Hallo ihr Helfenden,

habe gestern mit dem Scanner von AVAST meine externe Festplatte gescannt und dabei wurde ein Virus gefunden.

Ursprünglicher Dateiname:
00-=RapGodFather.com-= Daily Updated Hip-Hop News & Downloads - Home.url

Beschreibung:
INI:Shortcut-inf [Trj]

Finde leider bei avast! kein Protokoll oder Logdatei, die ich hier posten könnte.

Bin im Moment dabei, einen vollständigen Suchlauf mit Malwarebytes zu machen und werde die Logdatei danach hier posten.
Gibt es sonst noch etwas, das ich erstmal tun könnte?

Ach ja, mein Laptop ist erst ein paar Tage alt und es ist Windows 8 drauf.

Vielen Dank schonmal im Vorraus für eure Hilfe.

Gruß

Habe nun mit Malwarebytes alles gescannt, auch die externe. Hat nichts gefunden.

Im Log-Ordner von avast! kann ich leider das Log von dem Scan der den Trojaner gefunden hat nicht finden.
Und auch in den Einstellungen ist nicht ersichtlich, wo sie sonst gespeichert sein könnten.
Und das Protokoll sagt mir auch nur, dass er sich derzeit im Container befindet.

Soll ich die Logs von Malwarebytes posten?

Was kann ich tun?

Danke und Gruß

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Hallo cosinus,

danke erstmal für deine Antwort.

Nein, ich habe leider keine anderen Logs, da der Laptop erst ein paar Tage alt ist.

Sollte ich denn auf dem alten Rechner mal gucken, ob ich Logs finde von Scans bei denen die externe mitgescant wurde (ich weiß allerdings nicht, ob es welche gibt)? Oder wären die nutzlos?

Das Log von dem fündigen avast! Scan konnte ich immernoch nicht finden...

Danke und Gruß

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in CODE-Tags in den Thread.

Guten Morgen,

werde mir gleich OTL runterladen, habe aber noch eine Frage, bevor ich den Fix durchführe:

soll ich die externe, auf der der Trojaner ja lokalisiert war, jetzt jedesmal anschließen? Oder habe ich den Virus, indem ich ihn in den Container gesteckt hab, sozusagen auf den Laptop gezogen? Ist die Platte jetzt "sauber"? Oder wie muss ich mir das vorstellen?
(Sorry für die blöden Fragen, aber ich hab echt keine Ahnung, wie so etwas von statten geht)

Da du schreibst, auch Logs von Malwarebytes OHNE FUND sollen gepostet werden, hier die Logs (einmal externe, einmal Rechner):

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.05.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
henning :: BÄR [Administrator]

05.05.2013 16:19:21
mbam-log-2013-05-05 (16-19-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349880
Laufzeit: 30 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.05.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
henning :: BÄR [Administrator]

05.05.2013 11:45:44
mbam-log-2013-05-05 (11-45-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 539290
Laufzeit: 1 Stunde(n), 20 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Gruß

Welcher Fix? Hier wurde noch kein Fix gepostet, Logs mit OTL zu erstellen ist kein Fix

Tut mir leid. Verwechslung.
Also: wenn ich nun mit OTL scanne, soll ich die externe anschließen oder nicht?

Hm, ist eigentlich egal. Naja pack sie mal ruhig ran

Hier die Logfildes:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 08.05.2013 09:00:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\henning\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,88 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 56,22% Memory free
4,57 Gb Paging File | 2,70 Gb Available in Paging File | 59,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 721,52 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 41,38 Gb Free Space | 68,97% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 184,28 Gb Free Space | 39,58% Space Free | Partition Type: FAT32
 
Computer Name: BÄR | User Name: henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\henning\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\henning\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe ()
PRC - C:\Program Files (x86)\PHotkey\POSD.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PHotkey\GPMTray.exe ()
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe ()
PRC - C:\Program Files (x86)\PHotkey\HCSynApi.exe (TODO: <Company name>)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - c:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - c:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe ()
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\..\SearchScopes,DefaultScope = {08C348DD-4A2A-4D8A-8CB0-76ED069C86DE}
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\..\SearchScopes\{08C348DD-4A2A-4D8A-8CB0-76ED069C86DE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.29 12:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.23 18:47:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.04.23 18:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\henning\AppData\Roaming\mozilla\Extensions
[2013.04.23 18:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.29 12:22:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1281773549-982182065-3777356010-1002..\Run: [AshSnap] C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Snap\ashsnap.exe File not found
O4 - HKU\S-1-5-21-1281773549-982182065-3777356010-1002..\Run: [Spotify Web Helper] C:\Users\henning\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - c:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9841AA75-9506-40E5-A902-7CD7ACE4F26D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.07 09:12:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\henning\Desktop\OTL.exe
[2013.05.05 11:44:55 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Malwarebytes
[2013.05.05 11:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.05 11:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.05 11:44:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.05 11:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.05 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Programs
[2013.05.04 09:44:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\photoOptimizeHistoryDataBase
[2013.05.04 09:44:12 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Ashampoo Photo Optimizer Medion
[2013.05.04 09:40:33 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Ashampoo
[2013.05.03 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.03 10:12:30 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\MediaServer
[2013.05.03 10:06:15 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\CyberLink
[2013.04.29 12:22:42 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.04.29 12:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.04.29 12:22:41 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.04.29 12:22:39 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.04.29 12:22:39 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.04.29 12:22:26 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.04.29 12:22:25 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.04.29 12:22:23 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.04.29 12:21:56 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.29 12:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.04.29 12:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.04.29 11:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2013.04.26 10:41:33 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\vlc
[2013.04.26 10:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.26 10:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.04.26 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\modul5
[2013.04.26 09:37:33 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Med
[2013.04.26 09:37:30 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\LernBär Modul 4
[2013.04.26 09:37:28 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Krankenkasse
[2013.04.26 09:37:27 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Bilder
[2013.04.26 09:37:11 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Arbeit
[2013.04.26 09:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.26 09:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.26 09:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.04.26 08:45:31 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013.04.26 08:45:30 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013.04.26 08:45:29 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013.04.26 08:45:22 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.04.26 08:45:21 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013.04.26 08:45:21 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013.04.26 08:45:20 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013.04.26 08:45:20 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013.04.26 08:45:20 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013.04.26 08:45:19 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013.04.26 08:45:19 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013.04.26 08:45:17 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013.04.26 08:45:17 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013.04.26 08:45:16 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.04.26 08:45:15 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013.04.26 08:45:15 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.04.26 08:45:15 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.04.26 08:45:15 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.04.26 08:45:15 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.04.26 08:45:15 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013.04.26 08:45:14 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.04.26 08:45:14 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013.04.26 08:45:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013.04.26 08:45:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013.04.25 19:22:33 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2013.04.25 19:22:33 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2013.04.25 19:22:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2013.04.25 19:22:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2013.04.25 19:22:30 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013.04.25 19:22:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013.04.25 19:22:30 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013.04.25 19:22:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.04.25 19:22:30 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013.04.25 19:22:30 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.04.25 19:22:13 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2013.04.25 19:22:11 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2013.04.25 19:22:09 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013.04.25 19:22:09 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013.04.25 19:22:08 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2013.04.25 19:22:08 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.04.25 19:22:07 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.04.25 19:22:07 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2013.04.25 19:22:07 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013.04.25 19:22:07 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013.04.25 19:22:07 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013.04.25 19:22:03 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2013.04.25 19:22:03 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013.04.25 19:22:02 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2013.04.25 19:22:02 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2013.04.25 19:22:02 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013.04.25 19:22:02 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2013.04.25 19:22:02 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2013.04.25 19:22:02 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2013.04.25 19:22:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2013.04.25 19:22:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2013.04.25 19:22:02 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2013.04.25 19:22:01 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.04.25 19:22:00 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.04.25 19:22:00 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2013.04.25 19:21:59 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2013.04.25 19:21:59 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2013.04.25 19:21:59 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013.04.25 19:21:58 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2013.04.25 19:21:58 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2013.04.25 19:21:58 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2013.04.25 19:21:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2013.04.25 19:21:58 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2013.04.25 19:21:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2013.04.25 19:21:57 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2013.04.25 19:21:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2013.04.25 19:21:57 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2013.04.25 19:21:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2013.04.25 19:21:55 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2013.04.25 19:21:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2013.04.25 19:21:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2013.04.25 19:21:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2013.04.25 18:22:13 | 000,692,576 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.25 18:22:13 | 000,078,176 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.25 18:17:03 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013.04.25 17:52:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013.04.25 17:52:44 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013.04.25 17:52:44 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013.04.25 17:52:44 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013.04.25 17:52:43 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.04.25 17:52:43 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.04.25 17:52:09 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013.04.25 17:52:09 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013.04.25 17:52:09 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013.04.25 17:52:08 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013.04.25 17:52:06 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013.04.25 17:52:06 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013.04.25 17:52:06 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013.04.25 17:52:06 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013.04.25 17:52:05 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.04.25 17:52:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013.04.25 17:52:05 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013.04.25 17:52:04 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013.04.25 17:52:04 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013.04.25 17:52:04 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.04.25 17:52:04 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013.04.25 17:52:04 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.04.25 17:52:04 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013.04.25 17:52:04 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013.04.25 17:52:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013.04.25 17:52:04 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013.04.25 17:52:04 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013.04.25 17:52:04 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013.04.25 17:52:04 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013.04.25 17:52:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013.04.25 17:52:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013.04.25 17:51:49 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.04.25 17:51:48 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013.04.25 17:51:47 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.04.25 17:51:45 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.25 17:51:43 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.25 17:51:42 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013.04.25 17:51:42 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013.04.25 17:51:42 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013.04.25 17:51:42 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013.04.25 17:51:42 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013.04.25 17:51:42 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013.04.25 17:51:42 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013.04.25 17:51:42 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013.04.25 17:51:41 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.25 17:51:41 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.04.25 17:51:41 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013.04.25 17:51:41 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.04.25 17:51:41 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013.04.25 17:51:41 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013.04.25 17:51:41 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013.04.25 17:51:41 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013.04.25 17:51:40 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.04.25 17:51:40 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013.04.25 17:51:40 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013.04.25 17:51:40 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.04.25 17:51:40 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.04.25 17:51:40 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013.04.25 17:51:39 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.04.25 17:51:39 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013.04.25 17:51:39 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013.04.25 17:51:39 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013.04.25 17:51:39 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013.04.25 17:51:39 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013.04.25 17:51:39 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.04.25 17:51:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013.04.25 17:51:39 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.04.25 17:51:38 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.04.25 17:51:38 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.04.25 17:51:38 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013.04.25 17:51:38 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013.04.25 17:51:38 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013.04.25 17:51:38 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013.04.25 17:51:38 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.04.25 17:51:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.04.25 17:51:38 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.04.25 17:51:38 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.04.25 17:51:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.04.25 17:51:37 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013.04.25 17:51:36 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013.04.25 17:51:36 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013.04.25 17:51:36 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013.04.25 17:51:36 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013.04.25 17:51:36 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013.04.25 17:51:36 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013.04.25 17:51:36 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013.04.25 17:51:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013.04.25 17:51:35 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.04.25 17:51:35 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013.04.25 17:51:35 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013.04.25 17:51:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013.04.25 17:51:35 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.04.25 17:51:35 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013.04.25 17:51:35 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013.04.25 17:51:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.04.25 17:51:35 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013.04.25 17:51:35 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013.04.25 17:51:35 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013.04.25 17:51:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2013.04.25 17:51:34 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2013.04.25 17:51:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2013.04.25 17:51:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2013.04.25 17:51:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2013.04.25 17:51:04 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.04.25 17:51:01 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.04.25 17:50:56 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.04.25 17:50:56 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013.04.25 17:50:56 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013.04.25 17:50:56 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013.04.25 17:50:56 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.04.25 17:50:56 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013.04.25 17:50:56 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.04.25 17:50:56 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013.04.25 17:50:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013.04.25 17:50:56 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013.04.25 17:50:56 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.04.25 17:50:56 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.04.25 17:50:56 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013.04.25 17:50:56 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.04.25 17:50:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013.04.25 17:50:55 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013.04.25 17:50:55 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013.04.25 17:50:55 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013.04.25 17:50:55 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.04.25 17:50:55 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013.04.25 17:50:55 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.04.25 17:50:55 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013.04.25 17:50:55 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013.04.25 17:50:55 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013.04.25 17:50:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2013.04.25 17:50:55 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013.04.25 17:50:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013.04.25 17:50:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013.04.25 17:50:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013.04.25 17:50:45 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.04.25 17:50:45 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.04.25 17:50:44 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.04.25 17:50:44 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.04.25 17:50:42 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.04.25 17:50:42 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013.04.25 17:50:42 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013.04.25 17:50:42 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013.04.25 17:50:42 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013.04.24 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Macromedia
[2013.04.24 20:13:17 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\OpenOffice.org
[2013.04.24 20:03:14 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Apple Computer
[2013.04.24 20:03:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Apple Computer
[2013.04.24 20:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.04.24 20:02:23 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.04.24 20:01:14 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.04.24 20:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.04.24 19:55:51 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Apple
[2013.04.24 19:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.04.24 19:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.04.24 19:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.24 19:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.04.24 19:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.04.24 19:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.04.24 19:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.04.24 19:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\redist
[2013.04.24 19:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\readmes
[2013.04.24 19:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\licenses
[2013.04.24 19:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.24 19:06:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Foxit Software
[2013.04.24 19:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.04.24 18:58:05 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Spotify
[2013.04.24 18:57:23 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Spotify
[2013.04.24 18:35:14 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.24 18:35:10 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.04.24 18:35:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.24 18:35:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.24 18:35:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.24 18:35:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.24 18:35:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.24 18:35:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.24 18:35:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.24 18:35:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.04.24 18:35:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.24 18:35:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.04.24 18:35:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.24 18:35:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.24 18:35:08 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013.04.24 18:35:08 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013.04.24 18:34:48 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.24 18:34:46 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.04.24 18:34:46 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.04.24 18:34:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013.04.24 18:34:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013.04.24 18:34:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013.04.24 18:34:46 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013.04.24 18:34:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013.04.24 18:34:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013.04.24 18:34:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013.04.24 18:34:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013.04.24 18:34:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013.04.24 18:34:46 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013.04.24 18:34:46 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013.04.24 18:34:46 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013.04.24 18:34:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.04.24 18:34:36 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013.04.24 18:34:35 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013.04.24 18:34:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013.04.24 18:34:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013.04.24 18:34:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.04.24 18:34:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.04.24 18:34:27 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.04.24 18:34:27 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.04.24 18:34:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.04.24 18:34:27 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.04.24 18:34:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.04.24 18:34:27 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.04.24 18:34:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013.04.24 18:34:27 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013.04.23 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Lenovo
[2013.04.23 18:59:12 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\My Videos
[2013.04.23 18:53:31 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Avatar
[2013.04.23 18:52:41 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\CyberLink
[2013.04.23 18:47:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Mozilla
[2013.04.23 18:47:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Mozilla
[2013.04.23 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.04.23 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.23 18:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.23 18:28:07 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Macromedia
[2013.04.23 18:27:10 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Youcam
[2013.04.23 18:27:07 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\CyberLink
[2013.04.23 18:25:42 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Power2Go8
[2013.04.23 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.23 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\henning\Searches
[2013.04.23 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\henning\Contacts
[2013.04.23 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.23 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Adobe
[2013.04.23 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\VirtualStore
[2013.04.23 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Packages
[2013.04.23 18:22:51 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Intel
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Vorlagen
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\AppData\Local\Verlauf
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\AppData\Local\Temporary Internet Files
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Startmenü
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\SendTo
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Recent
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Netzwerkumgebung
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Lokale Einstellungen
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Documents\Eigene Videos
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Documents\Eigene Musik
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Eigene Dateien
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Documents\Eigene Bilder
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Druckumgebung
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Cookies
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\AppData\Local\Anwendungsdaten
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Anwendungsdaten
[2013.04.23 18:22:46 | 000,000,000 | --SD | C] -- C:\Users\henning\AppData\Roaming\Microsoft
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Videos
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Saved Games
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Pictures
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Music
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Links
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Favorites
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Downloads
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Documents
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Desktop
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.04.23 18:22:46 | 000,000,000 | -H-D | C] -- C:\Users\henning\AppData
[2013.04.23 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Temp
[2013.04.23 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\henning\Roaming
[2013.04.23 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Microsoft
[2013.04.23 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.23 18:22:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 09:00:08 | 003,227,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.08 09:00:08 | 000,786,588 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.05.08 09:00:08 | 000,754,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.08 09:00:08 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.08 09:00:08 | 000,456,714 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013.05.08 09:00:08 | 000,159,122 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.05.08 09:00:08 | 000,156,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.08 09:00:08 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.08 09:00:08 | 000,079,958 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013.05.08 08:56:40 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.05.07 23:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.07 09:12:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\henning\Desktop\OTL.exe
[2013.05.06 18:30:18 | 3336,159,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.06 18:30:18 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.05 11:44:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.29 12:29:22 | 000,326,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.29 12:27:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.04.29 12:22:42 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.26 10:32:29 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.26 09:49:02 | 000,000,913 | ---- | M] () -- C:\Users\henning\Desktop\Dokumente.lnk
[2013.04.24 20:03:09 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.24 18:58:04 | 000,001,814 | ---- | M] () -- C:\Users\henning\Desktop\Spotify.lnk
[2013.04.23 18:47:04 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.05 11:44:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.29 12:29:10 | 000,326,896 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.29 12:22:42 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.29 12:22:26 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.04.29 12:22:26 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.04.29 12:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.04.26 10:32:29 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.26 09:49:02 | 000,000,913 | ---- | C] () -- C:\Users\henning\Desktop\Dokumente.lnk
[2013.04.26 09:38:26 | 000,704,036 | ---- | C] () -- C:\Users\henning\Documents\Sedcard Antonia Hoppe.pdf
[2013.04.26 09:38:26 | 000,080,317 | ---- | C] () -- C:\Users\henning\Documents\Setcard Antonia Hoppe
[2013.04.26 09:38:25 | 000,711,321 | ---- | C] () -- C:\Users\henning\Documents\Sedcard Antonia Hoppe HostessServicekraft.pdf
[2013.04.26 09:38:25 | 000,178,051 | ---- | C] () -- C:\Users\henning\Documents\Sedcard Antonia Hoppe (2).PDF
[2013.04.26 09:38:25 | 000,161,970 | R--- | C] () -- C:\Users\henning\Documents\Potential Allstars Sedcard-Angaben.pdf
[2013.04.26 09:38:25 | 000,092,847 | ---- | C] () -- C:\Users\henning\Documents\Porträt.JPG
[2013.04.26 09:38:25 | 000,092,345 | ---- | C] () -- C:\Users\henning\Documents\Lebenslauf mit Lichtbild.pdf
[2013.04.26 09:38:25 | 000,068,702 | ---- | C] () -- C:\Users\henning\Documents\IMG_4079.JPG
[2013.04.26 09:38:24 | 000,068,884 | ---- | C] () -- C:\Users\henning\Documents\Ganzkörper.JPG
[2013.04.26 09:38:24 | 000,065,024 | ---- | C] () -- C:\Users\henning\Documents\Bahncard Kündigung
[2013.04.26 09:38:24 | 000,012,446 | ---- | C] () -- C:\Users\henning\Documents\Brief an das FA
[2013.04.25 17:51:39 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.04.24 20:03:09 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.24 19:55:49 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.04.24 19:54:14 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.24 18:58:04 | 000,001,814 | ---- | C] () -- C:\Users\henning\Desktop\Spotify.lnk
[2013.04.24 18:58:04 | 000,001,800 | ---- | C] () -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.04.23 18:47:04 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.23 18:47:04 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.23 18:25:03 | 000,001,442 | ---- | C] () -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.23 18:24:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\MEDION_NB_P6638_20051921.mrk
[2012.11.15 14:35:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.11.15 13:29:20 | 005,152,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.09 00:28:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.09 00:28:55 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.11.09 00:28:55 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.08 21:51:38 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files (x86)\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012.11.15 14:36:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 08.05.2013 09:00:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\henning\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,88 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 56,22% Memory free
4,57 Gb Paging File | 2,70 Gb Available in Paging File | 59,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 721,52 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 41,38 Gb Free Space | 68,97% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 184,28 Gb Free Space | 39,58% Space Free | Partition Type: FAT32
 
Computer Name: BÄR | User Name: henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0005A9B1-A008-4796-9A60-450D4041AE93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0775BEEC-803C-4816-8B03-341A0F2C9AC6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0BA2798F-CA53-4CC0-9476-939ABC04E4D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{124215A1-1E03-435C-B24F-ADCA1D8411B8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{302092B5-DC80-476C-8B4A-CB71664F858F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{31231A3F-62FC-4AC9-AE6C-67B58BDA5A9B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3A82E2B1-6D9D-42E0-88E2-0463BBC62BA9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6209049D-56E4-4C51-8B2B-218364A8EF3C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6778CFA2-BE97-42C9-932C-58A38180BDC1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6A38B9FA-5D49-4302-ADC9-14C49A6BF2DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6EFA0D57-CB72-4A16-800E-DB610752AB84}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7B6AB435-F956-4EAF-BD49-96DFE45862FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B2F58D7-46FC-497E-BE41-05315B88F14D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EFC7751-88EB-4AE7-A686-C17C576DE2ED}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F54C6BC-460C-4463-AE15-15DA54D96614}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F77360B-198E-4D71-AA1B-ED4F905101A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95B4B7DC-6021-4C14-A9FA-E6A77CBB1CA4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A67BEC96-47AB-4F38-99E2-23DE72CD90B8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AA617932-50CB-4DD4-8146-2667E8EC0120}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B3C18A7A-A3B3-4497-94F4-25748C9A9EE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B68E5BEC-81B2-4FFF-B762-751555FF1AE3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E35F4C65-B643-4484-A629-CC3910941402}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB33CFB4-BF56-476A-BF0C-794D23EE3AF9}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5FA1DB-1119-4E58-8C1C-8352F58AE430}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{10DE0ED0-871D-4C58-9A45-2608FF9562C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{110A880A-2BBB-481C-BD36-BB23689BEA7F}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{15FC3FFE-3DAA-49D7-8766-935455E01319}" = dir=out | name=wordament | 
"{1DD9C24F-C34C-4242-970A-59D8546BE18F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{204A76A6-6969-43B7-B127-1CBAFB8D98C7}" = dir=out | name=microsoft mahjong | 
"{22ED19A2-620B-427C-9148-CAD1A0B47FDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A00176F-1135-471F-BCA2-DDD383D4CCC3}" = dir=out | name=adera | 
"{2CD4700E-2F1B-4AC0-A643-C5998CEE86DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DD5B198-F19D-4922-829F-3351C1514726}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DF87CA4-9215-400D-ADF5-01C6A661F128}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{3495892C-F953-40BF-8751-0A490526EA1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{36A47206-6651-4E46-B5E5-6DFFEB87DCF2}" = dir=out | name=microsoft minesweeper | 
"{376ABBD0-FA97-4CB6-929C-7B1EEA4E8195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A27FC7A-F11E-470F-BFF6-804DEDA4F83B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{3F46C518-30FF-40D5-A5AA-DD5ADDAEC076}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{42C165C6-58F4-4C9A-92FE-907C178867B1}" = dir=out | name=windows_ie_ac_001 | 
"{4840850F-C69D-469A-AC3D-0815E3E67A61}" = dir=out | name=taptiles | 
"{48EE32AA-3627-4117-964A-63260503D7F4}" = dir=out | name=windows_ie_ac_001 | 
"{5BAF0E41-95C0-46A1-9713-30E28457C345}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{610E8104-27BF-4C2C-8C03-01DCAA4D3C91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63C40546-F4FD-4A36-868B-0025B6F14003}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{6493CCFA-AB7E-40F8-9DC7-09F312ED292C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{693DF6D8-E576-405B-9AF9-6D07067DE671}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 
"{6C7FA854-9BF2-4429-9303-EC7D9202B0CA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{6DC80B60-BD6E-4266-8B39-06D16E96B302}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7193D5D5-DAC6-4EEB-92FA-0792EE07F908}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{71D067CA-43A8-4DE6-A91D-7C64B1535556}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7261C1EE-D68E-4A75-ABD2-1BD51B7B314E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{7559C612-737A-438C-BC54-BA6A85784CB7}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{7AFFC3DC-9BCE-4C0E-9473-C0A6A7ACADA7}" = dir=out | name=microsoft solitaire collection | 
"{7E3D863E-61E1-4ED0-B0B1-325C57C9BB70}" = dir=out | name=youcam for medion | 
"{804DBC88-CBD3-48BE-A5C7-3978474C523F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{85F4B98A-B13C-4D6A-8E8A-E5E1C3A69415}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{919726A9-217D-45A2-BF48-2A92546D0B29}" = dir=out | name=pentomino | 
"{93D3F2E1-9CCF-4D3A-B33C-B5AC70152072}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{9A541657-6769-428D-83CA-4B28C27307C3}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9EADB734-EA18-4DC6-9192-A5E3320B32DA}" = protocol=6 | dir=out | app=system | 
"{A73909CD-1B1A-4153-B6FD-BF1609D8B33A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3F64DA3-34A9-4ABD-84B6-4638F0D4E63C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{B6A1D9B6-B73A-4BDC-BD8D-C720A3058854}" = dir=out | name=accuweather for windows 8 | 
"{B9C5719D-83AA-4C2B-8884-8B0A300847C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BCC135C9-A9CE-4CE1-9A24-B947559B901C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{C0C263E3-6902-4054-B970-5534E9E604B4}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{D7BCB6B7-CBDC-46DB-A9EC-F4DBFC145AB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DA160ECD-3DF1-429D-AE0E-A0F3533A74C3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E428B22D-9916-4D24-B8C4-5F30B57A7190}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E5C3A63B-08C6-4810-B142-72ABDA5BBAF6}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7A02481-A59D-4A8E-96DE-A6721150FB43}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{EDB85A50-417D-4E4F-AF1B-EB05C9587E60}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{F13E2EFA-EB15-41E6-8C70-95FD0696C12F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1B0DF1B-3D3C-497E-BC9C-1B0AA4DED05B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F50C924C-F439-4563-9928-793CC1CC6BBD}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{FB6A9B97-7A66-4949-BE42-00083FA60531}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{FC44FF5A-9C74-4172-BFB5-F20CD0DA4928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{774B5691-9C74-4A51-8226-6E4C793B96BF}C:\users\henning\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\henning\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1436310F-1ADE-49AF-9FC9-9E7971F54712}C:\users\henning\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\henning\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 01.05.2013 10:09:45 | Computer Name = Bär | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 04.05.2013 10:25:21 | Computer Name = Bär | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 04.05.2013 14:30:34 | Computer Name = Bär | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 04.05.2013 14:33:52 | Computer Name = Bär | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 05.05.2013 06:09:57 | Computer Name = Bär | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 05.05.2013 07:05:10 | Computer Name = Bär | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 06.05.2013 12:36:21 | Computer Name = Bär | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?05.?2013 um 18:15:35 unerwartet heruntergefahren.
 
Error - 06.05.2013 12:30:10 | Computer Name = Bär | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 06.05.2013 12:40:45 | Computer Name = Bär | Source = DCOM | ID = 10010
Description = 
 
Error - 06.05.2013 12:40:45 | Computer Name = Bär | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
 
 
< End of report >
         

Rootkitscan mit GMER

Bitte lade dir GMER herunter: (Dateiname zufällig)

• Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
• Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:

  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?
  

  Unbedingt auf "No" klicken.
• Entferne rechts den Haken bei: IAT/EAT und Show All
• Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
• Starte den Scan mit "Scan".
• Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

• Probiere alternativ den abgesicherten Modus.
• Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Während des Scans mit GMER kamen zwei Meldungen:

C:/windows/system32/config/system Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Und das gleiche mit
C:/users/henning/ntuser.dat


Wenn ich jetzt Malwarebytes Anti-Rootkit starten will erscheint ein Fenster:

Probable rootkit activity detected
Registry value "Applnit_Dlls" has been found which may be caused by rootkit activity.
Do you want to remove this value and restart the tool?

ja oder nein klicken?

Bei MBAR bitte auf nein klicken, dann normal weitermachen. Vor dem Scan updaten!!!

So. MBAR findet nix. Kein Claenup nötig, sagt er.

Die Logs sind immer zu posten, egal ob Fund oder kein Fund

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.08.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
henning :: BÄR [administrator]

08.05.2013 10:40:13
mbar-log-2013-05-08 (10-40-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 7702
Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)