DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{53AB2680-4281-46C7-8FCD-5C5FBFDBFAB4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5431324A-6C2E-4B20-9A31-79772BB8B3AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{55F88BDA-9372-4A9C-A0C5-A096370B9240}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{5A1729A1-BE2C-4437-A67B-722DA3DB386D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{67480903-7BE0-4117-9F7F-9E6766B35452}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{67528681-2E98-4DFF-9DDA-B1DAE5F5F5B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68E3AC91-8746-489C-A409-F384FCFEEBA8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{703B5459-74A5-4F08-808F-53930ADC3EBA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{778C1E19-9295-46C3-A2EA-3FC0634C6809}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{7E1A1CD3-A01B-4191-8E74-D73FB1A1961F}" = protocol=6 | dir=out | app=system | 
"{8B19E1B0-14C1-46A0-BBC8-4F0706F62387}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8DA67C21-8E4E-4FF6-A797-85BE65A4AC1E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{934CD5F9-39DC-4883-B9F8-2DA54B34C69B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97C8CDFF-B300-4DF1-A267-1B58E7B32F28}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{99C423E8-86B3-4352-9CC9-A77742E0549D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7C7D1B8-4FE0-4DB4-A41D-8E89CDAAB06F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B02C276D-5BB6-40CA-B8F0-8FD928E75845}" = dir=in | app=f:\setup\hpznui40.exe | 
"{C48D3DE6-CE25-496B-B6D4-A5BCD11385D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB212179-9705-489B-BA13-5234898721DD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CC526911-9424-4362-A865-4E5292B934D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{CD890F0E-5BA6-40E9-B868-DE1EDD3F6F75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D42FFF94-66B2-42C0-9BAF-1D6C8FF4102B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{E4375C3E-D25E-4FE0-9084-1BEBCD7E5C21}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E49EA176-9EE5-4A92-93DC-A8C5450132F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{E8219B50-697B-4506-B6BE-9342C4BA7A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{F5C89E5A-1C26-4783-92AB-98FEB5E55A05}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{F695AAD7-D5D1-4E72-9DA1-DDB78E76ECEA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F8A03769-7933-4EEB-A796-FD1E2EBFA7CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FAC95CE0-C040-4C00-9D0E-7A8718E03134}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14FCF290-82AB-421A-9034-636EF90EB9E5}" = AVG 2013
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C897CB6-9393-C1DF-089D-7BB33C344362}" = AMD Fuel
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50F24798-E870-CEE2-64CA-56DD81A27BAC}" = ATI Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B31B6C8-383F-2362-5EB4-D950F666D8FD}" = ccc-utility64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{909EDD8B-F26D-7051-C761-3386A1AFE052}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2A4EF15-22EE-B863-717D-4237AA3C1536}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"42B17F23052FF114E91E57E2287CCEEDF216888D" = Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02)
"5EFB68C2F0CD0DB3442B0733C6FAB545A71A88FF" = Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02)
"6D3D1B84986E536339ED6F2B2A381D13597CD69C" = Windows-Treiberpaket - MPP USB CDC Virtual COM Port (09/16/2011 1.5.0)
"9FCA89337DAC5D4196D98BF2F17E831E1EE83336" = Windows-Treiberpaket - FTDI FTDI VCP (03/20/2011 2.08.14)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"AVG" = AVG 2013
"CNXT_AUDIO_HDA" = Conexant HD Audio
"D6BC3CBE8968CB6351105F9D2EEC52CE24F2C99D" = Windows-Treiberpaket - FTDI FTDI D2XX (03/21/2011 2.08.14)
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{070667D2-A6DC-C36C-10D0-4D25F0054B78}" = CCC Help Chinese Standard
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{09CB25FF-E950-0699-DA4D-5BDCD5A653EA}" = CCC Help Finnish
"{0ABC3BCC-4B49-11E1-84DC-8BB34724019B}" = autoaid VCI USB Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C374EBE-A045-4531-8F58-F240E078E0BE}" = VAG-COM 504 Deutsch
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{194E63E4-4AA0-F201-3C96-7EFEA0AEFE91}" = CCC Help French
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F3C1281-F291-573B-3913-774993D6F2C6}" = CCC Help Korean
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D2E2AD9-2DD9-FC5E-32A7-2961E5800C58}" = CCC Help English
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F22702F-A236-4B6A-41BD-420700522583}_is1" = Was macht mein PC 1.xx
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C60AC6-FA09-4AE1-BD42-E5ED51A4BB19}" = MonoScan
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45D8D16D-13AC-826F-7494-166EB0CC021F}" = Catalyst Control Center Graphics Previews Common
"{47B5B5D0-2D0D-887B-E3A3-29744258A2F2}" = CCC Help Portuguese
"{47FAF76A-B225-FA71-F0AA-9ACD71A1A6EB}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C0636E0-C17F-FEE2-0704-944EC0315996}" = CCC Help Japanese
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{54DA5204-5F2B-BB6B-3A29-93DB85E71F02}" = CCC Help Czech
"{55CCAFAB-5213-49EB-A1B5-937E5F3F811B}" = Vehicle Explorer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5B64310E-6C76-10FB-EF2D-D63D7901FE27}" = CCC Help Spanish
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6429EC24-5976-8B97-0C73-C7C6EEE717BE}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AA63B49-FF6B-D9EC-F578-36AAD863791F}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{82C9D4E8-A57A-95C2-8503-2021E9678096}" = CCC Help Thai
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86394597-E2A6-B8EE-9E01-5FF6FD919BFB}" = ccc-core-static
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9520BD31-226A-4D5D-B900-6C0CDBA75BF0}_is1" = Onlinesupport 5.0.8232 QS
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F705A4D-B625-1E7E-BD3B-5DB253F4A3AE}" = Catalyst Control Center Profiles Mobile
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AE557889-A5F1-212B-BC66-2A67D5FB84D7}" = Catalyst Control Center Localization All
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF311022-8A9B-41F5-BE54-E361DF2C8AA6}" = Catalyst Control Center - Branding
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{BA75BE51-5E2E-4FA4-923C-63ACEAD63FB9}" = VAG-COM 311 Deutsch
"{BD36D776-83FB-454D-982A-BE248F6D668D}" = WEB.DE Toolbar MSVC90 CRT x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version 24.0.1350.0
"{C601C102-3CF4-B39C-4479-D03BDA605CDB}" = CCC Help Swedish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6CABAAA-41C5-40F1-3DCC-A15E2DB8600E}" = CCC Help Dutch
"{C8670645-69C0-A438-CDD7-821A54D6C7B0}" = CCC Help Danish
"{CD5CDBC3-D83E-38BF-297B-CF3B54160C6E}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEADD21D-50DC-49F4-9566-8BF47A102CF7}" = autoaid Internet Diagnose+
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6AA424E-0598-45D7-0D92-113ACC44EC50}" = CCC Help Chinese Traditional
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEE4D866-5145-4AF9-B38A-A25AD3F69FFD}" = ScanTool
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35E2F85-3E06-ADAD-7774-663DFD300D44}" = Catalyst Control Center InstallProxy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9F03F14-2EF3-7E0C-095F-A2056D748271}" = CCC Help Russian
"{EAE6BF35-84C4-F159-268E-9B63BDCDF545}" = CCC Help German
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F9502EF3-3D89-7CDC-1BB8-9AC33789BCA5}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Car Diagnostic Center 2009 Free Edition_is1" = Car Diagnostic Center 2009 Free Edition
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"EasyCash&Tax_is1" = EasyCash&Tax 1.59
"Fakturama" = Fakturama
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"moDiag_is1" = moDiag 2.8.515
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Nokia Ovi Suite" = Nokia Ovi Suite
"OBD3 Tool Home_is1" = OBD3 Tool Home 4.2
"OBD3 Tool SemiPro_is1" = OBD3 Tool SemiPro 4.2
"OBD-DIAG_is1" = OBD-DIAG V1.01.02
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ST6UNST #1" = OBD Scan Tech OBD II Enhance - Version 1.35
"ST6UNST #2" = OBD Scan Tech OBD II Generic FULL Version 1.17
"ST6UNST #3" = Vol-FCR FTDI USB Demo Version 1.7.3
"ST6UNST #4" = Vol-FCR FTDI USB Demo Version 1.7.3 (C:\Program Files (x86)\Vol-FCR\)
"TachoPro BMW ®©_is1" = TachoPro BMW ®© DS2 1.6 SemiPro
"Uninstall_is1" = Uninstall 1.0.0.1
"VAG-Check" = VAG-Check (remove only)
"VCDS AIB" = VCDS AIB 11.11
"VCDS DRV" = VCDS DRV 11.11
"VCDS-Lite  1.1" = VCDS-Lite 1.1
"VeriFace" = VeriFace
"WABCO_EBS_402_is1" = Wabco EBS Präsentation 4.02
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WEB.DE SmartDrive Sync" = WEB.DE SmartDrive Sync
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2013 15:48:25 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 23.04.2013 03:17:02 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 24.04.2013 05:14:30 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 26.04.2013 11:37:00 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 28.04.2013 10:45:37 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Die Aktion kann nicht abgeschlossen werden. Versuchen
 Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
 
Error - 11.05.2013 12:52:47 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 12.05.2013 14:45:15 | Computer Name = lenovo | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 12.05.2013 14:45:22 | Computer Name = lenovo | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 12.05.2013 14:45:25 | Computer Name = lenovo | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 12.05.2013 15:14:04 | Computer Name = lenovo | Source = VSS | ID = 12305
Description = 
 
[ Media Center Events ]
Error - 19.08.2011 06:31:44 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:31:44 - Fehler beim Herstellen der Internetverbindung.  12:31:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.08.2011 06:32:00 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:31:50 - Fehler beim Herstellen der Internetverbindung.  12:31:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 03:42:11 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 09:42:11 - Fehler beim Herstellen der Internetverbindung.  09:42:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 03:42:28 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 09:42:17 - Fehler beim Herstellen der Internetverbindung.  09:42:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 04:42:58 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 10:42:58 - Fehler beim Herstellen der Internetverbindung.  10:42:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 04:43:27 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 10:43:03 - Fehler beim Herstellen der Internetverbindung.  10:43:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 06:52:54 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:52:54 - Fehler beim Herstellen der Internetverbindung.  12:52:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 06:53:13 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:53:00 - Fehler beim Herstellen der Internetverbindung.  12:53:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.10.2012 16:40:58 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 22:40:58 - Fehler beim Herstellen der Internetverbindung.  22:40:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.10.2012 16:41:07 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 22:41:03 - Fehler beim Herstellen der Internetverbindung.  22:41:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 28.05.2013 16:41:04 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:41:14 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:42:18 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:42:42 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:44:14 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:44:50 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:45:06 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:45:16 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:47:06 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 28.05.2013 16:47:18 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
 
< End of report >
         
__________________

Alt 28.05.2013, 23:04   #4
Haegar-d.s
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Die OTL.txt ist zu groß. Wie hättest du sie denn am liebsten? Ich poste sie ersteinmal in 2 Teilen. Wenn es was anderes sein darf, sag Bescheid...

OTL.txt /1:

Code:
ATTFilter
OTL logfile created on: 28.05.2013 22:17:36 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kfz-Technik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 56,33% Memory free
7,21 Gb Paging File | 5,21 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 173,21 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,96 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO | User Name: Kfz-Technik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kfz-Technik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\SRWare Iron\libegl.dll ()
MOD - C:\Program Files (x86)\SRWare Iron\libglesv2.dll ()
MOD - C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
MOD - C:\Program Files (x86)\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 47 92 56 8B 0C CC 01  [binary data]
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{258FDA73-B27F-4A2E-B576-89F92CFFCCE5}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{399172A6-48B7-479C-9204-94006F26119E}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{657839C4-5F89-4EF3-B0F5-2743D063373C}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{9AD7F70E-0BC6-4B2A-9D04-58A306FD1E79}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.17 19:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.02.28 21:21:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.23 07:47:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.03 04:20:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.01 10:39:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.17 19:44:21 | 000,000,000 | ---D | M]
 
[2011.03.28 01:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Extensions
[2013.05.28 22:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Firefox\Profiles\461pnpnx.default\extensions
[2011.04.03 08:11:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Firefox\Profiles\461pnpnx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.05.28 22:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Firefox\Profiles\461pnpnx.default\extensions\staged
[2013.04.23 12:53:46 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\firefox\profiles\461pnpnx.default\extensions\toolbar@web.de.xpi
[2013.05.28 22:06:25 | 000,620,338 | ---- | M] () (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\firefox\profiles\461pnpnx.default\extensions\staged\toolbar@web.de.xpi
[2013.04.23 13:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.23 13:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.04.23 13:06:53 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2013.02.28 21:21:08 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2013.05.23 07:47:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.17 21:45:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.23 15:57:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001..\Run: [autoaid Internet Diagnose+] C:\Program Files (x86)\autoaid GmbH\autoaid Internet Diagnose+\diagnosisNotify.exe (autoaid GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kfz-Technik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kfz-Technik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\windows\system32\tnnsu75t5.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2FE4A1E-8FE2-4707-A3BE-859D8732019A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\webde - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {76C19B34-F0C8-11cf-87CC-0020AFEECF20} - Simp Chinese Language Pack
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Kfz-Technik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ross-Tech VCDS DRV Updater.lnk - C:\PROGRAMMR\VCDS-Dt\VCDS1006DE.exe - (Ross-Tech, LLC)
MsConfig:64bit - StartUpReg: 332BigDog - hkey= - key= - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: FreeAC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Power2GoExpress - hkey= - key= - C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe (Cyberlink)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: UpdateP2GShortCut - hkey= - key= - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: VeriFaceManager - hkey= - key= - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
MsConfig:64bit - StartUpReg: YouCam Mirage - hkey= - key= - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
MsConfig:64bit - StartUpReg: YouCam Tray - hkey= - key= - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.24 11:08:41 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\windows\IsUn0407.exe
[2013.05.24 10:21:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kfz-Technik\Desktop\OTL.exe
[2013.05.24 10:09:44 | 000,623,003 | ---- | C] (No company) -- C:\Users\Kfz-Technik\Desktop\LanmanCheck.exe
[2013.05.24 09:52:49 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013.05.24 08:56:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.24 03:24:11 | 000,000,000 | ---D | C] -- C:\windows\CheckSur
[2013.05.24 03:02:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.05.24 03:02:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.05.24 03:02:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.05.24 03:02:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.05.24 03:02:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.05.24 03:02:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.05.24 03:02:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.05.24 03:02:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.05.24 03:02:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.05.24 03:02:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013.05.24 03:02:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.24 03:02:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.05.24 03:01:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.05.24 03:01:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.05.24 03:01:53 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.05.23 22:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash
[2013.05.23 22:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyCash&Tax
[2013.05.23 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\.fakturama
[2013.05.23 21:42:25 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\.swt
[2013.05.23 21:38:23 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013.05.23 21:38:23 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013.05.23 21:38:23 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013.05.23 21:38:11 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013.05.23 21:38:11 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013.05.23 21:38:11 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013.05.23 21:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.05.23 21:22:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\javaws.exe
[2013.05.23 21:22:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\javaw.exe
[2013.05.23 21:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fakturama
[2013.05.23 15:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.23 15:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.23 15:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.23 15:30:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.23 15:30:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.23 15:29:39 | 005,069,602 | R--- | C] (Swearware) -- C:\Users\Kfz-Technik\Desktop\ComboFix.exe
[2013.05.23 10:49:03 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\AppData\Roaming\Malwarebytes
[2013.05.23 10:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.23 10:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.23 10:48:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.05.23 10:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.23 07:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.05.23 07:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.22 12:19:14 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013.05.22 12:19:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2013.05.22 12:18:56 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013.05.22 12:18:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013.05.22 12:18:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013.05.22 12:18:54 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013.05.22 12:18:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013.05.22 12:18:38 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mcupdate_AuthenticAMD.dll
[2013.05.22 12:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.05.12 22:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS DRV
[2013.05.12 21:33:11 | 000,000,000 | ---D | C] -- C:\Ross-Tech
[2013.05.12 21:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\autoaid Internet Diagnose+
[2013.05.12 21:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\autoaid GmbH
[2013.05.12 21:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013.05.12 21:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.05.12 21:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.05.12 20:44:09 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\AppData\Roaming\autoaid GmbH
[2012.05.23 12:00:00 | 000,930,304 | ---- | C] (Kevin Schneider) -- C:\Users\Kfz-Technik\MP3QualityModifier.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.28 22:23:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.28 21:56:31 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 21:56:31 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 21:49:42 | 001,141,343 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.05.28 21:48:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.28 21:48:17 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 17:59:13 | 001,614,988 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.28 17:59:13 | 000,697,542 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.28 17:59:13 | 000,652,820 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.28 17:59:13 | 000,148,548 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.28 17:59:13 | 000,121,494 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.28 13:35:05 | 000,377,856 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\ohtmziq9.exe
[2013.05.28 13:34:02 | 000,000,188 | ---- | M] () -- C:\Users\Kfz-Technik\defogger_reenable
[2013.05.28 13:32:36 | 000,050,477 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\Defogger.exe
[2013.05.24 11:34:53 | 000,001,501 | ---- | M] () -- C:\windows\RbSystem.ini
[2013.05.24 11:10:51 | 000,000,752 | ---- | M] () -- C:\windows\ESIDATA.ini
[2013.05.24 11:09:10 | 000,004,017 | ---- | M] () -- C:\windows\System\v9Sys_xx.vxd
[2013.05.24 10:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kfz-Technik\Desktop\OTL.exe
[2013.05.24 10:09:45 | 000,623,003 | ---- | M] (No company) -- C:\Users\Kfz-Technik\Desktop\LanmanCheck.exe
[2013.05.24 09:20:45 | 000,632,031 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\adwcleaner.exe
[2013.05.24 03:16:30 | 001,592,882 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.05.23 22:44:07 | 000,001,027 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\EasyCash&Tax.lnk
[2013.05.23 21:37:51 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013.05.23 21:37:50 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013.05.23 21:37:50 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013.05.23 21:37:49 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013.05.23 21:37:49 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013.05.23 21:37:49 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013.05.23 21:31:03 | 000,000,981 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\Fakturama.lnk
[2013.05.23 15:57:22 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.05.23 15:29:53 | 005,069,602 | R--- | M] (Swearware) -- C:\Users\Kfz-Technik\Desktop\ComboFix.exe
[2013.05.23 10:50:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.23 09:14:08 | 000,289,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.22 12:05:38 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.05.22 11:57:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.05.22 11:57:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.05.28 13:35:05 | 000,377,856 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\ohtmziq9.exe
[2013.05.28 13:34:01 | 000,000,188 | ---- | C] () -- C:\Users\Kfz-Technik\defogger_reenable
[2013.05.28 13:32:34 | 000,050,477 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\Defogger.exe
[2013.05.24 09:20:44 | 000,632,031 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\adwcleaner.exe
[2013.05.23 22:44:07 | 000,001,027 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\EasyCash&Tax.lnk
[2013.05.23 21:15:14 | 000,000,981 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\Fakturama.lnk
[2013.05.23 21:15:14 | 000,000,854 | ---- | C] () -- C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fakturama.lnk
[2013.05.23 15:32:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.23 15:32:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.23 15:32:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.23 15:32:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.23 15:32:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.23 10:48:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 03:44:57 | 000,002,300 | ---- | C] () -- C:\Users\Kfz-Technik\Neuer Kontenrahmen.eux
[2012.04.07 22:42:41 | 000,001,501 | ---- | C] () -- C:\windows\RbSystem.ini
[2012.04.07 22:39:21 | 000,012,800 | ---- | C] () -- C:\windows\SysWow64\PWUtility.dll
[2012.04.07 22:39:21 | 000,007,168 | ---- | C] () -- C:\windows\SysWow64\dtctrace.dll
[2012.04.07 22:39:20 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\xcd73532.dll
[2012.04.07 22:39:10 | 000,487,424 | ---- | C] () -- C:\windows\esi_kl02.dat
[2012.04.07 22:39:01 | 000,655,360 | ---- | C] () -- C:\windows\SysWow64\dslang32.dll
[2012.04.07 22:39:01 | 000,327,680 | ---- | C] () -- C:\windows\SysWow64\ldf251.dll
[2012.04.07 22:34:19 | 000,000,752 | ---- | C] () -- C:\windows\ESIDATA.ini
[2012.02.29 22:42:47 | 000,007,607 | ---- | C] () -- C:\Users\Kfz-Technik\AppData\Local\Resmon.ResmonCfg
[2011.12.13 22:01:30 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.10.20 00:03:36 | 000,000,553 | ---- | C] () -- C:\Users\Kfz-Technik\LG_External_HDD (SPEEDPORT.IPAllLG_External_HDD) (Z) - Verknüpfung.lnk
[2011.10.17 19:17:09 | 000,241,064 | ---- | C] () -- C:\windows\hpwins28.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.28 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2013
[2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2011.04.20 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\1&1 Mail & Media GmbH
[2011.03.18 18:07:02 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\ArcSyncConfig
[2011.12.08 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Auslogics
[2013.05.12 21:14:21 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\autoaid GmbH
[2013.04.04 02:00:53 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\AVG2013
[2012.04.07 10:52:55 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\DAEMON Tools
[2012.04.07 22:24:17 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\DAEMON Tools Lite
[2011.07.18 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\EPSON
[2011.11.30 21:46:35 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Mp3tag
[2011.12.07 00:00:33 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\MPP-Engineering
[2011.04.01 23:05:04 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\OBD-DIAG
[2011.12.07 00:00:28 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Obsidium
[2011.08.01 09:36:10 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PC Suite
[2013.02.28 21:51:50 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PDF Architect
[2011.03.22 18:23:25 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PDF Software
[2011.12.11 14:14:30 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\QuickScan
[2013.05.28 19:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\SoftGrid Client
[2011.12.13 22:03:12 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Synaptics
[2011.12.07 01:04:34 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TeamViewer
[2011.03.21 00:19:44 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TP
[2013.04.04 01:44:00 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TuneUp Software
[2011.04.25 00:58:17 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\WEB.DE
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2013.02.27 07:46:08 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters >
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters >
"ServiceDll" = %SystemRoot%\System32\pouafoaw8.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll
"ServiceMain" = SetAccessPolicy
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"hpdevmgmt" = hpqcxs08hpqddsvc [binary data]
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
         

Alt 28.05.2013, 23:05   #5
Haegar-d.s
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



und OTL.txt /2:

Code:
ATTFilter
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"hpdevmgmt" = hpqcxs08hpqddsvc [binary data]
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\unimdm.tsp
 
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\hidphone.tsp
[2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\kmddsp.tsp
[2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ndptsp.tsp
[2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\remotesp.tsp
[2010.11.20 15:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\unimdm.tsp
 
< C:\Windows\system32\*.dll /600 >
[2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2011.12.23 20:38:28 | 000,206,256 | ---- | M] (FTDI Ltd.) -- C:\Windows\system32\ai-usb.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apisetschema.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.01.13 22:08:35 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2011.10.17 21:45:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\system32\deployJava1.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.01.13 22:31:00 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2013.04.03 03:10:06 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2013.04.03 03:10:06 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.04.03 03:10:15 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\elshyph.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2013.04.03 03:10:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2013.04.03 03:10:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2013.04.03 03:10:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2013.04.03 03:10:05 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.04.05 07:26:21 | 013,760,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.04.03 03:10:08 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2013.04.05 07:26:21 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.04.05 07:26:21 | 002,046,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.04.05 07:26:21 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2013.04.05 07:26:21 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2013.04.05 07:26:21 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2013.04.03 03:10:09 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2013.04.03 03:10:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2013.04.05 07:26:25 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.04.05 07:26:26 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.04.05 07:26:26 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2013.04.03 03:10:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2011.12.12 21:34:57 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll
[2013.04.05 07:26:45 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.04.03 03:10:08 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.04.05 07:26:46 | 014,323,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.04.03 03:10:11 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2013.04.03 03:10:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2013.04.03 03:10:12 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.04.03 03:10:13 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2013.04.03 03:10:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2013.04.03 03:10:09 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2013.04.03 03:10:11 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2012.05.04 11:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.08.24 18:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.08.24 18:57:40 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll
[2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.08.24 18:53:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2011.12.08 19:41:40 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
[2013.04.03 03:10:05 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.04.05 07:28:10 | 001,130,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.04.03 03:10:11 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2013.04.03 03:10:11 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.01.13 21:43:21 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2013.04.05 07:28:24 | 001,767,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
 
< C:\Windows\SysNative\*.dll /600 >
[2013.02.15 08:02:26 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2011.12.23 20:38:54 | 000,330,160 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\ai-usb.dll
[2011.12.23 20:37:46 | 000,284,592 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\ailang.dll
[2011.12.23 20:40:20 | 000,143,792 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\aiusbui.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 07:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 22:35:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 22:32:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 22:35:31 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 22:31:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 22:35:31 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 22:31:40 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 22:31:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 07:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appinfo.dll
[2012.12.16 16:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 19:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.02.27 07:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.02 07:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.02 07:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.01.13 21:10:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.01.13 21:20:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.01.13 21:38:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.01.13 21:24:33 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.01.13 21:51:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.01.13 21:20:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.01.13 21:38:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.01.13 21:38:32 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.05.23 21:37:49 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.09 20:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.10.09 20:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.02 07:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.01.13 21:59:04 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.01.13 21:49:17 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.04.03 03:10:02 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.03 03:10:02 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.03 03:10:15 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2011.10.15 08:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2013.01.13 21:58:28 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2012.12.07 15:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.04.03 03:10:02 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.03 03:09:58 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.03 03:10:02 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.03 03:10:01 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2013.04.05 08:50:30 | 015,404,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2013.04.03 03:09:58 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.05 08:50:30 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.05 08:50:31 | 002,647,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2013.04.05 08:50:31 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.05 08:50:31 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.05 08:50:31 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.04.03 03:09:58 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.03 03:10:01 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.03 19:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll
[2013.04.05 08:50:36 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.05 08:50:36 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.05 08:50:36 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.08.11 02:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2012.11.30 07:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.30 07:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.04.03 03:10:01 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.24 20:03:09 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.04.01 08:03:35 | 000,078,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll
[2011.12.12 21:34:56 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2013.04.05 08:50:56 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.03 03:09:58 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2013.04.05 08:50:58 | 019,231,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2013.04.03 03:10:00 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.03 03:09:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.03 03:10:01 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.04.03 03:10:03 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.01.04 08:11:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.04.03 03:10:03 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.02.15 08:06:11 | 003,717,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.11.01 07:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.11.01 07:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.11.20 07:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.03 19:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.10.03 19:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.10.03 19:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.10.03 19:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlaapi.dll
[2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlasvc.dll
[2013.05.23 21:37:49 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2011.11.17 08:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.11.30 07:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.04.03 03:09:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.11.19 16:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013.04.03 03:09:58 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2012.05.04 13:00:43 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011.10.26 07:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.08.24 20:05:03 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2011.11.17 08:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.02.27 07:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2011.11.17 08:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011.11.17 08:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.09.26 00:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.02.15 08:08:40 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.11.09 07:45:09 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2013.01.13 21:24:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.04.03 03:10:02 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.05 08:52:02 | 001,365,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.11.22 07:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.04.03 03:10:00 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.07.26 04:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.04.03 03:10:01 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webcheck.dll
[2011.11.17 08:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.11.09 07:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.05.23 21:37:51 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.01.13 21:15:40 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.01.13 21:25:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.04.05 08:52:14 | 002,242,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2013.01.04 07:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.08.24 20:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll
[2013.01.13 20:32:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012.11.30 07:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.30 07:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.30 07:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.07 15:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.26 05:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.07.26 05:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.07.26 05:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFSvc.dll
[2012.07.26 05:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.03.19 07:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.03.19 07:53:58 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll
[2013.01.13 20:09:52 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.01.13 19:05:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
 
< C:\Windows\SysWOW64\*.dll /600 >
[2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\aaclient.dll
[2011.12.23 20:38:28 | 000,206,256 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysWOW64\ai-usb.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apisetschema.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWOW64\atmlib.dll
[2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll
[2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
[2013.01.13 22:08:35 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll
[2011.10.17 21:45:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpnet.dll
[2013.01.13 22:31:00 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
[2013.04.03 03:10:06 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll
[2013.04.03 03:10:06 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll
[2013.04.03 03:10:15 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\elshyph.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EncDec.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll
[2013.04.03 03:10:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icardie.dll
[2013.04.03 03:10:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IEAdvpack.dll
[2013.04.03 03:10:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll
[2013.04.03 03:10:05 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iedkcs32.dll
[2013.04.05 07:26:21 | 013,760,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2013.04.03 03:10:08 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll
[2013.04.05 07:26:21 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iernonce.dll
[2013.04.05 07:26:21 | 002,046,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2013.04.05 07:26:21 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesetup.dll
[2013.04.05 07:26:21 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesysprep.dll
[2013.04.05 07:26:21 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
[2013.04.03 03:10:09 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll
[2013.04.03 03:10:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inseng.dll
[2013.04.05 07:26:25 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2013.04.05 07:26:26 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll
[2013.04.05 07:26:26 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
[2013.04.03 03:10:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\licmgr10.dll
[2011.12.12 21:34:57 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msclmd.dll
[2013.04.05 07:26:45 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2013.04.03 03:10:08 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeedsbs.dll
[2013.04.05 07:26:46 | 014,323,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2013.04.03 03:10:11 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2013.04.03 03:10:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmler.dll
[2013.04.03 03:10:12 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2013.04.03 03:10:13 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
[2013.04.03 03:10:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll
[2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mstscax.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netevent.dll
[2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
[2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
[2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll
[2013.04.03 03:10:09 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\occache.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\packager.dll
[2013.04.03 03:10:11 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll
[2012.05.04 11:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll
[2012.08.24 18:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.08.24 18:57:40 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
[2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.08.24 18:53:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll
[2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tsgqec.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll
[2011.12.08 19:41:40 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\SysWOW64\UpdSvc.dll
[2013.04.03 03:10:05 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2013.04.05 07:28:10 | 001,130,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
[2013.04.03 03:10:11 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2013.04.03 03:10:11 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webcheck.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
[2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2013.01.13 21:43:21 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll
[2013.04.05 07:28:24 | 001,767,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll
[2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMPhoto.dll
[2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsPrint.dll
 
< %SYSTEMDRIVE%\*. >
[2013.04.14 21:43:49 | 000,000,000 | ---D | M] -- C:\$AVG
[2013.05.28 11:17:13 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.05.16 00:04:12 | 000,000,000 | ---D | M] -- C:\28ef02111dc4e6f0c3
[2012.10.23 21:33:33 | 000,000,000 | ---D | M] -- C:\3f5b3f955403c2d962b330345b77bbb6
[2012.02.03 15:49:08 | 000,000,000 | ---D | M] -- C:\865c8429bac93145bb949cfc92a173
[2012.05.02 00:29:14 | 000,000,000 | ---D | M] -- C:\a16efba9ad7ac935259e
[2012.04.24 21:22:44 | 000,000,000 | ---D | M] -- C:\a2c47584a1219b2150ead4
[2012.02.11 23:24:28 | 000,000,000 | ---D | M] -- C:\af8575230ba1a79be21b6c8c43e52f1d
[2013.05.24 03:24:04 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2012.03.01 23:59:03 | 000,000,000 | ---D | M] -- C:\content
[2013.02.15 15:31:26 | 000,000,000 | ---D | M] -- C:\Daemon tools lite 4.30.1
[2012.10.23 21:54:39 | 000,000,000 | ---D | M] -- C:\DDDRDVS
[2012.03.01 23:59:03 | 000,000,000 | ---D | M] -- C:\dlgs
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.18 17:59:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.05.24 12:01:57 | 000,000,000 | ---D | M] -- C:\esi 2011
[2012.10.23 21:54:43 | 000,000,000 | ---D | M] -- C:\NESYDVS
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.24 12:35:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.24 12:24:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.05.24 09:21:33 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.03.18 17:59:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.03 18:55:48 | 000,000,000 | ---D | M] -- C:\ProgrammeRoss-Tech
[2011.12.07 00:43:39 | 000,000,000 | ---D | M] -- C:\PROGRAMMR
[2013.05.23 16:04:30 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.03.18 17:59:08 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.05.12 21:33:11 | 000,000,000 | ---D | M] -- C:\Ross-Tech
[2012.01.26 17:35:23 | 000,000,000 | ---D | M] -- C:\ROTKAEPPCHEN
[2012.03.01 23:59:03 | 000,000,000 | ---D | M] -- C:\slib
[2013.05.28 22:21:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.01 23:59:03 | 000,000,000 | ---D | M] -- C:\translator
[2012.10.23 21:53:12 | 000,000,000 | ---D | M] -- C:\UserData
[2011.02.24 20:23:59 | 000,000,000 | ---D | M] -- C:\UserGuidePDF
[2013.05.28 11:16:34 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.23 12:46:14 | 000,000,000 | ---D | M] -- C:\VCDS-Dt
[2013.05.24 11:15:19 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.24 10:44:14 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.24 10:46:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.02.24 10:44:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.02.24 10:46:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.02.24 10:44:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.02.24 10:46:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.24 10:44:14 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.02.24 10:46:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.02.24 11:08:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011.02.24 11:08:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:C68DE4A3

< End of report >
         

Liebe Grüße und gute Nacht

Markus


Alt 29.05.2013, 08:59   #6
Psychotic
/// Malwareteam
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Hallo Markus,

auf deinem Rechner sind Überreste eines speziellen, seltenen Schädlings erkennbar.

Um die werden wir uns kümmern:

Schritt 1: Fix mit OTL

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:C68DE4A3

:services
Update-Service
Update-Service-Installer-Service

:files
C:\Windows\SysWOW64\UpdSvc.dll

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
  00

:COMMANDS
[EMPTYTEMP]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2: LSPFix


Bitte downloade dir LSPFix
  • Starte die LSPFix.exe.
    Windows Vista oder höher mit Rechtsklick -> Als Administrator ausführen
  • Markiere die Box "I know what I'm doing"
  • In der Keep Box solltest du eine oder mehrer dieser tnnsu75t5.dll Dateien finden.
  • Wähle jede einzelne vorhandene tnnsu75t5.dll und verschiebe diese in die Remove Box indem du den >> Button drückst.
  • Wenn alle Dateien verschoben wurden klicke Finish>>.


Schritt 3: Neues OTL-Log
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> Rechner startet und läuft immer langsamer, Verdacht auf Malware

Alt 30.05.2013, 23:19   #7
Haegar-d.s
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Hallo Marius,

hier sind die gewünschten Files.

OTL File:

Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:C68DE4A3 deleted successfully.
========== SERVICES/DRIVERS ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
Error: No service named Update-Service-Installer-Service was found to stop!
Service\Driver key Update-Service-Installer-Service not found.
========== FILES ==========
C:\Windows\SysWOW64\UpdSvc.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 156501 bytes
->Temporary Internet Files folder emptied: 128 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kfz-Technik
->Temp folder emptied: 1083184 bytes
->Temporary Internet Files folder emptied: 432368 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7758967 bytes
->Flash cache emptied: 492 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 355980 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 4646382311 bytes
 
Total Files Cleaned = 4.440,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05302013_224237

Files\Folders moved on Reboot...
C:\Users\Kfz-Technik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
LSP-Fix:
Ich habe nur eine tnnsu75t5.dll, und die befindet sich bereits in der remove box...?
Unter keep stehen folgende dll:
NLAapi.dll
napinsp.dll
pnrpnsp.dll
wshbth.dll
WLIDNSP.DLL
mswsock.dll
winrnr.dll

Zur Info: Soweit ich weiß, aht mein system kein Bluetooth... ( wshbth.dll) ?

Ich breche den LSP-Fix erst einmal ab bis ich deine Bestätigung habe.f

Liebe Grüße

Markus

Alt 03.06.2013, 07:24   #8
Psychotic
/// Malwareteam
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Die Bluetooth-Datei gehört dennoch auf dein System.
Sorge dafür, dass nur die tnnsu75t5.dll sich in der remove-box befindet und klicke Finish.

Fahre dann mit Schritt 3 fort.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 03.06.2013, 21:56   #9
Haegar-d.s
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Hallo Marius,

gut, habe eben an Punkt 2 wieder aufgenommen.

Hier ist die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 03.06.2013 21:17:36 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kfz-Technik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 55,17% Memory free
7,21 Gb Paging File | 5,31 Gb Available in Paging File | 73,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 177,60 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,96 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
Drive Y: | 580,74 Gb Total Space | 392,96 Gb Free Space | 67,67% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO | User Name: Kfz-Technik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kfz-Technik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\SRWare Iron\libegl.dll ()
MOD - C:\Program Files (x86)\SRWare Iron\libglesv2.dll ()
MOD - C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 47 92 56 8B 0C CC 01  [binary data]
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{258FDA73-B27F-4A2E-B576-89F92CFFCCE5}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{399172A6-48B7-479C-9204-94006F26119E}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{657839C4-5F89-4EF3-B0F5-2743D063373C}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{9AD7F70E-0BC6-4B2A-9D04-58A306FD1E79}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.17 19:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.02.28 21:21:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.03 16:39:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.03 04:20:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.01 10:39:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.17 19:44:21 | 000,000,000 | ---D | M]
 
[2011.03.28 01:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Extensions
[2013.06.03 16:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Firefox\Profiles\461pnpnx.default\extensions
[2011.04.03 08:11:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Firefox\Profiles\461pnpnx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.06.03 16:03:58 | 000,620,338 | ---- | M] () (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\firefox\profiles\461pnpnx.default\extensions\toolbar@web.de.xpi
[2013.06.03 16:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.03 16:39:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.03 16:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.06.03 16:39:25 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2013.02.28 21:21:08 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2011.10.17 21:45:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2013.05.23 15:57:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001..\Run: [autoaid Internet Diagnose+] C:\Program Files (x86)\autoaid GmbH\autoaid Internet Diagnose+\diagnosisNotify.exe (autoaid GmbH)
O4 - Startup: C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk = C:\Ross-Tech\VCDS-DRV\VCDS.exe (Ross-Tech, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kfz-Technik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kfz-Technik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2FE4A1E-8FE2-4707-A3BE-859D8732019A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\webde - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.24 11:37:45 | 000,000,000 | ---D | M] - Y:\Autodata 3.24 alt -- [ NTFS ]
O32 - AutoRun File - [2011.04.07 08:51:31 | 000,000,051 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 23:09:53 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Kfz-Technik\Desktop\LSPFix.exe
[2013.05.30 22:42:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.24 11:08:41 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\windows\IsUn0407.exe
[2013.05.24 10:21:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kfz-Technik\Desktop\OTL.exe
[2013.05.24 10:09:44 | 000,623,003 | ---- | C] (No company) -- C:\Users\Kfz-Technik\Desktop\LanmanCheck.exe
[2013.05.24 09:52:49 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013.05.24 08:56:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.24 03:24:11 | 000,000,000 | ---D | C] -- C:\windows\CheckSur
[2013.05.24 03:02:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.05.24 03:02:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.05.24 03:02:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.05.24 03:02:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.05.24 03:02:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.05.24 03:02:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.05.24 03:02:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.05.24 03:02:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.05.24 03:02:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.05.24 03:02:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013.05.24 03:02:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.24 03:02:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.05.24 03:01:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.05.24 03:01:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.05.24 03:01:53 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.05.23 22:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash
[2013.05.23 22:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyCash&Tax
[2013.05.23 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\.fakturama
[2013.05.23 21:42:25 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\.swt
[2013.05.23 21:38:23 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013.05.23 21:38:23 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013.05.23 21:38:23 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013.05.23 21:38:11 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013.05.23 21:38:11 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013.05.23 21:38:11 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013.05.23 21:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.05.23 21:22:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\javaws.exe
[2013.05.23 21:22:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\javaw.exe
[2013.05.23 21:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fakturama
[2013.05.23 15:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.23 15:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.23 15:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.23 15:30:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.23 15:30:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.23 15:29:39 | 005,069,602 | R--- | C] (Swearware) -- C:\Users\Kfz-Technik\Desktop\ComboFix.exe
[2013.05.23 10:49:03 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\AppData\Roaming\Malwarebytes
[2013.05.23 10:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.23 10:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.23 10:48:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.05.23 10:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.23 07:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.05.23 07:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.22 12:19:14 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013.05.22 12:19:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2013.05.22 12:18:56 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013.05.22 12:18:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013.05.22 12:18:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013.05.22 12:18:54 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013.05.22 12:18:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013.05.22 12:18:38 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mcupdate_AuthenticAMD.dll
[2013.05.22 12:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.05.12 22:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS DRV
[2013.05.12 21:33:11 | 000,000,000 | ---D | C] -- C:\Ross-Tech
[2013.05.12 21:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\autoaid Internet Diagnose+
[2013.05.12 21:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\autoaid GmbH
[2013.05.12 21:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013.05.12 21:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.05.12 21:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.05.12 20:44:09 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\AppData\Roaming\autoaid GmbH
[2012.05.23 12:00:00 | 000,930,304 | ---- | C] (Kevin Schneider) -- C:\Users\Kfz-Technik\MP3QualityModifier.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 21:23:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 21:20:49 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 21:20:49 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 21:13:41 | 000,262,715 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.06.03 21:12:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.03 21:11:53 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 17:29:02 | 001,614,988 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.06.01 17:29:02 | 000,697,542 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.06.01 17:29:02 | 000,652,820 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.06.01 17:29:02 | 000,148,548 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.06.01 17:29:02 | 000,121,494 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.06.01 17:01:09 | 000,000,806 | ---- | M] () -- C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
[2013.05.30 23:09:54 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Kfz-Technik\Desktop\LSPFix.exe
[2013.05.28 13:35:05 | 000,377,856 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\ohtmziq9.exe
[2013.05.28 13:34:02 | 000,000,188 | ---- | M] () -- C:\Users\Kfz-Technik\defogger_reenable
[2013.05.28 13:32:36 | 000,050,477 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\Defogger.exe
[2013.05.24 11:34:53 | 000,001,501 | ---- | M] () -- C:\windows\RbSystem.ini
[2013.05.24 11:10:51 | 000,000,752 | ---- | M] () -- C:\windows\ESIDATA.ini
[2013.05.24 11:09:10 | 000,004,017 | ---- | M] () -- C:\windows\System\v9Sys_xx.vxd
[2013.05.24 10:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kfz-Technik\Desktop\OTL.exe
[2013.05.24 10:09:45 | 000,623,003 | ---- | M] (No company) -- C:\Users\Kfz-Technik\Desktop\LanmanCheck.exe
[2013.05.24 09:20:45 | 000,632,031 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\adwcleaner.exe
[2013.05.24 03:16:30 | 001,592,882 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.05.23 22:44:07 | 000,001,027 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\EasyCash&Tax.lnk
[2013.05.23 21:37:51 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013.05.23 21:37:50 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013.05.23 21:37:50 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013.05.23 21:37:49 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013.05.23 21:37:49 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013.05.23 21:37:49 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013.05.23 21:31:03 | 000,000,981 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\Fakturama.lnk
[2013.05.23 15:57:22 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.05.23 15:29:53 | 005,069,602 | R--- | M] (Swearware) -- C:\Users\Kfz-Technik\Desktop\ComboFix.exe
[2013.05.23 10:50:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.23 09:14:08 | 000,289,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.22 12:05:38 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.05.22 11:57:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.05.22 11:57:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.06.01 17:01:09 | 000,000,806 | ---- | C] () -- C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
[2013.05.28 13:35:05 | 000,377,856 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\ohtmziq9.exe
[2013.05.28 13:34:01 | 000,000,188 | ---- | C] () -- C:\Users\Kfz-Technik\defogger_reenable
[2013.05.28 13:32:34 | 000,050,477 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\Defogger.exe
[2013.05.24 09:20:44 | 000,632,031 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\adwcleaner.exe
[2013.05.23 22:44:07 | 000,001,027 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\EasyCash&Tax.lnk
[2013.05.23 21:15:14 | 000,000,981 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\Fakturama.lnk
[2013.05.23 21:15:14 | 000,000,854 | ---- | C] () -- C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fakturama.lnk
[2013.05.23 15:32:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.23 15:32:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.23 15:32:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.23 15:32:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.23 15:32:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.23 10:48:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 03:44:57 | 000,002,300 | ---- | C] () -- C:\Users\Kfz-Technik\Neuer Kontenrahmen.eux
[2012.04.07 22:42:41 | 000,001,501 | ---- | C] () -- C:\windows\RbSystem.ini
[2012.04.07 22:39:21 | 000,012,800 | ---- | C] () -- C:\windows\SysWow64\PWUtility.dll
[2012.04.07 22:39:21 | 000,007,168 | ---- | C] () -- C:\windows\SysWow64\dtctrace.dll
[2012.04.07 22:39:20 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\xcd73532.dll
[2012.04.07 22:39:10 | 000,487,424 | ---- | C] () -- C:\windows\esi_kl02.dat
[2012.04.07 22:39:01 | 000,655,360 | ---- | C] () -- C:\windows\SysWow64\dslang32.dll
[2012.04.07 22:39:01 | 000,327,680 | ---- | C] () -- C:\windows\SysWow64\ldf251.dll
[2012.04.07 22:34:19 | 000,000,752 | ---- | C] () -- C:\windows\ESIDATA.ini
[2012.02.29 22:42:47 | 000,007,607 | ---- | C] () -- C:\Users\Kfz-Technik\AppData\Local\Resmon.ResmonCfg
[2011.12.13 22:01:30 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.10.20 00:03:36 | 000,000,553 | ---- | C] () -- C:\Users\Kfz-Technik\LG_External_HDD (SPEEDPORT.IPAllLG_External_HDD) (Z) - Verknüpfung.lnk
[2011.10.17 19:17:09 | 000,241,064 | ---- | C] () -- C:\windows\hpwins28.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.28 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2013
[2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2011.04.20 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\1&1 Mail & Media GmbH
[2011.03.18 18:07:02 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\ArcSyncConfig
[2011.12.08 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Auslogics
[2013.05.12 21:14:21 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\autoaid GmbH
[2013.04.04 02:00:53 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\AVG2013
[2012.04.07 10:52:55 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\DAEMON Tools
[2012.04.07 22:24:17 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\DAEMON Tools Lite
[2011.07.18 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\EPSON
[2011.11.30 21:46:35 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Mp3tag
[2011.12.07 00:00:33 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\MPP-Engineering
[2011.04.01 23:05:04 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\OBD-DIAG
[2011.12.07 00:00:28 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Obsidium
[2011.08.01 09:36:10 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PC Suite
[2013.02.28 21:51:50 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PDF Architect
[2011.03.22 18:23:25 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PDF Software
[2011.12.11 14:14:30 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\QuickScan
[2013.05.28 23:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\SoftGrid Client
[2011.12.13 22:03:12 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Synaptics
[2011.12.07 01:04:34 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TeamViewer
[2011.03.21 00:19:44 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TP
[2013.04.04 01:44:00 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TuneUp Software
[2011.04.25 00:58:17 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\WEB.DE
 
========== Purity Check ==========
 
 

< End of report >
         

und die EXTRAS.txt:

Code:
ATTFilter
OTL Extras logfile created on: 03.06.2013 21:17:39 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kfz-Technik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 55,17% Memory free
7,21 Gb Paging File | 5,31 Gb Available in Paging File | 73,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 177,60 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,96 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
Drive Y: | 580,74 Gb Total Space | 392,96 Gb Free Space | 67,67% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO | User Name: Kfz-Technik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6B808-6FA5-4669-8F32-16AF93C8ECBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{07CA57A9-8197-4FCE-95CB-A19DC73AD577}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{172418C1-B6EA-4947-8837-59B05AB1EFDB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1D66CAF8-1C82-4257-AD32-51BC303023C5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1E209C1F-29D6-45BE-BDC0-CE22C6AE0FDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E98EEFD-86EB-47C3-B258-BDCFB4F57292}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36E862DF-5406-4666-8C21-E636A5B2493B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{436DC802-FFA6-4B48-98C7-A727D1C794C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43A9D5C6-F585-432B-9536-B328FBBD55A4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4F8BAA63-0634-4E64-A247-2EC6F89942CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5F8F85A0-44E1-49A8-8525-30890EB23D4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{711DC43A-C1F3-421A-8840-DFDAD183B295}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C68D105-5673-4141-B541-A6A70FF139CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C95BCC0-8891-4D46-BE8B-3E0D1EE2C4D9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7D6FA3DB-C4A2-4518-8E33-68005EBA034A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8088677F-08A0-45A8-9820-FF6E438EB39C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{81C625CF-3A77-4196-9889-15B35A96BE13}" = rport=139 | protocol=6 | dir=out | app=system | 
"{891DB712-8AD2-4C2D-90F5-8DB4CFE27EC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8D11B2BD-399C-4106-963B-100C3A47640E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9FA9A3E7-B34C-46D7-8967-CD7ACB586344}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7F450E0-1043-41DA-9305-F1E484FB70FD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A9E82F06-D3CA-4594-B3B7-1F524F2B4BD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACF26393-AF82-4813-A128-85815A3FC16D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BFF144EF-5F22-4575-865E-40AD6681C2F4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C2E56CCC-BB88-4CFB-B52C-24352AFCEF23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C9254BEF-F735-4110-8AD3-754C866FFD93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD2DEC5D-E6AC-4717-B673-E318CBD95AFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D3E5A8EE-DA4E-4D07-82A6-6C321834D043}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D87379A9-D0C7-4C5B-83DA-B3E8C7A7F063}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DBBC72FC-03D0-4810-AC22-CC3062E68420}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EA8F3504-3B7D-4713-92F9-161F3119BA4E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EDBD1EE1-AA78-4389-906F-38CF780E3765}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{EDCAEE87-018C-43B3-BB08-F048FBE8C5CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F106C9E2-F974-460A-ADD0-735B73B15F90}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038545DF-D789-49A8-B871-F2688AC6F09A}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{0394FA4C-E213-4751-86E2-07C76096FBE0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{05B8476E-1412-4282-B299-1B5EA5DF204D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{06942360-B6E4-4041-A4D0-AB19460860B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{0EED0E2F-29F6-4DAB-A3C4-2B5A079AE203}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{10DEB323-7D9C-4F29-98F5-7896346CF915}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{121B0BE2-85B7-4D2B-8A77-F23EB58DAF65}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{14B6A787-2D67-4071-8A22-FC011E73F1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{197B5CF4-4B29-41C9-B1DC-E6B5BCEAF366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23DFE3D7-AE55-4AAC-BE33-C65A784D3D45}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{243CB316-0DFE-4DF9-94EF-A2807FD8539D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{28DE21F3-FCC6-4BC4-8CCA-8FBAE68D4A44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3EEB99DA-E453-43DC-B51E-3A365F5C1A82}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{454EC166-5244-45E2-97FD-9AC85E1FEE99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{506B1212-546A-4FF2-A0F2-0A7F9F68F7DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{53AB2680-4281-46C7-8FCD-5C5FBFDBFAB4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5431324A-6C2E-4B20-9A31-79772BB8B3AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{55F88BDA-9372-4A9C-A0C5-A096370B9240}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{5A1729A1-BE2C-4437-A67B-722DA3DB386D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{67480903-7BE0-4117-9F7F-9E6766B35452}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{67528681-2E98-4DFF-9DDA-B1DAE5F5F5B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68E3AC91-8746-489C-A409-F384FCFEEBA8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{703B5459-74A5-4F08-808F-53930ADC3EBA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{778C1E19-9295-46C3-A2EA-3FC0634C6809}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{7E1A1CD3-A01B-4191-8E74-D73FB1A1961F}" = protocol=6 | dir=out | app=system | 
"{8B19E1B0-14C1-46A0-BBC8-4F0706F62387}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8DA67C21-8E4E-4FF6-A797-85BE65A4AC1E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{934CD5F9-39DC-4883-B9F8-2DA54B34C69B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97C8CDFF-B300-4DF1-A267-1B58E7B32F28}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{99C423E8-86B3-4352-9CC9-A77742E0549D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7C7D1B8-4FE0-4DB4-A41D-8E89CDAAB06F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B02C276D-5BB6-40CA-B8F0-8FD928E75845}" = dir=in | app=f:\setup\hpznui40.exe | 
"{C48D3DE6-CE25-496B-B6D4-A5BCD11385D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB212179-9705-489B-BA13-5234898721DD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CC526911-9424-4362-A865-4E5292B934D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{CD890F0E-5BA6-40E9-B868-DE1EDD3F6F75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D42FFF94-66B2-42C0-9BAF-1D6C8FF4102B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{E4375C3E-D25E-4FE0-9084-1BEBCD7E5C21}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E49EA176-9EE5-4A92-93DC-A8C5450132F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{E8219B50-697B-4506-B6BE-9342C4BA7A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{F5C89E5A-1C26-4783-92AB-98FEB5E55A05}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{F695AAD7-D5D1-4E72-9DA1-DDB78E76ECEA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F8A03769-7933-4EEB-A796-FD1E2EBFA7CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FAC95CE0-C040-4C00-9D0E-7A8718E03134}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14FCF290-82AB-421A-9034-636EF90EB9E5}" = AVG 2013
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C897CB6-9393-C1DF-089D-7BB33C344362}" = AMD Fuel
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50F24798-E870-CEE2-64CA-56DD81A27BAC}" = ATI Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B31B6C8-383F-2362-5EB4-D950F666D8FD}" = ccc-utility64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{909EDD8B-F26D-7051-C761-3386A1AFE052}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2A4EF15-22EE-B863-717D-4237AA3C1536}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"42B17F23052FF114E91E57E2287CCEEDF216888D" = Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02)
"5EFB68C2F0CD0DB3442B0733C6FAB545A71A88FF" = Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02)
"6D3D1B84986E536339ED6F2B2A381D13597CD69C" = Windows-Treiberpaket - MPP USB CDC Virtual COM Port (09/16/2011 1.5.0)
"9FCA89337DAC5D4196D98BF2F17E831E1EE83336" = Windows-Treiberpaket - FTDI FTDI VCP (03/20/2011 2.08.14)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"AVG" = AVG 2013
"CNXT_AUDIO_HDA" = Conexant HD Audio
"D6BC3CBE8968CB6351105F9D2EEC52CE24F2C99D" = Windows-Treiberpaket - FTDI FTDI D2XX (03/21/2011 2.08.14)
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{070667D2-A6DC-C36C-10D0-4D25F0054B78}" = CCC Help Chinese Standard
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{09CB25FF-E950-0699-DA4D-5BDCD5A653EA}" = CCC Help Finnish
"{0ABC3BCC-4B49-11E1-84DC-8BB34724019B}" = autoaid VCI USB Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C374EBE-A045-4531-8F58-F240E078E0BE}" = VAG-COM 504 Deutsch
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{194E63E4-4AA0-F201-3C96-7EFEA0AEFE91}" = CCC Help French
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F3C1281-F291-573B-3913-774993D6F2C6}" = CCC Help Korean
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D2E2AD9-2DD9-FC5E-32A7-2961E5800C58}" = CCC Help English
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F22702F-A236-4B6A-41BD-420700522583}_is1" = Was macht mein PC 1.xx
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C60AC6-FA09-4AE1-BD42-E5ED51A4BB19}" = MonoScan
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45D8D16D-13AC-826F-7494-166EB0CC021F}" = Catalyst Control Center Graphics Previews Common
"{47B5B5D0-2D0D-887B-E3A3-29744258A2F2}" = CCC Help Portuguese
"{47FAF76A-B225-FA71-F0AA-9ACD71A1A6EB}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C0636E0-C17F-FEE2-0704-944EC0315996}" = CCC Help Japanese
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{54DA5204-5F2B-BB6B-3A29-93DB85E71F02}" = CCC Help Czech
"{55CCAFAB-5213-49EB-A1B5-937E5F3F811B}" = Vehicle Explorer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5B64310E-6C76-10FB-EF2D-D63D7901FE27}" = CCC Help Spanish
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6429EC24-5976-8B97-0C73-C7C6EEE717BE}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AA63B49-FF6B-D9EC-F578-36AAD863791F}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{82C9D4E8-A57A-95C2-8503-2021E9678096}" = CCC Help Thai
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86394597-E2A6-B8EE-9E01-5FF6FD919BFB}" = ccc-core-static
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9520BD31-226A-4D5D-B900-6C0CDBA75BF0}_is1" = Onlinesupport 5.0.8232 QS
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F705A4D-B625-1E7E-BD3B-5DB253F4A3AE}" = Catalyst Control Center Profiles Mobile
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AE557889-A5F1-212B-BC66-2A67D5FB84D7}" = Catalyst Control Center Localization All
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF311022-8A9B-41F5-BE54-E361DF2C8AA6}" = Catalyst Control Center - Branding
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{BA75BE51-5E2E-4FA4-923C-63ACEAD63FB9}" = VAG-COM 311 Deutsch
"{BD36D776-83FB-454D-982A-BE248F6D668D}" = WEB.DE Toolbar MSVC90 CRT x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version 24.0.1350.0
"{C601C102-3CF4-B39C-4479-D03BDA605CDB}" = CCC Help Swedish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6CABAAA-41C5-40F1-3DCC-A15E2DB8600E}" = CCC Help Dutch
"{C8670645-69C0-A438-CDD7-821A54D6C7B0}" = CCC Help Danish
"{CD5CDBC3-D83E-38BF-297B-CF3B54160C6E}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEADD21D-50DC-49F4-9566-8BF47A102CF7}" = autoaid Internet Diagnose+
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6AA424E-0598-45D7-0D92-113ACC44EC50}" = CCC Help Chinese Traditional
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEE4D866-5145-4AF9-B38A-A25AD3F69FFD}" = ScanTool
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35E2F85-3E06-ADAD-7774-663DFD300D44}" = Catalyst Control Center InstallProxy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9F03F14-2EF3-7E0C-095F-A2056D748271}" = CCC Help Russian
"{EAE6BF35-84C4-F159-268E-9B63BDCDF545}" = CCC Help German
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F9502EF3-3D89-7CDC-1BB8-9AC33789BCA5}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Car Diagnostic Center 2009 Free Edition_is1" = Car Diagnostic Center 2009 Free Edition
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"EasyCash&Tax_is1" = EasyCash&Tax 1.59
"Fakturama" = Fakturama
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"moDiag_is1" = moDiag 2.8.515
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Nokia Ovi Suite" = Nokia Ovi Suite
"OBD3 Tool Home_is1" = OBD3 Tool Home 4.2
"OBD3 Tool SemiPro_is1" = OBD3 Tool SemiPro 4.2
"OBD-DIAG_is1" = OBD-DIAG V1.01.02
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ST6UNST #1" = OBD Scan Tech OBD II Enhance - Version 1.35
"ST6UNST #2" = OBD Scan Tech OBD II Generic FULL Version 1.17
"ST6UNST #3" = Vol-FCR FTDI USB Demo Version 1.7.3
"ST6UNST #4" = Vol-FCR FTDI USB Demo Version 1.7.3 (C:\Program Files (x86)\Vol-FCR\)
"TachoPro BMW ®©_is1" = TachoPro BMW ®© DS2 1.6 SemiPro
"Uninstall_is1" = Uninstall 1.0.0.1
"VAG-Check" = VAG-Check (remove only)
"VCDS AIB" = VCDS AIB 11.11
"VCDS DRV" = VCDS DRV 11.11
"VCDS-Lite  1.1" = VCDS-Lite 1.1
"VeriFace" = VeriFace
"WABCO_EBS_402_is1" = Wabco EBS Präsentation 4.02
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WEB.DE SmartDrive Sync" = WEB.DE SmartDrive Sync
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.04.2013 10:45:37 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Die Aktion kann nicht abgeschlossen werden. Versuchen
 Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
 
Error - 11.05.2013 12:52:47 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 12.05.2013 14:45:15 | Computer Name = lenovo | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 12.05.2013 14:45:22 | Computer Name = lenovo | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 12.05.2013 14:45:25 | Computer Name = lenovo | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 12.05.2013 15:14:04 | Computer Name = lenovo | Source = VSS | ID = 12305
Description = 
 
Error - 13.05.2013 04:49:14 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 13.05.2013 04:57:41 | Computer Name = lenovo | Source = .NET Runtime | ID = 1023
Description = 
 
Error - 13.05.2013 04:57:41 | Computer Name = lenovo | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: diagnosis.exe, Version: 1.13.13.16605,
 Zeitstempel: 0x51549e19  Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.296,
 Zeitstempel: 0x50483916  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000198cd8
ID
 des fehlerhaften Prozesses: 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01ce4fb7d830f17a
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\autoaid GmbH\autoaid Internet
 Diagnose+\diagnosis.exe  Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Berichtskennung:
 2afd1d01-bbab-11e2-b5d2-1c75086a4526
 
Error - 23.05.2013 04:51:21 | Computer Name = lenovo | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1060    Startzeit:
 01ce57928ed0a18d    Endzeit: 25    Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
 Anti-Malware\mbam.exe    Berichts-ID: ed278789-c385-11e2-92f2-1c75086a4526  
 
[ Media Center Events ]
Error - 19.08.2011 06:31:44 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:31:44 - Fehler beim Herstellen der Internetverbindung.  12:31:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.08.2011 06:32:00 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:31:50 - Fehler beim Herstellen der Internetverbindung.  12:31:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 03:42:11 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 09:42:11 - Fehler beim Herstellen der Internetverbindung.  09:42:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 03:42:28 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 09:42:17 - Fehler beim Herstellen der Internetverbindung.  09:42:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 04:42:58 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 10:42:58 - Fehler beim Herstellen der Internetverbindung.  10:42:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 04:43:27 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 10:43:03 - Fehler beim Herstellen der Internetverbindung.  10:43:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 06:52:54 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:52:54 - Fehler beim Herstellen der Internetverbindung.  12:52:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 06:53:13 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:53:00 - Fehler beim Herstellen der Internetverbindung.  12:53:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.10.2012 16:40:58 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 22:40:58 - Fehler beim Herstellen der Internetverbindung.  22:40:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.10.2012 16:41:07 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 22:41:03 - Fehler beim Herstellen der Internetverbindung.  22:41:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 03.06.2013 15:32:42 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:32:54 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:33:38 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:33:58 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:35:39 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:36:05 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:36:47 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:36:59 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:38:47 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
Error - 03.06.2013 15:38:59 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%127
 
 
< End of report >
         
Der Mist muss ja so oder so runter, aber glaubst du, dass diese Überreste dafür verantwortlich sein können, dass das System so laaangsaaam geworden ist?
Ein Bekannter sagte mir, dass man gelegentlich mal die temporären Windows-Dateien manuell löschen sollte. Über die Windows-eigene Bereinigung würde das nicht so recht funktionieren. Aber wo ich den Ordner finden könnte, wusste er bei Win 7 auch nicht...


Liebe Grüße und einen schönen Abend / Tag )

Markus

Alt 04.06.2013, 08:30   #10
Psychotic
/// Malwareteam
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Dein Bekannter ist ein schlauer Mann - das haben wir bereits erledigt:

Zitat:
Windows Temp folder emptied: 355980 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 4646382311 bytes

Total Files Cleaned = 4.440,00 mb

Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke .
  • Klicke und speichere das Logfile als ESET.txt auf dem Desktop.
  • Klicke Back und Finish
Bitte poste die Logfile hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 05.06.2013, 21:17   #11
Haegar-d.s
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Hallo Marius.
Er ist aber nicht so schlau wie ihr, deshalb wende ich mich ja an euch. Falls ich dir zu Nahe getreten sein sollte, entschuldige bitte, aber man unterhält sich ja... ;-)

Hier ist das logfile von mbam:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Kfz-Technik :: LENOVO [Administrator]

Schutz: Aktiviert

04.06.2013 12:52:26
mbam-log-2013-06-04 (12-52-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 414042
Laufzeit: 1 Stunde(n), 24 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Sieht gut aus, denke ich.

Mit dem ESET hatte ich aber Probleme im 1. Versuch: Der scan lief, soweit ich das gesehen habe, problemlos durch, aber die gewünschten Button und somit das File bekomme ich nicht angezeigt. Ich habe jetzt lediglich die Auswahl, das Programm zu kaufen oder eine 30-Tage Trail diverser ESET-progs zu testen, sonst sind keine weiteren Button zu sehen...


Habe ihn gerade noch einmal laufen lassen, da ich nicht ausschließen will, dass mein neugieriger Zwerg seine Finger im Spiel hatte. Jetzt bestätigt ESET mir am Ende
"no threats found",
aber einen Report bekomme ich trotzdem (oder genau deswegen?) nicht.

Schönen Tag

Markus

Alt 06.06.2013, 09:02   #12
Psychotic
/// Malwareteam
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Zitat:
Falls ich dir zu Nahe getreten sein sollte, entschuldige bitte, aber man unterhält sich ja... ;-)
Neenee, war ernst gemeint - gute Idee!



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 07.06.2013, 07:39   #13
Haegar-d.s
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Guten Morgen Marius,

bei mir öffnet sich gelegentlich ein leeres Fenster mit Namen "frmMain" . Gehört das zu einem Antimalware-Programm?

Hier ist das Adw.Cleaner.log:

Code:
ATTFilter
# AdwCleaner v2.302 - Datei am 07/06/2013 um 07:18:33 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Kfz-Technik - LENOVO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kfz-Technik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Kfz-Technik\AppData\Roaming\Mozilla\Firefox\Profiles\461pnpnx.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Chromium v24.0.1350.0

Datei : C:\Users\Kfz-Technik\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1940 octets] - [24/05/2013 09:21:28]
AdwCleaner[S2].txt - [1669 octets] - [07/06/2013 07:18:33]

########## EOF - C:\AdwCleaner[S2].txt - [1729 octets] ##########
         
Recher hatte 1 Neustart.


... und das Security Checkup:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 27  
 Java version out of Date! 
 Adobe Flash Player 9 Flash Player out of Date! 
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (21.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Einen sonnigen Tag...

Markus

P.S. Kannst du mir sagen, was mit den "Unterstützungsspenden" passiert, bzw. wofür sie eingesetzt werden? Wenn ich euch was Spende, möchte ich gern wissen, wo das Geld hingeht...

Alt 07.06.2013, 10:15   #14
Psychotic
/// Malwareteam
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Zitat:
bei mir öffnet sich gelegentlich ein leeres Fenster mit Namen "frmMain"
Nein, tut es nicht. Wieso erfahre ich das erst jetzt?


Schritt 1: Java update


Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme, speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version herunterladen.
  • Wenn die Installation beendet wurde, gehe zu Start --> Systemsteuerung --> Programme und Funktionen (bzw. Software unter Windows XP) und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu, sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart:
  • Öffne die Systemsteuerung und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen ....
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.




Schritt 2: Adobe Flash Player update


Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden.
Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:
  • Lade dir den aktuellen Adobe Flash Player von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
  • Starte das Setup und folge den Anweisungen auf dem Bildschirm.
  • Melde dich umgehend, falls Schwierigkeiten auftreten.




Schritt 3: Adobe Reader update


Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.

  • Lade dir den aktuellen Adobe Reader von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
  • Starte die Installation und folge den Anweisungen auf dem Bildschirm.
  • Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
  • Suche und entferne alle älteren Reader-Versionen.



Schritt 4: Neues OTL-Log
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 10.06.2013, 12:49   #15
Psychotic
/// Malwareteam
 
Rechner startet und läuft immer langsamer, Verdacht auf Malware - Standard

Rechner startet und läuft immer langsamer, Verdacht auf Malware



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Rechner startet und läuft immer langsamer, Verdacht auf Malware
500gb, administrator, amd, anti-malware, autostart, check, code, dateien, dll, explorer, formatierung, hintergrund, infektion, logfiles, malware, malwarebytes, microsoft, problem, rechner, scan, speicher, startet, system32, trojaner, verdacht



Ähnliche Themen: Rechner startet und läuft immer langsamer, Verdacht auf Malware


  1. Win 7 läuft bei Shockwave immer langsamer und hängt sich auf
    Log-Analyse und Auswertung - 12.07.2015 (3)
  2. Windows 7: Rechner läuft etwas langsamer
    Log-Analyse und Auswertung - 03.06.2015 (7)
  3. Windows 7 Rechner wird immer langsamer Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.10.2014 (12)
  4. Netbook wird immer langsamer. Gmer läuft nicht.
    Plagegeister aller Art und deren Bekämpfung - 18.04.2014 (20)
  5. Asprire-Notebook wurde mit der Zeit immer langsamer - Verdacht auf Schadsoftware
    Plagegeister aller Art und deren Bekämpfung - 25.03.2014 (13)
  6. Win7 mit Malware verseucht, läuft langsamer als üblich
    Plagegeister aller Art und deren Bekämpfung - 07.03.2014 (13)
  7. Rechner läuft immer langsamer nach unbeabsichtigten Download
    Log-Analyse und Auswertung - 04.03.2014 (20)
  8. Rechner langsamer, insb. Firefox startet langsam
    Log-Analyse und Auswertung - 06.10.2013 (9)
  9. Rechner wird immer langsamer
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (7)
  10. Windows Vista, PC wird immer langsamer, CPU immer hoch, Malwarebytes Anti-Malware Funde
    Log-Analyse und Auswertung - 15.08.2013 (13)
  11. Verdacht auf Virenbefall - Rechner ist langsamer geworden
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (6)
  12. Rechner wird immer langsamer
    Log-Analyse und Auswertung - 14.02.2010 (10)
  13. Rechner immer langsamer
    Log-Analyse und Auswertung - 03.06.2009 (20)
  14. rechner wird immer langsamer
    Alles rund um Windows - 03.03.2009 (2)
  15. Langsamer Pc verdacht auf malware oder spyware
    Mülltonne - 24.11.2008 (0)
  16. Rechner läuft nach Trojanerbefall langsamer
    Mülltonne - 25.08.2008 (0)
  17. Pc läuft immer langsamer...
    Log-Analyse und Auswertung - 17.12.2005 (1)

Zum Thema Rechner startet und läuft immer langsamer, Verdacht auf Malware - Hallo zusammen. Nachdem wir meinen Hauptrechner erfolgreich sauber bekommen hatten, habe ich noch ein 2. Problem: Mein 2.-Rechner läuft und reagiert im laufe der Zeit immer langsamer. Startzeit war Anfangs - Rechner startet und läuft immer langsamer, Verdacht auf Malware...
Archiv
Du betrachtest: Rechner startet und läuft immer langsamer, Verdacht auf Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.