| |
| |||||||
Log-Analyse und Auswertung: e.ligatus.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.04.2013, 10:52
| #1 |
| |  e.ligatus.com Hi, ich habe ein Problem, und zwar öffnete sich vorgestern Abend ständig in meinem Mozilla Firefox ein neuer Tab mit der Adresse: e. ligatus. com/LigatusFallback.gif?ids=34088. Da die Seite immer und immer wieder aufging, benutzte ich Google und sah, dass vor ca. 2 Wochen jemand das gleiche Problem auf eurem Board (http://www.trojaner-board.de/132879-...com-virus.html) postete und es sich wohl um einen Virus handelt. Also habe ich heute Morgen die http://www.trojaner-board.de/51187-a...i-malware.html durchgearbeitet und die logfiles erstellt. OTL.txt: Code:
ATTFilter OTL logfile created on: 12.04.2013 09:41:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 61,96% Memory free 7,35 Gb Paging File | 5,48 Gb Available in Paging File | 74,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 685,54 Gb Total Space | 130,49 Gb Free Space | 19,04% Space Free | Partition Type: NTFS Computer Name: DUESE | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.11 12:08:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2013.03.27 23:53:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.27 23:53:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.27 23:53:17 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.01.07 12:03:32 | 000,446,648 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.12.27 18:58:42 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.09 11:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe PRC - [2012.04.30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe PRC - [2011.08.03 16:07:47 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.03.24 00:35:05 | 000,519,632 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.05.25 02:21:56 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe ========== Modules (No Company Name) ========== MOD - [2013.03.22 21:17:44 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll MOD - [2013.03.22 21:17:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.02.01 12:50:02 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll MOD - [2013.02.01 12:47:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013.02.01 12:47:13 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.02.01 12:47:02 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.02.01 12:46:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\816e1f3b6d8812d4ae88c13e12192412\System.Xml.ni.dll MOD - [2013.02.01 12:46:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.02.01 12:46:54 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.02.01 12:46:50 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2013.01.08 17:03:34 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll MOD - [2013.01.08 17:02:52 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.09.24 17:44:26 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PbkVista.dll MOD - [2012.09.03 23:18:42 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll MOD - [2012.07.26 11:51:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll MOD - [2012.04.30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2012.04.04 14:33:24 | 000,139,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2010.09.19 01:32:18 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.25 02:16:18 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.01.11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.11 13:24:30 | 000,126,520 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.06 09:38:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.27 23:53:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.27 23:53:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.15 00:08:30 | 001,871,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV - [2013.03.09 08:57:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.21 22:50:16 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.30 01:57:05 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.08.03 16:07:47 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.06.11 14:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.07 23:16:09 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2013.03.27 23:53:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.27 23:53:28 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.27 23:53:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.24 00:25:38 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.03.24 00:25:14 | 000,094,864 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.03.05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.02.14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2007.08.29 16:56:50 | 000,139,264 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2) DRV:64bit: - [2007.08.22 16:26:32 | 000,021,648 | ---- | M] (SRS Labs, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64) DRV:64bit: - [2007.07.13 12:45:24 | 000,172,928 | ---- | M] (OmniVision Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov530vx.sys -- (OM0530) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k916l0403z105t7771j59r IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.vka.rwth-aachen.de/index.php?id=66" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.668.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.22 16:50:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.668.0\firefox\extensions [2011.04.25 23:09:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.20 17:45:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 08:57:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 08:24:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird2\components [2013.04.03 16:26:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird2\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.22 16:50:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 08:57:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 08:24:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird2\components [2013.04.03 16:26:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird2\plugins [2010.10.14 22:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2013.02.14 14:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\pwfxskt4.default\extensions [2012.02.08 21:15:30 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\pwfxskt4.default\extensions\DivXWebPlayer@divx.com.xpi [2012.12.15 18:12:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\pwfxskt4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 14:30:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\pwfxskt4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.09 08:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 08:57:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.21 11:03:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 20:14:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.21 11:03:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 11:03:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 11:03:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 11:03:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: Domain = kawo1.rwth-aachen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A038630B-1ECF-4A60-B5F9-755AF369B7EC}: DhcpNameServer = 134.130.4.1 134.130.5.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0cf3ac62-ea33-11e1-91b6-60eb69562ce7}\Shell - "" = AutoRun O33 - MountPoints2\{0cf3ac62-ea33-11e1-91b6-60eb69562ce7}\Shell\AutoRun\command - "" = D:\SISetup.exe O33 - MountPoints2\{0d3c2c3c-a1e8-11e2-b04c-4c0f6e75664a}\Shell - "" = AutoRun O33 - MountPoints2\{0d3c2c3c-a1e8-11e2-b04c-4c0f6e75664a}\Shell\AutoRun\command - "" = D:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.11 12:08:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2013.04.10 17:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2013.04.10 17:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2013.04.10 17:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2013.04.07 23:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2013.04.07 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.03 16:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird2 [2013.04.01 09:50:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\TU Ilmenau [2013.04.01 09:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.31 11:17:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Finanzen [2013.03.27 23:53:34 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.27 23:53:34 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.27 23:53:34 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.27 22:23:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Office Installation [2013.03.27 18:21:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Benutzerdefinierte Office-Vorlagen [2013.03.26 21:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013.03.26 21:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.03.26 21:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.03.23 00:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.23 00:07:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Hochschulsport - Anmeldebestätigung-Dateien [2013.03.22 12:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.22 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.22 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.22 12:05:49 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira [2013.03.22 12:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.22 11:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.22 11:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.03.16 22:37:44 | 000,000,000 | ---D | C] -- C:\SWSetup [2011.11.25 02:37:20 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Christian\AppData\Roaming\SetupGFD.exe [2011.11.25 02:37:01 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Christian\AppData\Roaming\Imgburn.exe [2011.11.25 02:36:54 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Christian\AppData\Roaming\Avisynth.exe [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.12 09:34:30 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.12 09:34:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.12 09:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.11 23:46:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.11 12:21:00 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2013.04.11 12:08:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2013.04.11 12:07:54 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe [2013.04.11 01:38:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 01:38:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 01:31:07 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.11 01:31:07 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.11 01:31:07 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.11 01:31:07 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.11 01:31:07 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.10 17:07:43 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.04.10 16:08:47 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.04.10 16:08:15 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 16:08:13 | 219,315,131 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.07 23:16:29 | 000,707,378 | ---- | M] () -- C:\Windows\SysNative\oem40.inf [2013.04.07 23:16:09 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll [2013.04.03 21:53:39 | 000,503,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.27 23:53:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.27 23:53:28 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.27 23:53:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.26 21:55:39 | 001,804,512 | ---- | M] () -- C:\Windows\GABRIOLA.tt2 [2013.03.23 00:07:17 | 000,005,307 | ---- | M] () -- C:\Users\Christian\Documents\Hochschulsport - Anmeldebestätigung.htm [2013.03.22 12:00:26 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.21 01:18:21 | 000,015,742 | ---- | M] () -- C:\Users\Christian\Documents\Stundenerfassung.ods [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.11 12:21:00 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2013.04.11 12:17:57 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe [2013.04.10 17:07:43 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.04.07 23:16:35 | 000,707,378 | ---- | C] () -- C:\Windows\SysNative\oem40.inf [2013.04.07 23:16:15 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll [2013.04.06 09:38:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.26 21:56:49 | 001,804,512 | ---- | C] () -- C:\Windows\GABRIOLA.tt2 [2013.03.23 00:07:16 | 000,005,307 | ---- | C] () -- C:\Users\Christian\Documents\Hochschulsport - Anmeldebestätigung.htm [2013.03.22 12:00:26 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.21 00:17:02 | 000,015,742 | ---- | C] () -- C:\Users\Christian\Documents\Stundenerfassung.ods [2013.03.16 22:42:42 | 000,696,680 | ---- | C] () -- C:\Windows\SysNative\oem7.inf [2013.03.10 22:05:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.01 14:36:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.02.20 16:57:54 | 000,008,192 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.04 16:43:11 | 000,000,173 | ---- | C] () -- C:\Users\Christian\AppData\Local\msmathematics.qat.Christian [2012.09.05 19:29:07 | 000,017,408 | ---- | C] () -- C:\Users\Christian\AppData\Local\WebpageIcons.db [2011.11.25 02:37:13 | 005,243,208 | ---- | C] ( ) -- C:\Users\Christian\AppData\Roaming\AvsP.exe [2011.11.25 02:37:10 | 001,357,348 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\MatroskaSplitter.exe [2011.11.25 02:37:08 | 000,117,723 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\yuvcodecs-1.3.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.08.03 16:07:51 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.03 16:07:47 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.08.03 16:07:47 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.11.15 15:54:50 | 000,000,218 | ---- | C] () -- C:\Users\Christian\.recently-used.xbel [2010.10.20 20:27:50 | 000,007,602 | ---- | C] () -- C:\Users\Christian\AppData\Local\Resmon.ResmonCfg [2010.07.02 13:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.20 15:32:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AnvSoft [2011.11.15 00:06:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Auslogics [2012.08.19 22:39:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Autodesk [2013.03.12 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVM [2011.11.14 23:46:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe Limited [2011.04.25 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ClickPotatoLite [2012.08.03 00:56:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Dropbox [2013.02.20 17:48:26 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft [2013.02.20 17:45:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.15 00:42:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GlarySoft [2013.04.11 23:59:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2010.10.21 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ImgBurn [2010.11.10 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\inkscape [2012.03.01 15:29:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech [2011.11.24 14:49:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LibreOffice [2013.03.04 20:44:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Liteon [2010.10.24 13:45:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org [2010.11.18 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PASCO [2012.02.29 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PowerCinema [2011.09.18 23:53:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy [2013.04.07 23:16:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client [2013.04.10 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2011.09.09 11:25:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird [2010.11.10 17:28:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP [2013.02.05 08:29:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Xerox ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 09:41:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 61,96% Memory free
7,35 Gb Paging File | 5,48 Gb Available in Paging File | 74,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,54 Gb Total Space | 130,49 Gb Free Space | 19,04% Space Free | Partition Type: NTFS
Computer Name: DUESE | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B21E7E-4922-4D93-A4FB-C119CFF54C61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0590CBA2-AE1B-4080-A421-EB5349CFAF79}" = lport=445 | protocol=6 | dir=in | app=system |
"{0E30C3B1-4A22-43CD-B93D-D193838C4FFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E51B959-DF98-48C5-9F36-1F5B60F5132F}" = lport=137 | protocol=17 | dir=in | app=system |
"{1476037C-6D3D-4CBA-A31A-F60FFDF995B4}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{2046820B-7237-4B13-805A-A7593D01C56B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20BF8B0B-1D9B-4BD5-9A99-4823DE7B7A28}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C58CF3C-39E3-435F-8CD5-E3D5D972F7B3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C1F34D9-8BCE-495F-9446-B1FE720B179E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D1404F0-5EE9-4299-8ECF-DBAD327B1F95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45FCD671-21A8-4723-B1E5-E8C6C15E186C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{73A472CA-3D72-4944-8299-10C4568D2611}" = rport=139 | protocol=6 | dir=out | app=system |
"{772258E3-4A29-4677-9357-0DC9FD8E642D}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{81E7EF9C-D88C-4E70-B6BE-DA4F3F377E24}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{86A17A5E-A3E7-4BB7-B26B-19750E0D3198}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A4D2944-9DDB-4A19-BAC7-8D98B77BBFA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E38EC48-9CC7-471A-A1BC-79D173A1386D}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FA847C9-9002-4B3A-8E8B-8E59A24EC774}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A2348B8A-94CC-4944-88B4-B7EBADC7B981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4683FAF-E079-44BC-9E96-0B83258BE00E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6FC6230-0B3A-407D-B6C1-B75F44A5B90A}" = rport=137 | protocol=17 | dir=out | app=system |
"{A9D51A70-E196-48AC-8805-D9B4588676E6}" = lport=54594 | protocol=6 | dir=in | name=akamai netsession interface |
"{AE9ACDC6-3D5F-4828-9A81-B81155BFF80F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF596069-1DD7-4689-B2BC-B97EFB00F086}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{C2EE0042-9120-4E63-831A-61C656CEAA8F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{CBABC41A-4C43-4AE1-8DB1-C08FD247C77C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CDEABB76-7BC8-45CD-82CC-07866B72BBA4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D25DD16D-5117-4301-B6BE-1554924E9C76}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D79A6FF0-1004-45BB-9450-A51A22116638}" = rport=138 | protocol=17 | dir=out | app=system |
"{DF4E4CC8-DF70-4531-9374-A384C8FF3856}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F38D3AEB-0BCA-4CD1-8595-FB6B04CF56B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F962A63E-5ACA-4875-A57E-79606E8318B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0143E9F6-0271-4138-89F6-F3C24F806AA9}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{0378D8AE-285E-4E0C-873B-EBAB577806EE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{0880F774-EF16-4CB5-A803-345D10F1E1FB}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |
"{15E643AB-9FFB-42C9-90CC-C5FBF4E9CF70}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{1AED2ECE-4E3D-4511-9294-0C5F8F152A0E}" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe |
"{1C0E61A2-1BF6-4B69-865F-B8FF8D76AD5A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{1CE608C2-B1C3-4F23-A5E0-823D890CAA08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{1D87B760-F879-43FA-96B7-66CCC914CF11}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{1E973475-5CF7-41D2-B845-A23A7ECC0071}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{1F065372-6902-4409-9A6B-54A434812E02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{1F264316-378C-4E12-9EE1-3181F1CA1638}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2B788F59-7C1E-4160-99DD-6B8225366F28}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2C4261C5-7261-4341-977E-BA3207C3F96C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{2CA550AE-9B92-4C35-82B8-5D96914721A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2ECEEB30-05D2-4CB9-BC8B-F0C5B3126FC4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{35E9D0F6-44A0-49E6-AA73-699891ABCFB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{39E18D43-EB44-41D0-8BA4-C8B379B348C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3C941A51-57DE-4D19-8500-EE6DEDF8413D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A5FDB3F-74E2-45EC-A64F-4326606999ED}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"{4D9318AE-AFEC-4391-8FCB-FD7ADB633D64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53DC6F04-6BE3-4F78-94BA-1ED36B5A1D16}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\cf_downloader.exe |
"{54B504F8-6D78-4433-BC13-926B46EF7F64}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{56456AB5-1413-4B7C-97CE-C51829011A19}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{58BB93C8-713E-47DC-A3CA-0502F3DA90AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{59D9FF9A-674D-4C01-B660-2B4AC35C5D1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5BDBAA29-E46C-4744-9DEE-1CF5BF745A53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{5CF483E3-EF12-44F9-B86B-A768E5737A05}" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe |
"{5CF85BDB-B2C7-40F2-96BD-9FAB3912D530}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{601A6E61-D617-411E-A9AC-CDF9471E436F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6381C635-E344-4A36-90EB-3DE36223A13B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{64F3F431-2F4E-4C54-B3A1-024D363434B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{68361DDB-23B7-44F5-B04F-6EE6C76925E5}" = dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{68B0B8B6-278C-4B4E-B964-1BBB0535A0E4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{6DBF370F-31FE-4711-AE64-B1BAF4F1474B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{70197BB6-6291-4E57-9792-F9D8711EE2ED}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |
"{716DDE0A-63AF-4E4E-805A-D27D2A991EE3}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |
"{717732BE-841E-407D-BC5E-47424B86952E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72EBF6EF-7799-4C52-ADC2-26C3F15E0039}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{7701C7BC-5638-454E-9837-00EBA7BA6234}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F6A2B7C-2A8B-4C57-83C4-D8FF9DD21808}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{85ACD477-AE0D-4033-9795-D914646B3A5A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{87ECE0BB-B47D-4F89-B70A-C0013AE96DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{883E400D-5A15-423D-B442-06D98D9EAA82}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |
"{889A4A91-253A-414E-9B5F-5AC3BF538F93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A507BCA-1E13-429B-8B70-608F680B05DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90EC54A8-0216-47F3-90AA-4EDD4054B32E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{94C36C36-3571-46A2-9B52-1BA5D36A9313}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\cf_downloader.exe |
"{9858CC88-BD42-4404-A0AD-8B07CB5D9407}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe |
"{9A4B0A09-E7CB-45C4-BA48-53E9BFA0D90D}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"{9B774277-0008-44E4-B825-1EE523F3744A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9FC66301-3F07-4A24-BC58-5610D062CA32}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe |
"{A591EDC3-B69D-4288-B26D-0AA0C19F6A28}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A5DA9484-DC95-4E40-968A-5F79D8F0388F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A6737B58-9871-4441-A8F7-E7DE23EADE20}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{A9E2B9DE-EBA8-4BE4-A952-0A03104F6D16}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AA17A602-B006-488B-86EB-F3FD4B21DFBC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{AB7DEDCE-824A-412D-B27B-917D663289FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADE411BA-8D65-4D59-A86F-91060FAE8DB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{B10DEBE3-B4FB-41BB-A84B-7E0D7EAF6FFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B51C76AC-C85A-473F-AEC5-FDBEC1F41739}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\7zs508e\easyinst64.exe |
"{BAA9841E-2997-4D17-9BAD-31A109325844}" = dir=in | app=d:\setup\hpznui40.exe |
"{BD372510-DB8B-4C1E-9A97-E0C1E7B0C7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C2095126-2EDF-4B5C-A3F6-28F1BE59B6DF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C35BC5FB-31F0-4D5D-AAFA-05F35E3A9616}" = protocol=6 | dir=out | app=system |
"{C492FD03-F47D-44D5-B034-6305BC737D14}" = dir=in | app=%programfiles% (x86)\videolan\vlc\vlc.exe |
"{C8454323-0EFA-40AB-814D-FCBBD5F7A4DC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{C94F1C4B-EF28-4776-BDCB-9E275271FA3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CA3881E0-4581-45D7-8E86-AD0CF6184823}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{CEA6F53B-7419-4F87-B504-8A3EACE39D05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2A53FBC-63E6-4D73-82B6-D3AFF958954F}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\7zs508e\easyinst64.exe |
"{D302088F-3482-4F26-85D5-AAA366558AA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D41AB6D8-A11D-4B25-92ED-34D75C3A15AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D566994E-8A71-4640-8385-7D1ECD77A713}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{D77D4716-808A-4707-B88F-1C92E5A2BB34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7E92FEC-C8E2-4912-A337-D75E1BDEE0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D9BA372D-ACF4-400D-9650-820A5886B166}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{D9DEC332-948A-4DCF-9F29-4D4208FAFF85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{E480B816-3D56-4CBE-8655-3B3789E40315}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E5662360-4593-4A6D-8EC3-8BBC204DF70E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E7F7FC98-DC47-4936-A48C-B69AE887C695}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{E8E31A9C-CD58-4F86-ABCA-1A4C3A24E380}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBC5F7C8-95B2-45CF-9788-3FD15F22D064}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{F1188481-578D-478D-B437-785C0C25DC14}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |
"{F1BCD143-F8B0-4E6E-B844-C61D51D3B654}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F27717A8-8A0D-4938-B4B7-16B7818508F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F34959A3-E621-498F-8983-7DFC4FCECEDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6AC09BD-7BF8-456A-85DA-5BC33469FC7E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F832ED20-4049-49E8-BF63-889FEDB2B149}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{F953DDE5-8343-4F7C-9F26-0394CB7CF7DA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{FCCEAD95-BFF7-4DF3-B5FC-DC8101093E0F}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"TCP Query User{139FAE8C-9F6E-47B3-BF5E-FE1CBD1FD159}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2B154E3B-8D45-4DB9-A26B-612A5E603F62}C:\program files (x86)\videolan\vlc1.1.4\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc1.1.4\vlc.exe |
"TCP Query User{38FD4632-F889-4345-92A0-A64427E335F2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{4F7E4DF4-8D56-4EB7-86B3-CB629CE38248}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{6AE512CC-212D-4AFA-9A32-45D3D1953831}C:\users\christian\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe |
"TCP Query User{707D0775-3934-4D42-B378-FFE24E8477F9}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{7E396AF9-8EB6-45BB-A37C-DC3F3777103D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{7F9CE826-E7B4-4F08-924B-2BD65FFD2EDA}C:\program files (x86)\videolan\vlc1.1.4\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc1.1.4\vlc.exe |
"TCP Query User{952AA632-900F-4DED-AFC9-48340A89C61E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{9AAC8745-6CFB-4FFC-94B7-E544039E37EC}C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hercules\webcam station evolution se\stationevse.exe |
"TCP Query User{A67FE5CC-7F81-447F-B55C-0200F2A414F2}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{CB73223B-2949-4F61-BE64-DA69A78DED9F}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{EEC169DB-0641-4FB9-A32D-F21F71273D1F}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{F65CA51B-030E-469A-BF06-3619DBFF30D9}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"TCP Query User{FF9DF8C1-026D-401E-ABB5-8B62AF7AFD4E}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"UDP Query User{07C12A38-4E84-418C-A35F-E49E7E846E19}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0C6AEE0E-76D6-4931-840C-C8607F5B43A0}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"UDP Query User{1679A22F-9D64-4057-932F-2E973A365E51}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{3C65314D-3567-43B8-A090-FF68D1B73B55}C:\users\christian\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe |
"UDP Query User{685AB127-7F47-498E-BDB1-E92CE25D0134}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{6F0A4E23-9A34-447F-88F0-49D821D58938}C:\program files (x86)\hercules\webcam station evolution se\stationevse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hercules\webcam station evolution se\stationevse.exe |
"UDP Query User{788C8009-2F9C-4B44-B339-B3414D0C5B79}C:\program files (x86)\videolan\vlc1.1.4\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc1.1.4\vlc.exe |
"UDP Query User{916AFE6F-BFB9-48DE-9B52-0E4D27993464}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{AEC56E5B-FE38-43EE-8DC0-5F18C861891B}C:\program files (x86)\videolan\vlc1.1.4\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc1.1.4\vlc.exe |
"UDP Query User{BB6D8B1B-10B2-4724-A17F-207742ABE68A}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{BD3344B1-3D2B-4BBD-B327-77824BCAA1EF}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{C4417805-A3BE-41C0-8CA4-BC74198A36AF}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"UDP Query User{D2E3F702-5C1A-4B69-9017-75A7E0FDA65E}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{D450E1BA-28E2-4671-98EE-FE2C150C1940}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{E031CA2F-3C3F-49C5-8AC7-CCB6D1F3D689}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6982BB9D-D9F0-4134-BBC4-5F8E17CABB82}" = RT 7 Lite x64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981D96C5-41F7-43DB-90AA-F781BBD302B9}" = HP Officejet 4620 series - Grundlegende Software für das Gerät
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{5B1F04DA-0F27-45B7-96F2-37190D5E11AE}" = Cisco AnyConnect Secure Mobility Client
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5F0EE12C-44B1-4FCB-87E3-4686C888774A}" = Hercules Classic Webcam Drivers
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Webcam Deluxe
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{EFADD989-D9F2-49F6-A280-675951CC78D3}" = FRITZ!Box-Fernzugang einrichten
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"7-Zip" = 7-Zip 9.15 beta
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.22.128
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"GFWL_{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"Glary Utilities_is1" = Glary Utilities 2.39.0.1310
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PunkBusterSvc" = PunkBuster Services
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 218" = Source SDK Base 2007
"Super Mario: Blue Twilight DX (v1.04.1)" = Super Mario: Blue Twilight DX (v1.04.1)
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"pdfsam" = pdfsam
"RT 7 Lite x64" = RT 7 Lite (64-Bit)
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.01.2013 13:14:48 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm shift.exe, Version 1.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 24e4 Startzeit:
01cdf8c0a30ce40d Endzeit: 57 Anwendungspfad: C:\Program Files (x86)\Electronic Arts\Need
for Speed SHIFT\shift.exe Berichts-ID:
Error - 23.01.2013 14:55:55 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.4.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 191c Startzeit:
01cdf99b3dac1df4 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Berichts-ID:
8217dd84-658e-11e2-a3f3-60eb69562ce7
Error - 24.01.2013 22:02:29 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.4.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 52c Startzeit:
01cdfa9fdc95f2f5 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Berichts-ID:
4376d0ce-6693-11e2-a3f3-60eb69562ce7
Error - 24.01.2013 22:07:06 | Computer Name = duese | Source = VSS | ID = 12310
Description =
Error - 27.01.2013 05:37:44 | Computer Name = duese | Source = CVHSVC | ID = 100
Description =
Error - 27.01.2013 15:09:39 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.7.0.6547 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d4 Startzeit:
01cdfae98b3f7994 Endzeit: 74 Anwendungspfad: C:\Program Files (x86)\ICQ7.7\ICQ.exe
Berichts-ID:
16bbb776-68b5-11e2-b5ff-60eb69562ce7
Error - 30.01.2013 02:52:07 | Computer Name = duese | Source = CVHSVC | ID = 100
Description =
Error - 01.02.2013 02:01:15 | Computer Name = duese | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16f4 Startzeit:
01cdffaaa69e7d4f Endzeit: 955 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
c08cccb3-6c34-11e2-9c01-60eb69562ce7
Error - 01.02.2013 02:04:03 | Computer Name = duese | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.4.0, Zeitstempel:
0x4c76f9fe Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.4.0, Zeitstempel:
0x4c76f9fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001749 ID des fehlerhaften Prozesses:
0x1904 Startzeit der fehlerhaften Anwendung: 0x01ce0041e6f349d5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC1.1.4\vlc.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\VideoLAN\VLC1.1.4\vlc.exe Berichtskennung: 2d39dc51-6c35-11e2-9c01-60eb69562ce7
Error - 02.02.2013 10:26:35 | Computer Name = duese | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000003c880
ID
des fehlerhaften Prozesses: 0x74 Startzeit der fehlerhaften Anwendung: 0x01ce00688cbc9db3
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 8beae67c-6d44-11e2-91eb-60eb69562ce7
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 11.04.2013 12:04:07 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
8453 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:07 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4719
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:07 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:07 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
8453 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4719
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 11.04.2013 12:04:26 | Computer Name = duese | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
[ System Events ]
Error - 11.04.2013 12:00:51 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst wlidsvc erreicht.
Error - 11.04.2013 17:32:35 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 11.04.2013 17:33:05 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
Error - 11.04.2013 17:33:11 | Computer Name = duese | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 11.04.2013 17:33:35 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
Error - 11.04.2013 17:33:42 | Computer Name = duese | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 11.04.2013 17:34:05 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 11.04.2013 17:34:35 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 11.04.2013 17:35:05 | Computer Name = duese | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
Error - 11.04.2013 17:35:16 | Computer Name = duese | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
< End of report >
Ich hoffe Ihr könnt auch mir weiterhelfen Viele Grüße und Danke Christian |
|
12.04.2013, 10:54
| #2 |
| | e.ligatus.com Hier nun noch Gmer.txt:
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 11:22:16
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgldapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075201465 2 bytes [20, 75]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752014bb 2 bytes [20, 75]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075201465 2 bytes [20, 75]
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752014bb 2 bytes [20, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000726b1a22 2 bytes [6B, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000726b1ad0 2 bytes [6B, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000726b1b08 2 bytes [6B, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000726b1bba 2 bytes [6B, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1728] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000726b1bda 2 bytes [6B, 72]
.text C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075201465 2 bytes [20, 75]
.text C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752014bb 2 bytes [20, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075201465 2 bytes [20, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752014bb 2 bytes [20, 75]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075201465 2 bytes [20, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752014bb 2 bytes [20, 75]
.text ... * 2
.text C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075201465 2 bytes [20, 75]
.text C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752014bb 2 bytes [20, 75]
.text ... * 2
.text C:\Windows\SysWOW64\RunDll32.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075201465 2 bytes [20, 75]
.text C:\Windows\SysWOW64\RunDll32.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752014bb 2 bytes [20, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:3760] 0000000077413e59
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:3768] 00000000750e7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:3808] 0000000071310cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:3844] 0000000077412e3e
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:4604] 0000000077413e59
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:5372] 0000000077413e59
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3736:5796] 0000000077417129
Thread C:\Windows\SysWOW64\ntdll.dll [4656:4660] 0000000001003fe1
Thread C:\Windows\SysWOW64\ntdll.dll [4656:4992] 000000006a768c3c
Thread C:\Windows\SysWOW64\ntdll.dll [4656:4996] 000000006a768f11
Thread C:\Windows\SysWOW64\ntdll.dll [4656:5000] 000000006a76882e
Thread C:\Windows\SysWOW64\ntdll.dll [4656:5004] 000000006e777861
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbf2a365
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbf2a365 (not active ControlSet)
---- Files - GMER 2.1 ----
File C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_524b9cbaffaceb20 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_524b9cbaffaceb20\glu32.dll.mui 5632 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8\glu32.dll 165376 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8\opengl32.dll 1039872 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\audiodepthconverter.ax 50688 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\directshowtap.ax 61440 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\fieldswitch.ax 41472 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\offset.ax 43008 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\OMD-API-ppdlic.xrm-ms 2987 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\OmdBase.dll 14967808 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\OmdProject.dll 4400640 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\rtstreamsink.ax 78848 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\rtstreamsource.ax 52736 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\soniccolorconverter.ax 79360 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7600.16385_none_11e22b51117f030d\sonicsptransform.ax 51712 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa\OptionalFeatures.exe 97792 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f5a37599ba370001 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f5a37599ba370001\hidphone.tsp.mui 3584 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f5a37599ba370001\tcmsetup.exe.mui 6656 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d\hidphone.tsp 38912 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d\tcmsetup.exe 15360 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe 5511248 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe 5475712 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe 5562240 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe 5561728 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\cero.rs 55296 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\csrr.rs 7680 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\esrb.rs 51712 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\grb.rs 16896 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\oflc.rs 23552 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\pegi-fi.rs 20480 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\pegi-pt.rs 20480 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\pegi.rs 37376 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\pegibbfc.rs 53760 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7600.16385_none_85da16bf080ec561\usk.rs 31232 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-p..-policy-definitions_31bf3856ad364e35_6.1.7600.16385_none_0d613e3ee80c0882 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-p..-policy-definitions_31bf3856ad364e35_6.1.7600.16385_none_0d613e3ee80c0882\PowerMigPlugin.dll 111104 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe 5509008 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe 5507968 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe 5510528 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe 5509504 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2 0 bytes
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2\ntoskrnl.exe 5507968 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_c8730eb3cd997710 0 bytes
---- EOF - GMER 2.1 ----
ich habe eben gesehen, dass ich heute Vormittag einen falschen Link eingestellt habe, ich habe nicht die "Anleitung: Malwarebytes Anti-Malware " durchgearbeitet, sondern lediglich die http://www.trojaner-board.de/69886-a...beachten.html. Das tud mir wirklich leid, da hatte ich wohl noch einen falschen Link in der Zwischenablage. Viele Grüße Christian |
|
22.04.2013, 17:21
| #3 |
| /// Helfer-Team  | e.ligatus.com Leider hast du mit deiner Antwort das Thema vergraben. Besteht das Problem immer noch?
__________________ |
|
22.04.2013, 21:16
| #4 |
| | e.ligatus.com Hallo t'john, ja so etwas in der Art hatte ich mir schon fast gedacht.... Also, da ich nichts gehört hatte, bin ich hergegangen und habe meine eigenen Dokumente und wichtigen Daten auf eine externe Festplatte kopiert. Dann habe ich Windows neu aufgesetzt und im Anschluss auf meine zweite Festplatte ein Backup des frischen Systems gemacht. Danach habe ich spaßeshalber mal meinen Virenscanner über die Externe Festplatte laufen lassen. Dort hat er in einer alten Sicherung eines anderen PC's meines Vaters Malware/Trojaner gefunden. Das habe ich natürlich meinem Vater erzählt, der erzählte mir dann am Tag darauf, dass er unter Knoppix auf die Festplatte ist und den infizierten Ordner gelöscht hat. Ob das allerdings so schlau war weiß ich nicht. Ich würde jetzt gerne irgendwie überprüfen ob meine beiden Festplatten sauber sind, da sich dort fast alle Urlaubs Bilder und Videos liegen und ich diese nicht formatieren möchte. Könnt ihr mir helfen das alles zu checken? Momentan findet mein Virenscanner (Sophos) nichts mehr auf den Festplatten ob sie wirklich clean sind weiß ich leider nicht, denn den Ligatus hatte mein Virenscanner (damals noch Avira) leider auch nicht gefunden. Liebe Grüße Christian |
|
23.04.2013, 10:49
| #5 |
| /// Helfer-Team | e.ligatus.com ok: Downloade Dir bitte  Malwarebytes Anti-Malware
dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
|
28.04.2013, 15:05
| #6 |
| | e.ligatus.com Hi, ich hatte diese Woche viel zu tun und bin erst jetzt dazu gekommen Malwarebytes drüber laufen zu lassen. Es wurden keine Infizierten Dateien gefunden: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.28.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 duese :: DUESE-PC [Administrator] Schutz: Aktiviert 28.04.2013 14:39:23 mbam-log-2013-04-28 (14-39-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382910 Laufzeit: 1 Stunde(n), 10 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 28.04.2013 15:54:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\duese\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 26,79% Memory free 7,36 Gb Paging File | 3,87 Gb Available in Paging File | 52,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 685,54 Gb Total Space | 648,58 Gb Free Space | 94,61% Space Free | Partition Type: NTFS Drive D: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 585,94 Gb Total Space | 89,08 Gb Free Space | 15,20% Space Free | Partition Type: NTFS Drive F: | 112,64 Gb Total Space | 112,64 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive G: | 931,51 Gb Total Space | 0,98 Gb Free Space | 0,11% Space Free | Partition Type: NTFS Computer Name: DUESE-PC | User Name: duese | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\duese\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Limited) PRC - C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Sophos Limited) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (Sophos Client Firewall Manager) -- C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Limited) SRV - (Sophos Client Firewall) -- C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Sophos Limited) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited) DRV:64bit: - (scfdriver) -- C:\Windows\SysNative\drivers\scfdriver.sys (Sophos Limited) DRV:64bit: - (scfndis) -- C:\Windows\SysNative\drivers\scfndis.sys (Sophos Limited) DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 4E F4 5F 35 3A CE 01 [binary data] IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 02:36:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.16 02:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duese\AppData\Roaming\mozilla\Extensions [2013.04.16 08:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duese\AppData\Roaming\mozilla\Firefox\Profiles\s8uc6yol.default\extensions [2013.04.16 08:08:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\duese\AppData\Roaming\mozilla\firefox\profiles\s8uc6yol.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.16 02:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2359444012-4041525454-2629415603-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.130.180.5 134.130.5.1 134.130.4.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C660D14D-3B6A-47B2-AEBC-C228CCD87723}: DhcpNameServer = 134.130.180.5 134.130.5.1 134.130.4.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEF40241-9940-4F69-B1D0-957279F9044E}: DhcpNameServer = 172.23.23.22 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.06.17 10:50:18 | 000,000,054 | R--- | M] () - D:\autorun.bat -- [ CDFS ] O32 - AutoRun File - [2003.02.23 05:23:19 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2004.05.01 22:35:55 | 000,000,967 | R--- | M] () - D:\autorun.pif -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.28 15:52:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\duese\Desktop\OTL.exe [2013.04.28 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Malwarebytes [2013.04.28 14:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.28 14:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.28 14:01:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.28 14:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.28 14:01:02 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Programs [2013.04.28 12:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M [2013.04.28 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\ICQ [2013.04.28 12:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M [2013.04.28 12:11:56 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\ICQ-Profile [2013.04.26 16:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.04.26 15:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.04.26 11:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013.04.26 11:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.04.26 11:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.04.26 11:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.04.26 11:03:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.26 10:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office 15 [2013.04.26 10:54:43 | 000,000,000 | ---D | C] -- C:\Users\duese\Local Settings [2013.04.25 16:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2013.04.24 22:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.22 23:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.04.22 23:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.04.22 23:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.04.22 08:51:04 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\ElevatedDiagnostics [2013.04.18 17:28:24 | 000,000,000 | ---D | C] -- C:\Users\duese\Documents\Bafög [2013.04.17 21:33:30 | 000,000,000 | ---D | C] -- C:\OkiDriver [2013.04.17 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Macromedia [2013.04.17 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Macromedia [2013.04.17 18:07:44 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.17 18:07:44 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.17 18:07:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.04.17 18:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.04.17 06:18:44 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\ImgBurn [2013.04.17 05:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2013.04.17 05:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2013.04.17 05:44:05 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013.04.17 05:44:05 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013.04.17 05:44:01 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013.04.17 05:44:01 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013.04.17 05:44:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2013.04.17 05:44:01 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2013.04.17 05:44:00 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.17 05:44:00 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2013.04.17 05:44:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2013.04.16 22:09:16 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\vlc [2013.04.16 22:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.04.16 21:20:53 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Sophos [2013.04.16 20:16:05 | 000,000,000 | ---D | C] -- C:\Users\duese\Documents\Kalender [2013.04.16 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Adobe [2013.04.16 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Adobe [2013.04.16 16:28:38 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013.04.16 16:28:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013.04.16 16:22:55 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2013.04.16 16:21:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.16 16:21:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.16 16:21:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2013.04.16 16:21:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.16 16:21:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.16 16:21:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.16 16:21:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.16 16:21:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.16 16:21:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.16 16:21:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.16 16:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.16 16:21:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.16 16:21:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.16 16:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.16 16:21:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.16 16:21:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.16 16:21:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.16 16:21:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.16 16:21:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.16 16:21:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.16 16:21:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2013.04.16 16:21:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.16 16:21:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.16 16:21:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.16 16:21:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.16 16:21:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.16 16:21:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.16 16:21:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2013.04.16 16:21:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2013.04.16 16:21:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.16 16:21:20 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.16 16:21:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2013.04.16 16:21:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.16 16:21:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.16 16:21:19 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2013.04.16 16:21:19 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.16 16:21:19 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.16 16:21:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.16 16:21:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2013.04.16 16:21:19 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2013.04.16 16:21:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.16 16:21:19 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.16 16:21:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.16 16:21:19 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2013.04.16 16:21:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.16 16:21:19 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.16 16:21:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.16 16:21:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.16 16:21:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.16 16:21:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.16 16:21:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.16 16:21:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.16 16:21:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.16 16:21:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.16 16:21:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.16 16:21:18 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.16 16:21:18 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.16 16:21:18 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.16 16:21:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.16 16:21:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.16 16:21:18 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.16 16:21:18 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.16 16:21:18 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.16 16:21:18 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.16 16:21:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.16 16:21:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.16 16:21:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.16 16:21:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.16 16:21:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.16 16:21:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.16 16:21:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.16 16:21:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.16 16:14:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013.04.16 16:14:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.04.16 16:14:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.04.16 16:13:59 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.04.16 16:13:59 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.04.16 16:13:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013.04.16 16:12:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013.04.16 16:12:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013.04.16 16:12:48 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013.04.16 16:12:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013.04.16 16:10:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.04.16 16:10:01 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2013.04.16 12:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager [2013.04.16 12:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer [2013.04.16 12:08:11 | 000,000,000 | ---D | C] -- C:\OEM [2013.04.16 12:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [2013.04.16 12:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM [2013.04.16 12:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Acer [2013.04.16 11:46:32 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Intel Corporation [2013.04.16 11:44:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.04.16 11:43:49 | 000,538,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys [2013.04.16 11:41:58 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Broadcom [2013.04.16 11:41:58 | 000,000,000 | ---D | C] -- C:\Users\duese\Documents\Bluetooth-Exchange-Ordner [2013.04.16 11:40:22 | 000,342,056 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys [2013.04.16 11:40:21 | 000,135,720 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys [2013.04.16 11:40:21 | 000,039,464 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys [2013.04.16 11:40:21 | 000,021,544 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys [2013.04.16 11:40:20 | 000,102,952 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys [2013.04.16 11:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM [2013.04.16 11:36:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.04.16 11:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.04.16 11:36:13 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.04.16 11:36:13 | 001,958,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.04.16 11:36:13 | 001,146,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.04.16 11:36:13 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.04.16 11:36:13 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.04.16 11:36:13 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.04.16 11:36:13 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.04.16 11:36:12 | 002,607,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.04.16 11:36:12 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.04.16 11:36:12 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.04.16 11:36:12 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.04.16 11:36:12 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.04.16 11:36:12 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.04.16 11:36:12 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.04.16 11:36:12 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.04.16 11:36:11 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.04.16 11:36:11 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.04.16 11:36:11 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.04.16 11:36:11 | 000,070,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2013.04.16 11:36:10 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.04.16 11:36:10 | 000,332,192 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.04.16 11:36:10 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.04.16 11:36:09 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.04.16 11:36:09 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.04.16 11:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.04.16 11:36:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.04.16 11:36:06 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.04.16 11:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.04.16 11:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2013.04.16 11:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun [2013.04.16 11:27:53 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.04.16 11:21:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfc42loc.dll [2013.04.16 11:20:20 | 003,552,768 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll [2013.04.16 11:20:20 | 002,978,296 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS [2013.04.16 11:20:20 | 002,978,296 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwl664.sys [2013.04.16 11:20:20 | 002,661,368 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwl6.sys [2013.04.16 11:20:20 | 000,095,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi64.dll [2013.04.16 11:20:20 | 000,095,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll [2013.04.16 11:20:20 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devIA64.exe [2013.04.16 11:20:20 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devAMD64.exe [2013.04.16 11:20:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devcon.exe [2013.04.16 11:20:19 | 003,888,128 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll [2013.04.16 11:20:19 | 003,862,528 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv.dll [2013.04.16 11:20:19 | 003,551,232 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui.dll [2013.04.16 11:20:19 | 000,000,000 | ---D | C] -- C:\Windows\Options [2013.04.16 11:20:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.04.16 11:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Broadcom [2013.04.16 11:19:44 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\InstallShield [2013.04.16 11:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013.04.16 11:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.04.16 11:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.04.16 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.04.16 10:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.04.16 08:27:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2013.04.16 08:27:25 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.04.16 08:27:25 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.04.16 08:27:23 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2013.04.16 08:27:23 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2013.04.16 08:27:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2013.04.16 08:27:22 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2013.04.16 08:27:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2013.04.16 08:27:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2013.04.16 08:27:22 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2013.04.16 08:27:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2013.04.16 08:27:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2013.04.16 08:27:20 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.04.16 08:27:16 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2013.04.16 08:27:16 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2013.04.16 08:26:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.04.16 08:26:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.04.16 08:26:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.04.16 08:26:40 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.16 08:26:39 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.16 08:26:39 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.16 08:26:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.16 08:26:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.16 08:26:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.16 08:26:32 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.04.16 08:26:32 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2013.04.16 08:26:14 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2013.04.16 08:26:13 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2013.04.16 08:26:13 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2013.04.16 08:26:13 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2013.04.16 08:26:12 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2013.04.16 08:26:12 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2013.04.16 08:26:09 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2013.04.16 08:26:09 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2013.04.16 08:26:09 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.04.16 08:26:09 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.04.16 08:26:05 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2013.04.16 08:26:03 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013.04.16 08:26:03 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013.04.16 08:26:02 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013.04.16 08:26:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013.04.16 08:26:01 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013.04.16 08:26:01 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013.04.16 08:26:01 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013.04.16 08:26:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013.04.16 08:26:01 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013.04.16 08:26:00 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013.04.16 08:26:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2013.04.16 08:26:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013.04.16 08:26:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2013.04.16 08:25:56 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2013.04.16 08:25:56 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2013.04.16 08:25:54 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2013.04.16 08:25:54 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2013.04.16 08:25:45 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2013.04.16 08:25:45 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2013.04.16 08:25:45 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2013.04.16 08:25:44 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2013.04.16 08:25:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.04.16 08:25:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.04.16 08:25:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2013.04.16 08:25:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2013.04.16 08:25:33 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.04.16 08:25:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.04.16 08:25:32 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.04.16 08:25:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013.04.16 08:25:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2013.04.16 08:25:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2013.04.16 08:25:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2013.04.16 08:25:27 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2013.04.16 08:25:25 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.04.16 08:25:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.04.16 08:25:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.04.16 08:25:24 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.04.16 08:25:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.04.16 08:25:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.04.16 08:25:18 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013.04.16 08:25:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013.04.16 08:24:45 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2013.04.16 08:24:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2013.04.16 08:24:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2013.04.16 08:24:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.04.16 08:24:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.04.16 08:24:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.04.16 08:24:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.04.16 08:24:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.04.16 08:24:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.04.16 08:24:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.04.16 08:24:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.04.16 08:24:33 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.04.16 08:23:53 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.04.16 08:23:51 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2013.04.16 08:23:51 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.16 08:23:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.04.16 08:23:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.04.16 08:23:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.04.16 08:23:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.04.16 08:23:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.04.16 08:23:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.04.16 08:23:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.04.16 08:23:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.04.16 08:23:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.04.16 08:23:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.04.16 08:23:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.04.16 08:23:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.04.16 08:23:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.04.16 08:23:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.04.16 08:23:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.04.16 08:23:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.04.16 08:23:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.04.16 08:23:45 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.04.16 08:23:45 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.04.16 08:23:45 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.04.16 08:23:45 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.04.16 08:23:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.04.16 08:23:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.04.16 08:23:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.04.16 08:23:43 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.04.16 08:23:43 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.04.16 08:23:43 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.04.16 08:23:43 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.04.16 08:23:43 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.04.16 08:23:43 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.04.16 08:23:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.04.16 08:23:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.04.16 08:23:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2013.04.16 08:23:26 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2013.04.16 08:23:26 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2013.04.16 08:23:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2013.04.16 08:22:36 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2013.04.16 08:22:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.04.16 08:22:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.04.16 08:22:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.04.16 08:22:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.04.16 08:22:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.04.16 08:22:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.04.16 08:22:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.04.16 08:22:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.04.16 08:22:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.04.16 08:22:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.04.16 08:22:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.04.16 08:22:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.04.16 08:22:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.04.16 08:22:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.04.16 08:22:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.04.16 08:22:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.04.16 08:22:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.04.16 08:22:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.04.16 08:22:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.04.16 08:22:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.04.16 08:22:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.04.16 08:22:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.04.16 08:22:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.04.16 08:22:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.04.16 08:22:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.04.16 08:22:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.04.16 08:22:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.04.16 08:22:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013.04.16 08:22:02 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2013.04.16 08:22:01 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2013.04.16 08:22:01 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2013.04.16 08:22:01 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2013.04.16 08:22:01 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2013.04.16 08:22:01 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2013.04.16 08:22:01 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2013.04.16 08:21:45 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.16 08:21:43 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2013.04.16 08:21:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2013.04.16 08:21:42 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013.04.16 08:21:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013.04.16 08:21:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013.04.16 08:21:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2013.04.16 08:21:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2013.04.16 08:21:32 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2013.04.16 08:21:14 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2013.04.16 08:21:11 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2013.04.16 08:21:08 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013.04.16 08:21:06 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2013.04.16 08:21:05 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2013.04.16 08:21:03 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2013.04.16 08:21:02 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2013.04.16 08:20:55 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.16 08:20:55 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.16 08:20:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.16 08:20:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.16 08:20:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.16 08:20:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.16 08:20:51 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2013.04.16 08:20:50 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2013.04.16 08:20:41 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.04.16 08:20:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2013.04.16 08:20:34 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.04.16 08:20:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.04.16 08:19:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2013.04.16 08:19:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2013.04.16 08:03:52 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2013.04.16 08:03:52 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2013.04.16 02:58:58 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\ATI [2013.04.16 02:58:58 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\ATI [2013.04.16 02:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.16 02:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.16 02:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.04.16 02:54:41 | 022,623,232 | ---- | C] (Advanced Micro Devices, Inc.) -- |
|
28.04.2013, 15:10
| #7 |
| | e.ligatus.com und der Rest der OTL.txt Code:
ATTFilter C:\Windows\SysNative\atio6axx.dll [2013.04.16 02:54:41 | 017,469,952 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2013.04.16 02:54:41 | 015,032,832 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll [2013.04.16 02:54:41 | 011,040,256 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll [2013.04.16 02:54:41 | 010,611,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdpmd64.sys [2013.04.16 02:54:41 | 010,611,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys [2013.04.16 02:54:41 | 009,319,424 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2013.04.16 02:54:41 | 007,467,520 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2013.04.16 02:54:41 | 006,547,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll [2013.04.16 02:54:41 | 006,098,432 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2013.04.16 02:54:41 | 005,395,968 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2013.04.16 02:54:41 | 005,080,576 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll [2013.04.16 02:54:41 | 004,967,424 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll [2013.04.16 02:54:41 | 004,720,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll [2013.04.16 02:54:41 | 004,411,904 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll [2013.04.16 02:54:41 | 004,304,896 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2013.04.16 02:54:41 | 004,246,016 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll [2013.04.16 02:54:41 | 003,631,104 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll [2013.04.16 02:54:41 | 003,420,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2013.04.16 02:54:41 | 003,156,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe [2013.04.16 02:54:41 | 001,912,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll [2013.04.16 02:54:41 | 001,208,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll [2013.04.16 02:54:41 | 000,830,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll [2013.04.16 02:54:41 | 000,787,968 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll [2013.04.16 02:54:41 | 000,672,256 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll [2013.04.16 02:54:41 | 000,571,904 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll [2013.04.16 02:54:41 | 000,508,952 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe [2013.04.16 02:54:41 | 000,480,256 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2013.04.16 02:54:41 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll [2013.04.16 02:54:41 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll [2013.04.16 02:54:41 | 000,415,256 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe [2013.04.16 02:54:41 | 000,386,584 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe [2013.04.16 02:54:41 | 000,380,416 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll [2013.04.16 02:54:41 | 000,361,984 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll [2013.04.16 02:54:41 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll [2013.04.16 02:54:41 | 000,303,616 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys [2013.04.16 02:54:41 | 000,271,360 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll [2013.04.16 02:54:41 | 000,258,048 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2013.04.16 02:54:41 | 000,228,864 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll [2013.04.16 02:54:41 | 000,223,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe [2013.04.16 02:54:41 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2013.04.16 02:54:41 | 000,161,304 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe [2013.04.16 02:54:41 | 000,147,456 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe [2013.04.16 02:54:41 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll [2013.04.16 02:54:41 | 000,122,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl [2013.04.16 02:54:41 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2013.04.16 02:54:41 | 000,119,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll [2013.04.16 02:54:41 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe [2013.04.16 02:54:41 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc [2013.04.16 02:54:41 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc [2013.04.16 02:54:41 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc [2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc [2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc [2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc [2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc [2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc [2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc [2013.04.16 02:54:41 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc [2013.04.16 02:54:41 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc [2013.04.16 02:54:41 | 000,087,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc [2013.04.16 02:54:41 | 000,087,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc [2013.04.16 02:54:41 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc [2013.04.16 02:54:41 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc [2013.04.16 02:54:41 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc [2013.04.16 02:54:41 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc [2013.04.16 02:54:41 | 000,083,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc [2013.04.16 02:54:41 | 000,083,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc [2013.04.16 02:54:41 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2013.04.16 02:54:41 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll [2013.04.16 02:54:41 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2013.04.16 02:54:41 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2013.04.16 02:54:41 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2013.04.16 02:54:41 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2013.04.16 02:54:41 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2013.04.16 02:54:41 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2013.04.16 02:54:41 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2013.04.16 02:54:41 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2013.04.16 02:54:41 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2013.04.16 02:54:41 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2013.04.16 02:54:41 | 000,040,448 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll [2013.04.16 02:54:41 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll [2013.04.16 02:54:41 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll [2013.04.16 02:54:41 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll [2013.04.16 02:54:41 | 000,031,232 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll [2013.04.16 02:54:41 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll [2013.04.16 02:54:41 | 000,027,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll [2013.04.16 02:54:41 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll [2013.04.16 02:54:41 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2013.04.16 02:54:41 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll [2013.04.16 02:54:41 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll [2013.04.16 02:50:19 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Diagnostics [2013.04.16 02:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.04.16 02:47:31 | 000,114,704 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys [2013.04.16 02:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.04.16 02:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.04.16 02:36:57 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Mozilla [2013.04.16 02:36:57 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Mozilla [2013.04.16 02:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.04.16 02:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.04.16 02:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.16 02:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.04.16 02:29:41 | 000,000,000 | ---D | C] -- C:\Intel [2013.04.16 02:22:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.04.16 02:00:06 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013.04.16 02:00:05 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.16 02:00:05 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.16 01:59:56 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.16 01:59:56 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.16 01:59:56 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.16 01:59:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.16 01:59:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.16 01:53:39 | 000,074,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2013.04.16 01:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.04.16 01:44:10 | 000,102,688 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\scfdriver.sys [2013.04.16 01:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos [2013.04.16 01:43:25 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll [2013.04.16 01:43:25 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2013.04.16 01:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2013.04.16 01:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems [2013.04.16 01:42:46 | 000,037,440 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2013.04.16 01:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2013.04.16 01:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013.04.16 01:42:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.04.16 01:36:03 | 000,154,952 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2013.04.16 01:36:03 | 000,055,072 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\scfndis.sys [2013.04.16 01:36:03 | 000,025,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys [2013.04.16 01:35:59 | 000,000,000 | ---D | C] -- C:\escw_102_sa [2013.04.16 01:33:04 | 000,000,000 | R--D | C] -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.16 01:33:04 | 000,000,000 | R--D | C] -- C:\Users\duese\Searches [2013.04.16 01:33:04 | 000,000,000 | R--D | C] -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.04.16 01:32:52 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Identities [2013.04.16 01:32:50 | 000,000,000 | R--D | C] -- C:\Users\duese\Contacts [2013.04.16 01:32:49 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\VirtualStore [2013.04.16 01:32:40 | 000,000,000 | --SD | C] -- C:\Users\duese\AppData\Roaming\Microsoft [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Videos [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Saved Games [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Pictures [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Music [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Links [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Favorites [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Downloads [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Documents [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\Desktop [2013.04.16 01:32:40 | 000,000,000 | R--D | C] -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Vorlagen [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\AppData\Local\Verlauf [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\AppData\Local\Temporary Internet Files [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Startmenü [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\SendTo [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Recent [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Netzwerkumgebung [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Lokale Einstellungen [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Documents\Eigene Videos [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Documents\Eigene Musik [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Eigene Dateien [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Documents\Eigene Bilder [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Druckumgebung [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Cookies [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\AppData\Local\Anwendungsdaten [2013.04.16 01:32:40 | 000,000,000 | -HSD | C] -- C:\Users\duese\Anwendungsdaten [2013.04.16 01:32:40 | 000,000,000 | -H-D | C] -- C:\Users\duese\AppData [2013.04.16 01:32:40 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Temp [2013.04.16 01:32:40 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Local\Microsoft [2013.04.16 01:32:40 | 000,000,000 | ---D | C] -- C:\Users\duese\AppData\Roaming\Media Center Programs [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Programme [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.04.16 01:32:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.04.16 01:26:01 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.04.16 01:23:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.04.16 01:23:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.28 15:52:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\duese\Desktop\OTL.exe [2013.04.28 15:23:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.28 14:59:25 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI [2013.04.28 14:23:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.28 14:23:21 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.28 14:23:21 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.28 14:23:21 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.28 14:23:21 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.28 14:01:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 13:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.28 12:26:42 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk [2013.04.28 11:10:42 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 11:10:42 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 11:02:59 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2013.04.24 22:17:18 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.17 18:07:44 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.17 18:07:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.17 05:59:07 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2013.04.16 20:16:13 | 000,086,566 | ---- | M] () -- C:\Users\duese\Documents\Uni.ics [2013.04.16 17:42:41 | 000,436,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.16 16:21:23 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.16 16:21:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.16 16:21:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2013.04.16 16:21:23 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.16 16:21:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.16 16:21:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.16 16:21:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.16 16:21:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.16 16:21:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.16 16:21:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.16 16:21:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.16 16:21:22 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.16 16:21:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.16 16:21:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.16 16:21:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.16 16:21:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.16 16:21:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.16 16:21:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.16 16:21:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.16 16:21:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.16 16:21:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2013.04.16 16:21:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.16 16:21:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.16 16:21:22 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.16 16:21:22 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.16 16:21:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.16 16:21:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.16 16:21:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.16 16:21:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2013.04.16 16:21:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2013.04.16 16:21:20 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.16 16:21:20 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.16 16:21:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2013.04.16 16:21:19 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.16 16:21:19 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.16 16:21:19 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2013.04.16 16:21:19 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.16 16:21:19 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.16 16:21:19 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.16 16:21:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2013.04.16 16:21:19 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2013.04.16 16:21:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.16 16:21:19 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.16 16:21:19 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.16 16:21:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2013.04.16 16:21:19 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.16 16:21:19 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.16 16:21:19 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.16 16:21:19 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.16 16:21:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.16 16:21:19 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.16 16:21:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.16 16:21:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.16 16:21:18 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.16 16:21:18 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.16 16:21:18 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.16 16:21:18 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.16 16:21:18 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.16 16:21:18 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.16 16:21:18 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.16 16:21:18 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.16 16:21:18 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.16 16:21:18 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.16 16:21:18 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.16 16:21:18 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.16 16:21:18 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.16 16:21:18 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.16 16:21:18 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.16 16:21:18 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.16 16:21:18 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.16 16:21:18 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.16 16:21:18 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.16 16:21:18 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.16 16:21:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.16 12:09:59 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI [2013.04.16 12:09:47 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI [2013.04.16 11:40:39 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013.04.16 11:35:25 | 000,021,544 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys [2013.04.16 11:35:24 | 000,342,056 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys [2013.04.16 11:35:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys [2013.04.16 11:35:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys [2013.04.16 11:35:24 | 000,039,464 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys [2013.04.16 11:20:53 | 000,681,508 | ---- | M] () -- C:\Windows\SysNative\oem11.inf [2013.04.16 11:16:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.04.16 11:13:14 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.16 02:57:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.04.16 02:36:51 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.16 01:27:07 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.04.16 01:27:07 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.28 14:01:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 12:26:42 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk [2013.04.24 22:17:18 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.17 18:07:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.17 05:59:07 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2013.04.17 05:59:07 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2013.04.16 20:16:13 | 000,086,566 | ---- | C] () -- C:\Users\duese\Documents\Uni.ics [2013.04.16 16:28:41 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.16 16:21:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.16 16:21:18 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.16 16:12:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.16 12:09:59 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI [2013.04.16 12:09:47 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI [2013.04.16 11:38:20 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013.04.16 11:36:15 | 000,247,560 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat [2013.04.16 11:36:15 | 000,033,060 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT [2013.04.16 11:36:15 | 000,001,448 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat [2013.04.16 11:36:15 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat [2013.04.16 11:36:15 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat [2013.04.16 11:36:15 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat [2013.04.16 11:36:15 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat [2013.04.16 11:36:15 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat [2013.04.16 11:36:15 | 000,000,024 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat [2013.04.16 11:21:03 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem11.inf [2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4328_Update64D.BAT [2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4328_Update64C.BAT [2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Update64D.BAT [2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Update64C.BAT [2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Update64D.BAT [2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Update64C.BAT [2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4315_Update64D.BAT [2013.04.16 11:20:21 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4315_Update64C.BAT [2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4328_Remove64D.BAT [2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4328_Remove64C.BAT [2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Remove64D.BAT [2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Remove64C.BAT [2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Remove64D.BAT [2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Remove64C.BAT [2013.04.16 11:20:21 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4315_Remove64D.BAT [2013.04.16 11:20:20 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\bcmwl6.inf [2013.04.16 11:20:20 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4312_Update64D.BAT [2013.04.16 11:20:20 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4312_Update64C.BAT [2013.04.16 11:20:20 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4311_Update64D.BAT [2013.04.16 11:20:20 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4311_Update64C.BAT [2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4315_Remove64C.BAT [2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4312_Remove64D.BAT [2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4312_Remove64C.BAT [2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4311_Remove64D.BAT [2013.04.16 11:20:20 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4311_Remove64C.BAT [2013.04.16 11:20:19 | 000,012,067 | ---- | C] () -- C:\Windows\SysNative\bcm43xx64.cat [2013.04.16 11:20:19 | 000,011,638 | ---- | C] () -- C:\Windows\SysNative\bcm43xx.cat [2013.04.16 11:20:19 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4357_Update64D.BAT [2013.04.16 11:20:19 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4357_Update64C.BAT [2013.04.16 11:20:19 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\4357_Update32D.BAT [2013.04.16 11:20:19 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\4357_Update32C.BAT [2013.04.16 11:20:19 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4357_Remove64D.BAT [2013.04.16 11:20:19 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4357_Remove64C.BAT [2013.04.16 11:20:19 | 000,000,061 | ---- | C] () -- C:\Windows\SysNative\4357_Remove32D.BAT [2013.04.16 11:20:19 | 000,000,061 | ---- | C] () -- C:\Windows\SysNative\4357_Remove32C.BAT [2013.04.16 11:16:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.04.16 11:13:14 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.16 11:13:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.16 02:57:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.04.16 02:55:52 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2013.04.16 02:55:52 | 000,003,914 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat [2013.04.16 02:54:41 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2013.04.16 02:54:41 | 000,916,704 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2013.04.16 02:54:41 | 000,916,704 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2013.04.16 02:54:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2013.04.16 02:54:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysNative\igkrng575.bin [2013.04.16 02:54:41 | 000,233,012 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2013.04.16 02:54:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2013.04.16 02:54:41 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\iglhsip64.dll [2013.04.16 02:54:41 | 000,189,408 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2013.04.16 02:54:41 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\iglhcp64.dll [2013.04.16 02:54:41 | 000,178,288 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2013.04.16 02:54:41 | 000,165,251 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2013.04.16 02:54:41 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe [2013.04.16 02:54:41 | 000,150,184 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2013.04.16 02:54:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2013.04.16 02:54:41 | 000,139,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2013.04.16 02:54:41 | 000,136,327 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2013.04.16 02:54:41 | 000,133,680 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2013.04.16 02:54:41 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2013.04.16 02:54:41 | 000,127,868 | ---- | C] () -- C:\Windows\SysNative\igcompkrng575.bin [2013.04.16 02:54:41 | 000,125,477 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2013.04.16 02:54:41 | 000,123,164 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2013.04.16 02:54:41 | 000,122,858 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2013.04.16 02:54:41 | 000,122,638 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2013.04.16 02:54:41 | 000,121,121 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2013.04.16 02:54:41 | 000,120,695 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2013.04.16 02:54:41 | 000,120,287 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2013.04.16 02:54:41 | 000,119,533 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2013.04.16 02:54:41 | 000,119,513 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2013.04.16 02:54:41 | 000,119,286 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2013.04.16 02:54:41 | 000,118,997 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2013.04.16 02:54:41 | 000,118,684 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2013.04.16 02:54:41 | 000,118,631 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2013.04.16 02:54:41 | 000,118,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2013.04.16 02:54:41 | 000,117,984 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2013.04.16 02:54:41 | 000,114,779 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2013.04.16 02:54:41 | 000,114,308 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2013.04.16 02:54:41 | 000,114,179 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2013.04.16 02:54:41 | 000,110,156 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2013.04.16 02:54:41 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2013.04.16 02:54:41 | 000,104,796 | ---- | C] () -- C:\Windows\SysNative\igfcg575m.bin [2013.04.16 02:54:41 | 000,103,997 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2013.04.16 02:54:41 | 000,102,843 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2013.04.16 02:54:41 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2013.04.16 02:54:41 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2013.04.16 02:54:41 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2013.04.16 02:54:41 | 000,030,831 | ---- | C] () -- C:\Windows\atiogl.xml [2013.04.16 02:54:41 | 000,005,396 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2013.04.16 02:54:41 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2013.04.16 02:54:41 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2013.04.16 02:54:41 | 000,003,914 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat [2013.04.16 02:54:41 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp [2013.04.16 02:36:51 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.16 02:36:51 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.16 01:48:39 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI [2013.04.16 01:33:20 | 000,001,409 | ---- | C] () -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.04.16 01:33:16 | 000,001,443 | ---- | C] () -- C:\Users\duese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.16 01:27:01 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.04.16 01:26:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.04.16 01:23:00 | 2962,243,584 | -HS- | C] () -- C:\hiberfil.sys [2011.06.13 22:28:34 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.28 12:27:14 | 000,000,000 | ---D | M] -- C:\Users\duese\AppData\Roaming\ICQ [2013.04.28 12:20:07 | 000,000,000 | ---D | M] -- C:\Users\duese\AppData\Roaming\ICQ-Profile [2013.04.17 06:28:31 | 000,000,000 | ---D | M] -- C:\Users\duese\AppData\Roaming\ImgBurn ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.04.2013 15:54:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\duese\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 26,79% Memory free
7,36 Gb Paging File | 3,87 Gb Available in Paging File | 52,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,54 Gb Total Space | 648,58 Gb Free Space | 94,61% Space Free | Partition Type: NTFS
Drive D: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 585,94 Gb Total Space | 89,08 Gb Free Space | 15,20% Space Free | Partition Type: NTFS
Drive F: | 112,64 Gb Total Space | 112,64 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive G: | 931,51 Gb Total Space | 0,98 Gb Free Space | 0,11% Space Free | Partition Type: NTFS
Computer Name: DUESE-PC | User Name: duese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2359444012-4041525454-2629415603-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFCAAEC-FFE1-4F7E-89BD-E12FC0C2A7E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0DA18329-2A33-47FE-896F-916CD70BDB15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0E8B506A-5464-474E-8BE2-A3FAB05CB352}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29E77FB6-30BA-4D91-9AB6-11AEEBB41E3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E728144-02F0-4F38-84C2-A49F5702AE1B}" = rport=138 | protocol=17 | dir=out | app=system |
"{3D487977-4F27-4C3B-B310-E518E76AFA52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EEA7223-973D-4F36-A33B-5F4B7F6F358D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F4E84B6-E533-45B8-95C6-A4903E353F89}" = rport=445 | protocol=6 | dir=out | app=system |
"{400CA198-42A4-4B79-A235-4F7FAF0DA72E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A92A74F-33B0-44BD-8802-B89878CA653A}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FABAAEC-D8BC-4095-88AC-DD0418DF75C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A178D52-A2E5-4D3C-A3BA-EC61C4E9A394}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79BC8CDE-4701-4798-A2D8-BE1FE34FEB09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85AA44A7-4D35-4871-8966-5EE14BDC5385}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89E8BAB8-F63B-4023-9C9E-1EB4680BA89F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E8BFA24-94EA-48A6-A60D-E004A083288A}" = lport=139 | protocol=6 | dir=in | app=system |
"{9BA57DFB-A2B4-4D68-87E5-12B8D0235BF8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1B72158-698F-4994-9983-134147D297B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B35A84C3-825B-4A79-A91E-FAEE8BB5FBC2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA77305C-E1DE-4EAA-B40A-EA53106957AC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CB46D95E-874E-4F24-A982-EAC5280B4738}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{CB6FA65A-2876-46D6-8185-D7DBD5867C84}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB4F0D28-6046-4F06-9371-7D1F25A015A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{E51241EB-42CD-4813-A9E8-3E6ABA731B24}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050A7606-B9E3-459D-9642-225DF5472374}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{0F868D44-686F-4785-8CD4-1E15E687F53E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23A826AC-BABE-44B5-BFAA-80D70189E026}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{35A50A51-4301-407C-8B7A-511816E1CB8F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A5BD6DD-DCEB-496D-B711-8421D6E54125}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46041571-A6E6-483A-9D77-2D87F9C7E7AB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{4A06ED18-9C7C-4414-AEFE-0E6A1307B261}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{535CBC69-8FE5-427D-B752-9892CD6F441E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C7BDCBE-80E0-4A78-B1E7-1FBFE98183EC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{77AD18ED-22DB-4C37-8AD3-A393759055D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{78DA42D4-9B51-4F30-B84C-6642E5E6A84B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{908145B8-6B7B-477C-A16F-4C6130737362}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{9AB385A1-E0F5-4FA3-A99A-3144663FE511}" = protocol=6 | dir=out | app=system |
"{9EF5C358-59C0-4D42-9680-9F70F068F3E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A05978FA-5554-49C6-BC65-0F4D0AF939EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{A16ADE2E-90FC-46DE-A3B4-FD6BE9B8BAB6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{A8B2C394-1E0C-4223-8751-896CA8A6F9EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{B63030CD-092C-48B9-B334-1E0020197F7E}" = protocol=6 | dir=in | app=c:\users\duese\appdata\roaming\icqm\icq.exe |
"{B9D048C8-FC31-4A1B-83D0-3B909BA81939}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDD31C9F-D38C-495D-AF26-4F4B2E49C952}" = protocol=17 | dir=in | app=c:\users\duese\appdata\roaming\icqm\icq.exe |
"{C233F874-EB55-412E-B8A8-CE35D1125897}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5CAE030-3D27-45D7-A4F7-BC8827561928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD6A69D9-30AB-4D36-B3BD-D0964CE1E7DE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{D50F8FAD-0667-42FA-B204-FD8876EBCFC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E94CDCD8-951C-4737-8EB5-128C49A5A928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA6BA64B-7B48-4587-8663-D549F8E95BBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAECDA26-CAA6-449B-B237-D16BDF1CFDB3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F0A29024-8763-43C9-B246-4723A3CB3544}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F514342E-A893-4832-A2E9-5B2B085176F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB8EA05A-2F66-4057-944B-681114C6E05A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FE370C53-7FC6-4E40-8BA4-0A6CA5E714FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{960BBD34-54DC-4C54-9D59-C491F51B3C3F}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{0D8FE2BC-E0B3-41A6-867C-FF757084EC32}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B674B1E-1905-4830-ABD1-F6892F1C4394}" = ATI Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{9BAC7DBC-CFDB-62D3-0F88-2D231F0B4402}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0276A4D3-8450-8E49-C44B-9326DBD89E1E}" = Catalyst Control Center
"{078CCC02-D3A4-82D2-D98A-8737024E7124}" = CCC Help Chinese Traditional
"{12C00299-B8B4-40D3-9663-66ABEA3198AB}" = Sophos Client Firewall
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{182136CD-9EE5-57F6-3DC8-E62392E93E93}" = CCC Help Italian
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2360EC6E-C287-02C3-59D5-303040922C12}" = CCC Help Swedish
"{24D1C3CC-B529-C9B2-F349-8E0E0F464A43}" = CCC Help Russian
"{2B365FA7-BC10-2164-0F2F-871DBC603A8A}" = CCC Help Turkish
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41086B94-324A-0977-5098-38EB25AAA244}" = CCC Help Chinese Standard
"{478B37C5-64AB-0CEE-04B5-0B8F9FEA41C5}" = CCC Help Portuguese
"{49328737-A2E9-55C7-019D-C2A1C4EA1C32}" = Catalyst Control Center InstallProxy
"{49BC5CBB-27F7-E523-AE61-D1625FAEDDE1}" = CCC Help Japanese
"{4F5AF4FD-A590-7530-4D5D-4A9772961420}" = Catalyst Control Center Localization All
"{55A9990A-E980-71C4-B90F-01C4235C79FB}" = CCC Help Thai
"{57CA189D-BAEB-49BC-AE75-CE70E9B775E1}" = Catalyst Control Center - Branding
"{5A15E450-0894-D4A5-9E25-1D3DDA1F123F}" = CCC Help Dutch
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{64427AF4-5D83-C673-68D5-A067FF1002EC}" = CCC Help Finnish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A1419E0-4ECA-0DBE-F469-B79FDE3544C0}" = CCC Help Danish
"{6B5F27E0-38D1-15E2-A0BC-0FCE7064CE67}" = CCC Help French
"{6D5E077E-B748-299D-FD98-159CF35779E5}" = CCC Help Korean
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Wireless LAN Driver Installation Program for Windows7
"{8AE21DF5-B8C8-A53A-19E3-A84A2E143ED0}" = CCC Help Czech
"{8D5D02EB-C2BC-D8BD-FD88-5C362A50D945}" = Catalyst Control Center Profiles Mobile
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{927C832C-91DF-69C3-D468-476AC83E4D85}" = CCC Help Spanish
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A53E6062-D674-A400-2A7C-AF35A3D56324}" = CCC Help Polish
"{A7FDA790-9CE0-AE8F-94B9-6CAE8E07E396}" = CCC Help Hungarian
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ADE9605B-0432-B54C-8907-F89EB63C0DD0}" = CCC Help German
"{C30773F5-0746-C580-B32E-BF6F6854A5E2}" = PX Profile Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E1431A6A-C3B9-6573-DE0C-D004B500EF0C}" = CCC Help Norwegian
"{ED7BD1FD-2294-8515-32B7-991DE931A97E}" = CCC Help English
"{EDE01FC9-4790-0FFA-5B92-C401C865F9A5}" = CCC Help Greek
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ImgBurn" = ImgBurn
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2013 01:30:40 | Computer Name = duese-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 01:48:51 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.04.2013 10:19:51 | Computer Name = duese-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Microsoft Windows Search Protocol Host"
konnte nicht heruntergefahren werden.
Error - 26.04.2013 02:14:18 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 26.04.2013 05:07:20 | Computer Name = duese-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2013 10:23:00 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 26.04.2013 18:13:13 | Computer Name = duese-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.6.0, Zeitstempel:
0x516335f9 Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.6.0, Zeitstempel:
0x516335f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000006ebf ID des fehlerhaften
Prozesses: 0x15b4 Startzeit der fehlerhaften Anwendung: 0x01ce42cb3bce1a66 Pfad der
fehlerhaften Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften
Moduls: C:\Program Files\VideoLAN\VLC\vlc.exe Berichtskennung: 7c2f30b3-aebe-11e2-8166-4c0f6e75664a
Error - 27.04.2013 13:02:42 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.04.2013 02:56:18 | Computer Name = duese-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.04.2013 03:06:26 | Computer Name = duese-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.04.2013 05:04:06 | Computer Name = duese-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.04.2013 13:24:24 | Computer Name = duese-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 27.04.2013 20:02:55 | Computer Name = duese-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst iphlpsvc erreicht.
Error - 27.04.2013 20:03:06 | Computer Name = duese-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 28.04.2013 02:53:39 | Computer Name = duese-PC | Source = DCOM | ID = 10010
Description =
Error - 28.04.2013 02:54:03 | Computer Name = duese-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 28.04.2013 02:55:27 | Computer Name = duese-PC | Source = bowser | ID = 8003
Description =
Error - 28.04.2013 03:06:06 | Computer Name = duese-PC | Source = DCOM | ID = 10000
Description =
Error - 28.04.2013 04:11:37 | Computer Name = duese-PC | Source = DCOM | ID = 10010
Description =
Error - 28.04.2013 05:04:06 | Computer Name = duese-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 28.04.2013 08:07:45 | Computer Name = duese-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
< End of report >
Vielen Dank schonmal Geändert von duese91 (28.04.2013 um 15:16 Uhr) Grund: doppelpost |
|
28.04.2013, 15:59
| #8 |
| /// Helfer-Team | e.ligatus.com Alles unauffaellig. Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
11.06.2013, 09:10
| #9 |
| /// Helfer-Team | e.ligatus.com Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu e.ligatus.com |
| 7-zip, akamai, antivir, autorun, avira, bho, converter, dvdvideosoft ltd., e.ligatus, error, excel, failed, firefox, flash player, google, home, igdpmd64.sys, install.exe, launch, lightning, mozilla, mp3, officejet, plug-in, problem, realtek, registry, rundll, scan, security, software, spotify web helper, super, svchost.exe, symantec, windows, wlansvc |
Linear-Darstellung
