Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 16

Thema: Win32/Small.CA-Virus

  1. #1
    Einsteiger
    Registriert seit
    30.12.2012
    Beiträge
    11

    Win32/Small.CA-Virus

    Hallo!

    Windows hat den Win32/Small.CA-Virus gefunden. Die Meldung dazu lautet:

    Code:
     
    Entfernen des Win32/Small.CA-Virus von Ihrem PC
    Dieses Problem wurde von Win32/Small.CA verursacht, einem bekannten Computervirus.
    
    
    Tippen oder klicken Sie, um auf der Website von Microsoft Corporation Informationen zur Lösung zu erhalten.
    Weitere Informationen
    
    
    Besuchen Sie die folgende Website, um sich im Hinblick auf die neuesten Sicherheitsbedrohungen auf dem aktuellen Stand zu halten:Microsoft-Sicherheit
    Wenn Sie eine Liste der Anti-Spyware-, Anti-Adware- und Antivirenlösungen von Microsoft und Drittanbietern anzeigen möchten, besuchen Sie die folgende Website:
    
    Anbieter von Sicherheitssoftware
    Hinweis
    Sie können diesen und viele weitere Fehler verhindern, indem Sie Automatische Updates aktivieren und eine stets aktuelle Antivirensoftware ausführen.Mit automatischen Updates ist Ihr Computer immer auf dem neuesten Sicherheitsstand, und Sie werden informiert, sobald Updates zur Verfügung stehen.Weitere Informationen erhalten Sie auf der folgenden Website:
    
    Windows Update:Häufig gestellte Fragen
    Eine Liste der Anbieter von Antivirensoftware finden Sie online im folgenden Artikel:Liste der Anbieter von Antivirensoftware
    Der Test mit der verlinkten Software (http://www.microsoft.com/security/sc...e/default.aspx) hat keinen Virus gefunden
    Der Test mit folgender Sophos-Version hat keine Virusse oder Ähnliches gefunden.

    Code:
    [Allgemein]  
    Endpoint Security and Control =  10.2 
    Derzeitige Benutzerrechte =  Sophos Administrator 
     
    [Antivirus und HIPS] 
    -[ Software]
    Sophos Anti-Virus 10.2.2 
    Veröffentlichungsstatus Full 
    On-Access-Status Aktiviert 
    Detection Engine 3.38.1 
    Erkennungsdaten 4.84G 
    Datum der Virendaten 10.12.2012 
    Objekte erkannt 4326894 
    Erkennungsdateien 380 
    Version der HIPS-Regeln 9.7.8 
    Version der HIPS-Konfiguration 1.0.4 
    Letztes Update 30.12.2012 09:32:53 
     
    +[ Komponenten]
    AuthorisedLists.dll 10.2.0.7002 , size 150592 bytes  
    BackgroundScanning.dll 10.2.0.7002 , size 71744 bytes  
    BHOManagement.dll 10.2.0.7002 , size 204352 bytes  
    Categories.dll 10.2.0.7002 , size 15424 bytes  
    ComponentManager.dll 10.2.0.7002 , size 91712 bytes  
    Configuration.dll 10.2.0.7002 , size 380480 bytes  
    DesktopMessaging.dll 10.2.1.7005 , size 391232 bytes  
    DetectionFeedback.dll 10.2.0.7002 , size 614976 bytes  
    DriveProcessor.dll 10.2.0.7002 , size 156736 bytes  
    EEConsumer.dll 10.2.0.7002 , size 113728 bytes  
    FilterProcessors.dll 10.2.0.7002 , size 256576 bytes  
    FSDecomposer.dll 10.2.0.7002 , size 97344 bytes  
    ICAdapter.dll 10.2.0.7002 , size 164416 bytes  
    ICManagement.dll 10.2.1.7005 , size 436800 bytes  
    ICProcessors.dll 10.2.0.7002 , size 272448 bytes  
    LegacyConsumers.dll 10.2.0.7002 , size 146496 bytes  
    Localisation.dll 10.2.0.7002 , size 129088 bytes  
    Logging.dll 10.2.0.7002 , size 516672 bytes  
    osdp.dll 1.44.0.2031 , size 217664 bytes  
    Persistance.dll 10.2.0.7002 , size 100928 bytes  
    rkdisk.dll 1.5.30.0 , size 109592 bytes  
    SavAdapter.dll 10.2.1.7005 , size 959552 bytes  
    SAVControl.dll 10.2.1.7005 , size 116800 bytes  
    SAVI.dll 7.5.11.2031 , size 1609792 bytes  
    SAVMSCM.DLL 2.00.1503 , size 249880 bytes  
    SavNeutralRes.dll 10.2.0.7002 , size 3180096 bytes  
    SavPlugin.dll 10.2.0.7002 , size 100928 bytes  
    SavRes.dll 10.2.2.7006 , size 714816 bytes  
    SavResChs.dll 10.2.0.7002 , size 133696 bytes  
    SavResCht.dll 10.2.1.7005 , size 134208 bytes  
    SavResDeu.dll 10.2.0.7002 , size 193088 bytes  
    SavResEng.dll 10.2.0.7002 , size 184896 bytes  
    SavResEsp.dll 10.2.0.7002 , size 192576 bytes  
    SavResFra.dll 10.2.0.7002 , size 204352 bytes  
    SavResIt.dll 10.2.2.7006 , size 199232 bytes  
    SavResJap.dll 10.2.0.7002 , size 148544 bytes  
    SavShellExt.dll 10.2.0.7002 , size 208960 bytes  
    SavShellExtX64.dll 10.2.0.7002 , size 553536 bytes  
    ScanEditExports.dll 10.2.0.7002 , size 26176 bytes  
    ScanEditFacade.dll 10.2.0.7002 , size 205888 bytes  
    ScanManagement.dll 10.2.0.7002 , size 284736 bytes  
    Security.dll 10.2.0.7002 , size 135744 bytes  
    SIPSManagement.dll 10.2.1.7005 , size 554048 bytes  
    sophos_detoured.dll 10.2.0.7002 , size 221840 bytes  
    sophos_detoured_x64.dll 10.2.0.7002 , size 218256 bytes  
    SophtainerAdapter.dll 10.2.0.7002 , size 99392 bytes  
    sophtlib.dll 1.00.0.2031 , size 397376 bytes  
    SWIManagement.dll 10.2.0.7002 , size 145984 bytes  
    SystemInformation.dll 10.2.0.7002 , size 175168 bytes  
    TamperProtectionControl.dll 10.2.0.7002 , size 46656 bytes  
    TamperProtectionManagement.dll 10.2.0.7002 , size 112704 bytes  
    TamperProtectionPlugin.dll 10.2.0.7002 , size 247872 bytes  
    ThreatDetection.dll 10.2.0.7002 , size 541760 bytes  
    ThreatManagement.dll 10.2.0.7002 , size 698944 bytes  
    Translators.dll 10.2.0.7002 , size 209472 bytes  
    veex.dll 3.38.1.2031 , size 2555456 bytes  
    VirusDetection.dll 10.2.0.7002 , size 854592 bytes  
    BackgroundScanClient.exe 10.2.0.7002 , size 67136 bytes  
    native.exe 10.2.0.7002 , size 133696 bytes  
    sav32cli.exe 2.81.000 , size 339008 bytes  
    SAVAdminService.exe 10.2.2.7006 , size 216640 bytes  
    SAVCleanupService.exe 10.2.0.7002 , size 145472 bytes  
    SavMain.exe 10.2.0.7003 , size 1512000 bytes  
    SavProgress.exe 10.2.0.7003 , size 351808 bytes  
    SavProxy.exe 10.2.0.7002 , size 80448 bytes  
    SavService.exe 10.2.0.7002 , size 159296 bytes  
    WSCClient.exe 10.2.1.7005 , size 236784 bytes  
    swi_filter.dll 3.2.100.0 , size 1481792 bytes  
    swi_filter_64.dll 3.2.100.0 , size 2057792 bytes  
    swi_ifslsp.dll 3.2.100.0 , size 88128 bytes  
    swi_ifslsp_64.dll 3.2.100.0 , size 131648 bytes  
    swi_lsp32_util.exe 3.2.100.0 , size 160832 bytes  
    swi_lspdiag.exe 3.2.100.0 , size 164928 bytes  
    swi_lspdiag_64.exe 3.2.100.0 , size 199232 bytes  
    swi_service.exe 3.2.100.0 , size 2878016 bytes  
    swi_update_64.exe 3.2.100.0 , size 2010688 bytes  
    savonaccess.sys 3.22.1.302 , size 154952 bytes  
    SophosBootDriver.sys 1.0.0.101 , size 25608 bytes  
    SophosBootTasks.exe 10.2.0.7002 , size 37440 bytes  
     
    +[ Erkennungsdateien]
    mdro-eqn.ide  
    fake-gbz.ide  
    zbot-cwu.ide  
    inje-aaa.ide  
    jsred-iu.ide  
    dapat-aa.ide  
    agen-ylu.ide  
    bank-frt.ide  
    keliho-h.ide  
    zbot-cxc.ide  
    agen-ypu.ide  
    ranso-kg.ide  
    zbot-cxg.ide  
    bckd-rnj.ide  
    tiputi-h.ide  
    silly-il.ide  
    agen-yqh.ide  
    nalki-a.ide  
    zacce-ep.ide  
    expjs-gu.ide  
    ranso-ki.ide  
    zbot-cxp.ide  
    agen-yqs.ide  
    weels-ab.ide  
    agen-yit.ide  
    pixste-a.ide  
    zbot-cxq.ide  
    agen-ynd.ide  
    vb-gea.ide  
    zbot-cxs.ide  
    agen-ynh.ide  
    zbot-cxt.ide  
    bublik-m.ide  
    vb-geb.ide  
    krypti-r.ide  
    zbot-cxu.ide  
    glod-c.ide  
    javab-kn.ide  
    bank-frb.ide  
    lnksta-a.ide  
    zbot-it.ide  
    rorpi-ba.ide  
    agen-yow.ide  
    mdro-eqb.ide  
    agen-yro.ide  
    agen-yrq.ide  
    zacce-et.ide  
    nikrem-a.ide  
    katush-l.ide  
    mdro-eqv.ide  
    agen-yrx.ide  
    bublik-p.ide  
    zbot-cyj.ide  
    vb-ged.ide  
    agen-ysb.ide  
    agen-yse.ide  
    cride-ac.ide  
    gamar-ac.ide  
    beebon-h.ide  
    agen-ysr.ide  
    agen-yss.ide  
    agen-ysu.ide  
    zbot-cxi.ide  
    agen-yqf.ide  
    vb-geh.ide  
    encp-ahq.ide  
    agen-ysz.ide  
    agen-ytc.ide  
    zbot-cyy.ide  
    mdro-eqq.ide  
    zbot-cza.ide  
    agen-yqt.ide  
    krypti-s.ide  
    bredo-ml.ide  
    zbot-czb.ide  
    agen-ytk.ide  
    agen-xgi.ide  
    zipma-bv.ide  
    dwnl-kiv.ide  
    zbot-czd.ide  
    zbot-cze.ide  
    agen-yng.ide  
    plugx-f.ide  
    zbot-czh.ide  
    agen-yua.ide  
    dwnl-kje.ide  
    agen-yuc.ide  
    agen-yuk.ide  
    zbot-czp.ide  
    pws-cag.ide  
    zbot-iy.ide  
    zbot-czl.ide  
    javab-kv.ide  
    fake-gcn.ide  
    zbot-czu.ide  
    dwnl-kjk.ide  
    agen-yvd.ide  
    zacce-ex.ide  
    bublik-q.ide  
    bred-adm.ide  
    zbot-czw.ide  
    fake-gdl.ide  
    fake-gdo.ide  
    agen-yvq.ide  
    rootk-lg.ide  
    zbot-dag.ide  
    java-lo.ide  
    phpmai-d.ide  
    zbot-dan.ide  
    zbot-dao.ide  
    agen-ywf.ide  
    zbot-daq.ide  
    zbot-dar.ide  
    bred-adq.ide  
    pws-cap.ide  
    meredr-h.ide  
    zbot-daw.ide  
    msil-ak.ide  
    caphaw-n.ide  
    bred-ads.ide  
    zbot-daz.ide  
    vexral-a.ide  
    ranso-kq.ide  
    zbot-dbc.ide  
    tiputi-j.ide  
    agen-yxd.ide  
    agen-yxm.ide  
    mdro-erf.ide  
    tracu-ai.ide  
    zacce-fc.ide  
    dexfon-b.ide  
    agen-yyb.ide  
    javad-sn.ide  
    pws-car.ide  
    zbot-dbi.ide  
    xtrat-g.ide  
    magan-af.ide  
    luiha-bo.ide  
    pdfj-abv.ide  
    androm-g.ide  
    zbot-dbm.ide  
    zbot-cwv.ide  
    matsu-a.ide  
    ranso-kk.ide  
    vbinj-fx.ide  
    mdro-erl.ide  
    androm-h.ide  
    agen-yzj.ide  
    fake-gdc.ide  
    vb-gfb.ide  
    dwnl-kkc.ide  
    zacce-fe.ide  
    zbot-dce.ide  
    agen-yzv.ide  
    agen-xii.ide  
    bred-ado.ide  
    bred-adw.ide  
    agen-yzy.ide  
    ranso-kt.ide  
    agen-zae.ide  
    agen-zaf.ide  
    zbot-dap.ide  
    agen-zaj.ide  
    zbot-dci.ide  
    agen-zap.ide  
    bred-ady.ide  
    agen-zas.ide  
    tdss-iw.ide  
    dwnl-kkj.ide  
    zbot-dco.ide  
    simda-t.ide  
    ranso-kw.ide  
    agen-zax.ide  
    vb-gfl.ide  
    bred-aee.ide  
    zbot-dcz.ide  
    zbot-ddb.ide  
    zbot-ddd.ide  
    fake-gee.ide  
    auto-bzo.ide  
    agen-zbn.ide  
    delf-fmw.ide  
    start-hk.ide  
    wkysol-a.ide  
    godo-a.ide  
    zbot-ddh.ide  
    agen-zbu.ide  
    javab-lc.ide  
    dwnl-kjy.ide  
    inje-aaw.ide  
    agen-yzf.ide  
    agen-zcc.ide  
    agen-zcd.ide  
    ranso-le.ide  
    bred-aek.ide  
    delall-n.ide  
    fake-gem.ide  
    expjs-gz.ide  
    banlo-mb.ide  
    klovbo-i.ide  
    revet-ax.ide  
    delf-fmy.ide  
    javab-le.ide  
    kuluoz-v.ide  
    fake-geo.ide  
    delf-fmz.ide  
    zbot-dds.ide  
    vbinj-dk.ide  
    infosp-p.ide  
    inje-aaz.ide  
    msil-an.ide  
    pinca-aa.ide  
    html-w.ide  
    gamar-ad.ide  
    beebon-n.ide  
    caphaw-r.ide  
    smssen-h.ide  
    fynlos-q.ide  
    vb-gfu.ide  
    vb-gfh.ide  
    krypti-t.ide  
    ezula-n.ide  
    caphaw-t.ide  
    katus-bt.ide  
    agen-zei.ide  
    poiso-dz.ide  
    pdfj-ace.ide  
    agen-yxt.ide  
    javad-sr.ide  
    bred-aec.ide  
    rtfex-ae.ide  
    msil-as.ide  
    agen-zez.ide  
    beebon-p.ide  
    autoi-rc.ide  
    caphaw-v.ide  
    swfifr-d.ide  
    agen-zca.ide  
    dwnl-kkt.ide  
    delf-fnb.ide  
    javasm-y.ide  
    fake-gfe.ide  
    agen-zfp.ide  
    revet-ba.ide  
    crobot-b.ide  
    gamerp-h.ide  
    carbe-au.ide  
    medfo-bp.ide  
    agen-zfw.ide  
    swfifr-f.ide  
    vercus-a.ide  
    agen-zfz.ide  
    agen-zge.ide  
    javab-lm.ide  
    exfore-a.ide  
    fesber-b.ide  
    agen-zgm.ide  
    dwnl-kkz.ide  
    revet-be.ide  
    pushd-ax.ide  
    javad-sx.ide  
    bred-aer.ide  
    ranso-lo.ide  
    inje-abi.ide  
    fakavc-e.ide  
    agen-zhj.ide  
    zbot-dgn.ide  
    ainsl-ae.ide  
    inje-abq.ide  
    zbot-dgt.ide  
    urausy-a.ide  
    zacce-fz.ide  
    zbot-dgu.ide  
    agen-zig.ide  
    agen-zij.ide  
    vbworm-a.ide  
    swfdl-ax.ide  
    inje-abr.ide  
    medfo-br.ide  
    msil-ar.ide  
    gampa-au.ide  
    carbe-aw.ide  
    agen-ziy.ide  
    vbna-al.ide  
    pdfex-hu.ide  
    tdss-ix.ide  
    fake-ggc.ide  
    vobfu-bc.ide  
    zbot-det.ide  
    zbot-dhe.ide  
    tobfy-a.ide  
    ranso-lq.ide  
    zacce-ga.ide  
    katus-bx.ide  
    zbot-dhg.ide  
    agen-zfo.ide  
    ranso-lr.ide  
    inje-abt.ide  
    jsred-jk.ide  
    ranso-ls.ide  
    agen-zfq.ide  
    medfo-bv.ide  
    vbobfu-p.ide  
    zbot-dhl.ide  
    inje-abu.ide  
    zbot-dhp.ide  
    phorpi-e.ide  
    vb-gib.ide  
    zbot-dht.ide  
    oiram-a.ide  
    zbot-dhn.ide  
    agen-zjy.ide  
    dropr-ek.ide  
    expjs-hh.ide  
    dorkb-di.ide  
    zbot-did.ide  
    bckdr-br.ide  
    agen-zjz.ide  
    agen-zkg.ide  
    agen-zkh.ide  
    mdro-ess.ide  
    dloa-dih.ide  
    zbot-dhj.ide  
    zbot-dio.ide  
    agen-zhs.ide  
    agen-zkj.ide  
    javad-te.ide  
    zbot-div.ide  
    dorkb-ec.ide  
    inje-acb.ide  
    keylo-ol.ide  
    agen-zkp.ide  
    bdoo-bep.ide  
    spyey-gq.ide  
    agen-zfc.ide  
    fake-gga.ide  
    zbot-djb.ide  
    docexp-h.ide  
    zbot-djc.ide  
    zbot-djd.ide  
    vb-gij.ide  
    dwnl-klt.ide  
    vb-gil.ide  
    pdfex-ho.ide  
    zbot-djf.ide  
    agen-zkw.ide  
    zbot-djj.ide  
    zbot-djk.ide  
    zbot-djn.ide  
    agen-zlc.ide  
    tracu-al.ide  
    dwnl-klv.ide  
    mdro-esu.ide  
    medfo-cc.ide  
    ircb-akr.ide  
    caph-lnk.ide  
    zbot-djr.ide  
    bank-fsg.ide  
    dloa-dqu.ide  
    agen-zli.ide  
    jsred-do.ide  
    zbot-dju.ide  
    malage-h.ide  
    inje-ace.ide  
    agen-zll.ide  
    zbot-djy.ide  
    zbot-djz.ide  
    agen-zln.ide  
    luiha-br.ide  
    delpss-c.ide  
    agen-zlo.ide  
    vbinj-ga.ide  
    banlo-mh.ide  
    mdro-esh.ide  
    qhost-do.ide  
    agen-zlu.ide  
    bred-aes.ide  
    tiputi-l.ide  
    agen-zlx.ide  
    zbot-dkd.ide  
     
     
    [Web Control] 
    +[ Software]
    Web Control 10.0.4 
    Web Control-Status Deaktiviert 
     
    +[ Komponenten]
    swc_service.exe 1.1.0.0 , size 357400 bytes  
    SWCAdapter.dll 1.1.0.0 , size 326168 bytes  
    WCMResChs.dll 1.0.3.0 , size 11288 bytes  
    WCMResCht.dll 1.0.3.0 , size 11288 bytes  
    WCMResDeu.dll 1.0.3.0 , size 11288 bytes  
    WCMResEng.dll 1.0.3.0 , size 11288 bytes  
    WCMResEsp.dll 1.0.3.0 , size 11288 bytes  
    WCMResFra.dll 1.0.3.0 , size 11288 bytes  
    WCMResIt.dll 1.0.3.0 , size 11288 bytes  
    WCMResJap.dll 1.0.3.0 , size 11288 bytes  
    WCPResChs.dll 1.0.3.0 , size 79384 bytes  
    WCPResCht.dll 1.0.3.0 , size 79384 bytes  
    WCPResDeu.dll 1.0.3.0 , size 79896 bytes  
    WCPResEng.dll 1.0.3.0 , size 79384 bytes  
    WCPResEsp.dll 1.0.3.0 , size 79896 bytes  
    WCPResFra.dll 1.0.3.0 , size 79896 bytes  
    WCPResIt.dll 1.0.3.0 , size 79896 bytes  
    WCPResJap.dll 1.0.3.0 , size 79384 bytes  
    WebControlMessaging.dll 1.0.3.0 , size 204312 bytes  
    WebControlPlugin.dll 1.1.0.0 , size 316952 bytes  
     
     
    [Updates] 
    +[ Software]
    Sophos AutoUpdate 2.7.8.335 
    Letzter Abruf von Updates 30.12.2012 09:35:06 
    Update-Status Abgeschlossen 
     
    +[ Komponenten]
    ALMon.exe 3.46.113.335 , size 928832 bytes  
    ALsvc.exe 3.20.43.335 , size 236608 bytes  
    ALUpdate.exe 5.25.55.335 , size 760896 bytes  
    ALMsg.dll 1.0.1.326 , size 284736 bytes  
    AUAdapter.dll 2.17.23.335 , size 453696 bytes  
    boost_date_time-vc71-mt-1_32.dll N/A , size 52248 bytes  
    ChannelUpdater.dll 1.8.20.335 , size 183360 bytes  
    cidsync.dll 3.9.12.335 , size 183360 bytes  
    config.dll 1.1.33.281 , size 109592 bytes  
    crypto.dll 1.0.1.281 , size 30744 bytes  
    EECustomActions.dll 2.7.6.335 , size 166976 bytes  
    inetconn.dll 1.2.5.281 , size 142360 bytes  
    InstlMgr.dll 1.4.9.335 , size 97344 bytes  
    ispsheet.dll 2.1.9.281 , size 433176 bytes  
    libcurl.dll 7.21.1 , size 244760 bytes  
    libeay32.dll N/A , size 752664 bytes  
    Logger.dll 1.4.12.335 , size 191552 bytes  
    MFC71.dll 7.10.3077.0 , size 1060864 bytes  
    msvcp71.dll 7.10.6030.0 , size 503808 bytes  
    msvcr71.dll 7.10.6030.0 , size 348160 bytes  
    retailer.dll 1.10.29.281 , size 318488 bytes  
    SAUConfigDLL.dll 1.5.11.335 , size 310336 bytes  
    SingleGUIPlugin.dll 1.5.15.335 , size 318528 bytes  
    swlocale.dll 1.2.35.281 , size 27160 bytes  
    xmlcpp.dll 1.1.1.281 , size 125976 bytes  
    xmlparse.dll N/A , size 48152 bytes  
    xmltok.dll N/A , size 48152 bytes  
    iconfig.ppi 1.9.47.335 , size 117824 bytes  
    ilog.ppi 1.9.47.335 , size 113728 bytes  
    isched.ppi 1.9.47.335 , size 80960 bytes  
    almonres.dll 1.8.39.317 , size 31296 bytes  
    iconfres.dll 1.5.37.281 , size 13848 bytes  
    ilogres.dll 1.3.34.281 , size 11800 bytes  
    ischdres.dll 1.2.5.281 , size 10776 bytes  
    sharedres.dll 1.5.42.281 , size 27672 bytes  
    almonres.dll 1.8.39.317 , size 40000 bytes  
    iconfres.dll 1.5.36.281 , size 14360 bytes  
    ilogres.dll 1.3.34.281 , size 11800 bytes  
    ischdres.dll 1.2.6.281 , size 10776 bytes  
    sharedres.dll 1.5.42.281 , size 31256 bytes  
    almonres.dll 1.8.39.317 , size 40000 bytes  
    iconfres.dll 1.5.36.281 , size 14360 bytes  
    ilogres.dll 1.3.34.281 , size 11800 bytes  
    ischdres.dll 1.2.5.281 , size 10776 bytes  
    sharedres.dll 1.5.42.281 , size 29720 bytes  
    almonres.dll 1.8.39.317 , size 33856 bytes  
    iconfres.dll 1.5.36.281 , size 14360 bytes  
    ilogres.dll 1.3.34.281 , size 12312 bytes  
    ischdres.dll 1.2.5.281 , size 10776 bytes  
    sharedres.dll 1.5.42.281 , size 31768 bytes  
    ALMonres.dll 1.8.39.317 , size 40000 bytes  
    iconfres.dll 1.5.36.281 , size 14360 bytes  
    ilogres.dll 1.3.34.281 , size 12312 bytes  
    ischdres.dll 1.2.6.281 , size 11288 bytes  
    sharedres.dll 1.5.42.281 , size 30744 bytes  
    almonres.dll 1.8.39.317 , size 35904 bytes  
    iconfres.dll 1.5.36.281 , size 13336 bytes  
    ilogres.dll 1.3.34.281 , size 11800 bytes  
    ischdres.dll 1.2.5.281 , size 10776 bytes  
    sharedres.dll 1.5.42.281 , size 21528 bytes  
    ALMonres.dll 1.8.39.317 , size 27200 bytes  
    iconfres.dll 1.5.36.281 , size 13336 bytes  
    ilogres.dll 1.3.34.281 , size 11288 bytes  
    ischdres.dll 1.2.5.281 , size 10776 bytes  
    sharedres.dll 1.5.42.281 , size 16920 bytes  
    ALMonres.dll 1.8.39.317 , size 26688 bytes  
    iconfres.dll 1.5.36.281 , size 13336 bytes  
    ilogres.dll 1.3.34.281 , size 11288 bytes  
    ischdres.dll 1.2.5.281 , size 10776 bytes  
    sharedres.dll 1.5.42.281 , size 17432 bytes  
     
     
    [System] 
    Description =  Intel64 Family 6 Model 37 Stepping 5 
    Revision =  9477 
    AddressWidth =  64 
    LoadPercentage =  1 
    Level =  6 
    DeviceID =  CPU0 
    CurrentVoltage =  33 
    PowerManagementSupported =  False 
    SocketDesignation =  CPU 1 
    StatusInfo =  3 
    Family =  198 
    Name =  Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz 
    Manufacturer =  GenuineIntel 
    DataWidth =  64 
    Stepping =   
    InstallDate =   
    ProcessorType =  3 
    Caption =  Intel64 Family 6 Model 37 Stepping 5 
    L2CacheSize =  256 
    VoltageCaps =  2 
    L3CacheSpeed =  0 
    CreationClassName =  Win32_Processor 
    Architecture =  9 
    ErrorDescription =   
    Availability =  3 
    SystemName =  RAUL 
    Role =  CPU 
    NumberOfCores =  2 
    CurrentClockSpeed =  2399 
    SystemCreationClassName =  Win32_ComputerSystem 
    PowerManagementCapabilities =   
    ConfigManagerUserConfig =   
    ErrorCleared =   
    L3CacheSize =  3072 
    UniqueId =   
    ProcessorId =  BFEBFBFF00020655 
    L2CacheSpeed =   
    ExtClock =  133 
    CpuStatus =  1 
    ConfigManagerErrorCode =   
    OtherFamilyDescription =   
    Version =   
    Status =  OK 
    NumberOfLogicalProcessors =  4 
    PNPDeviceID =   
    UpgradeMethod =  8 
    MaxClockSpeed =  2399 
    LastErrorCode =   
    Description =   
    CurrentTimeZone =  60 
    CSCreationClassName =  Win32_ComputerSystem 
    DataExecutionPrevention_Available =  True 
    ServicePackMinorVersion =  0 
    PAEEnabled =   
    Debug =  False 
    MUILanguages =   
    BuildNumber =  7601 
    TotalVisibleMemorySize =  3854772 
    DataExecutionPrevention_SupportPolicy =  2 
    Name =  Microsoft Windows 7 Professional |C:\Windows|\Device\Harddisk0\Partition2 
    CSName =  RAUL 
    BuildType =  Multiprocessor Free 
    Manufacturer =  Microsoft Corporation 
    PlusVersionNumber =   
    OSType =  18 
    InstallDate =  20120115 104900 
    RegisteredUser =  Uwe 
    ProductType =  1 
    NumberOfUsers =  2 
    Caption =  Microsoft Windows 7 Professional 
    NumberOfProcesses =  75 
    LocalDateTime =  20121230 100928 
    TotalVirtualMemorySize =  7707692 
    WindowsDirectory =  C:\Windows 
    OSArchitecture =  64-Bit 
    SystemDrive =  C: 
    CreationClassName =  Win32_OperatingSystem 
    OSLanguage =  1031 
    ServicePackMajorVersion =  1 
    LargeSystemCache =   
    TotalSwapSpaceSize =   
    SizeStoredInPagingFiles =  3854772 
    Primary =  True 
    SystemDirectory =  C:\Windows\system32 
    NumberOfLicensedUsers =  0 
    DataExecutionPrevention_Drivers =  True 
    CSDVersion =  Service Pack 1 
    CountryCode =  49 
    OtherTypeDescription =   
    BootDevice =  \Device\HarddiskVolume1 
    MaxProcessMemorySize =  8589934464 
    SerialNumber =  55041-092-4248197-86715 
    OperatingSystemSKU =  48 
    MaxNumberOfProcesses =  4294967295 
    LastBootUpTime =  20121229 092941 
    FreeSpaceInPagingFiles =  3739508 
    SystemDevice =  \Device\HarddiskVolume2 
    DataExecutionPrevention_32BitApplications =  True 
    Organization =   
    PlusProductID =   
    SuiteMask =  272 
    FreeVirtualMemory =  5292956 
    ForegroundApplicationBoost =  2 
    Version =  6.1.7601 
    Status =  OK 
    FreePhysicalMemory =  1339132 
    EncryptionLevel =  256 
    Locale =  0407 
    Distributed =  False 
    CodeSet =  1252 
    OSProductSuite =  256
    Allerdings ist in der Quarantäne von Sophos ein Objekt. (Schon seid längerer Zeit, ich gehe davon aus, dass das nicht für die Problematik verantwortlich ist.) Trotzdem:

    Typ: Virus/Spyware
    Name: Shh/Updater-B
    Details: C:\Programm Files (x86)\Sophos\AutoUpdate\ALsvc.exe

    Weil es im Sophos-Verzeichnis ist, habe ich ihn nicht gelöscht.
    Soll ich ihn löschen oder funktioniert dann Sophos nicht mehr korrekt?


    Sonstige Probleme:
    In unregelmäßigen Abständen ist das Standardgateway nicht verfügbar oder das System verfügt über keine gültige IP-Konfiguration. Das tritt jedoch schon seit längerem auf und wird entweder durch Windows "repariert", oder durch ein und Ausstecken des Netzwerkkabels behoben. Das Problem ist nur in einem bestimmten Netzwerk über das ich ins Internet gehe, vorhanden.

    Der Virus trat vor ca. 12 Stunden auf. Ich habe keine Hardware geändert. Softwareänderungen habe ich in letzter Zeit nicht gefunden.

    Mein Problem ist, dass ich sicher wissen will, dass mein System Virus-frei ist, bzw. ich den Weg dorthin nicht weiß.

    Damit sind alle Punkte von Schritt 1 und 2 abgearbeitet. Im nächsten Post folgt Schritt 3.
    Vielen Dank schon einmal!

  2. #2
    Einsteiger
    Registriert seit
    30.12.2012
    Beiträge
    11

    AW: Win32/Small.CA-Virus

    Schritt 3:

    1. Daten sind gesichert.

    2.
    - Nur Sophos ist installiert.
    - Teatimer nicht vorhanden
    - CD-Emulationssoftware nicht auf System
    - Filesharing-Software nicht vorhanden
    - noch vorhandene, nicht entfernte Firefox Addons:
    Adblock Plus 2.2.1
    Element Hiding Helper für Adblock Plus 1.2.3
    Java Console 6.0.33
    Java Console 6.0.35
    Java Console 6.0.37
    Toolbars sind nicht vorhanden.

    3. Firewalls:
    1. "Durch Sophos geschützt" (siehe oben)
    2. Windows-Firewall "Verbunden" (Unter Systemsteuerung, Windows-Firewall = alles grün)

    Das war Schritt 3.
    Geändert von Freischneider (30.12.2012 um 09:46 Uhr)

  3. #3
    Einsteiger
    Registriert seit
    30.12.2012
    Beiträge
    11

    AW: Win32/Small.CA-Virus

    4. Basis-Scan zur Systemanalyse

    Alles wie vorgegeben eingestellt:
    OTL.exe
    Code:
    OTL logfile created on: 30.12.2012 10:47:28 - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,68 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 32,32% Memory free
    7,35 Gb Paging File | 4,87 Gb Available in Paging File | 66,21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119,14 Gb Total Space | 26,28 Gb Free Space | 22,06% Space Free | Partition Type: NTFS
     
    Computer Name: RAUL | User Name: Uwe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.12.30 10:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
    PRC - [2012.12.23 13:30:03 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\Opera.exe
    PRC - [2012.12.10 06:28:30 | 000,828,500 | ---- | M] ( ) -- C:\Program Files (x86)\Miranda IM\miranda32.exe
    PRC - [2012.12.08 14:05:02 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012.12.04 19:16:55 | 000,236,608 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
    PRC - [2012.12.04 19:16:54 | 000,928,832 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
    PRC - [2012.12.04 19:16:46 | 002,878,016 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    PRC - [2012.12.04 19:16:46 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    PRC - [2012.11.05 10:56:46 | 001,512,000 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
    PRC - [2012.11.05 10:54:30 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
    PRC - [2012.08.29 12:08:06 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012.05.09 18:36:14 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    PRC - [2011.12.06 22:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2011.12.06 22:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2009.09.30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009.09.30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2012.12.10 06:29:20 | 000,090,200 | ---- | M] () -- C:\Program Files (x86)\Miranda IM\Plugins\srmm.dll
    MOD - [2012.12.10 06:28:00 | 000,057,432 | ---- | M] () -- C:\Program Files (x86)\Miranda IM\zlib.dll
    MOD - [2012.12.10 06:27:50 | 000,339,550 | ---- | M] () -- C:\Program Files (x86)\Miranda IM\Plugins\icq.dll
    MOD - [2012.12.10 06:27:34 | 000,036,961 | ---- | M] () -- C:\Program Files (x86)\Miranda IM\Plugins\dbx_mmap.dll
    MOD - [2012.12.10 06:27:22 | 000,061,538 | ---- | M] () -- C:\Program Files (x86)\Miranda IM\Plugins\clist_classic.dll
    MOD - [2012.12.10 06:27:20 | 000,245,848 | ---- | M] () -- C:\Program Files (x86)\Miranda IM\Plugins\chat.dll
    MOD - [2012.12.10 06:27:06 | 000,203,869 | ---- | M] () -- C:\Program Files (x86)\Miranda IM\Plugins\aim.dll
    MOD - [2012.12.10 06:26:50 | 000,379,993 | ---- | M] () -- C:\Program Files (x86)\Miranda IM\Plugins\irc.dll
    MOD - [2012.12.08 14:05:01 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011.12.06 22:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2010.09.09 14:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012.12.12 22:00:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012.12.08 14:05:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.12.04 19:16:55 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
    SRV - [2012.12.04 19:16:46 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
    SRV - [2012.12.04 19:16:46 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
    SRV - [2012.12.04 19:16:44 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
    SRV - [2012.11.05 10:54:30 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
    SRV - [2012.10.12 18:25:53 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012.08.29 12:08:06 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.05.09 18:36:14 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
    SRV - [2012.04.01 14:40:48 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV - [2011.12.06 22:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010.12.08 05:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
    SRV - [2010.08.30 19:10:08 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2009.09.30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009.09.30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2012.11.05 10:56:45 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
    DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011.11.08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
    DRV:64bit: - [2011.10.01 10:47:32 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
    DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2011.08.25 03:46:56 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
    DRV:64bit: - [2011.07.12 14:02:56 | 000,130,048 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
    DRV:64bit: - [2011.07.12 14:02:56 | 000,089,600 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhsbus.sys -- (GTUHSBUS)
    DRV:64bit: - [2011.07.12 14:02:28 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2011.07.12 12:58:46 | 000,190,976 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhs62.sys -- (GTNDIS62)
    DRV:64bit: - [2011.07.12 12:58:44 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhsser.sys -- (GTUHSSER)
    DRV:64bit: - [2011.04.04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
    DRV:64bit: - [2011.03.31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV:64bit: - [2011.03.30 14:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.09.09 14:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010.09.09 13:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,297,320 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,273,768 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,057,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2010.07.28 14:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2010.05.11 18:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010.04.01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
    DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2009.12.22 09:18:40 | 000,072,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C60x64.sys -- (L1C)
    DRV:64bit: - [2009.12.01 18:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009.09.17 20:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.01.29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
    DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
    DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2007.11.15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
    DRV:64bit: - [2007.11.02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 14:05:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 19:10:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 14:05:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 19:10:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
     
    [2012.01.15 11:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions
    [2012.12.30 10:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\e88b44ug.default\extensions
    [2012.07.05 16:43:10 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\firefox\profiles\e88b44ug.default\extensions\elemhidehelper@adblockplus.org.xpi
    [2012.11.24 10:58:04 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\firefox\profiles\e88b44ug.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012.12.08 14:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.12.08 14:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012.12.08 14:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012.12.08 14:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012.12.08 14:05:02 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012.06.25 19:16:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.09.13 10:38:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012.06.25 19:16:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2012.06.25 19:16:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012.06.25 19:16:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.06.25 19:16:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - Startup: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.10.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.226.144.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{125AFDE0-DBD4-45EB-8A2A-41EEBF183073}: DhcpNameServer = 139.7.30.126 139.7.30.125
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F1AC3C5-C15B-43BD-AF45-4EDC163CD647}: DhcpNameServer = 137.226.144.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6565B866-CD32-4B98-87B3-F721362CF473}: DhcpNameServer = 139.7.30.125 139.7.30.126
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DEC31E7-26C5-4329-B688-AFE5F2154B69}: DhcpNameServer = 137.226.144.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
    O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012.05.27 20:54:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O33 - MountPoints2\{186a7043-606d-11e1-b9dc-00046180e89a}\Shell - "" = AutoRun
    O33 - MountPoints2\{186a7043-606d-11e1-b9dc-00046180e89a}\Shell\AutoRun\command - "" = D:\setup.exe -a
    O33 - MountPoints2\{a41fed06-aaf3-11e1-a401-206a8a142f19}\Shell - "" = AutoRun
    O33 - MountPoints2\{a41fed06-aaf3-11e1-a401-206a8a142f19}\Shell\AutoRun\command - "" = E:\Launcher.exe
    O33 - MountPoints2\{a41fed14-aaf3-11e1-a401-206a8a142f19}\Shell - "" = AutoRun
    O33 - MountPoints2\{a41fed14-aaf3-11e1-a401-206a8a142f19}\Shell\AutoRun\command - "" = D:\Launcher.exe
    O33 - MountPoints2\{e0e14c12-1828-11e2-953d-206a8a142f19}\Shell - "" = AutoRun
    O33 - MountPoints2\{e0e14c12-1828-11e2-953d-206a8a142f19}\Shell\AutoRun\command - "" = D:\ANNOfinder.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.12.30 10:46:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
    [2012.12.30 01:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012.12.30 01:49:35 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2012.12.30 01:49:05 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012.12.30 01:49:05 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012.12.30 01:49:05 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2012.12.30 01:46:11 | 000,896,016 | ---- | C] (Oracle Corporation) -- C:\Users\Uwe\Desktop\jxpiinstall.exe
    [2012.12.30 01:10:48 | 081,537,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Uwe\Desktop\msert.exe
    [2012.12.29 18:51:20 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\dokumente Mona
    [2012.12.24 10:04:07 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\Drucken
    [2012.12.23 16:46:33 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\fontconfig
    [2012.12.23 16:46:32 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\gegl-0.2
    [2012.12.23 16:46:32 | 000,000,000 | ---D | C] -- C:\Users\Uwe\.gimp-2.8
    [2012.12.23 16:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
    [2012.12.23 16:10:41 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\krefeld pinguine
    [2012.12.22 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\Das Känguru-Manifest
    [2012.12.21 15:17:53 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012.12.21 15:17:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012.12.21 15:17:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012.12.21 15:17:52 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012.12.21 15:14:02 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\mario
    [2012.12.16 13:55:14 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\mama und papa
    [2012.12.16 12:49:47 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\kalender
    [2012.12.16 12:47:39 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\Auswahl Foto 2012 USA - Kopie
    [2012.12.15 14:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
    [2012.12.14 11:04:59 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\PDF Architect
    [2012.12.14 10:55:00 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\APP_NAME_NON_STRING
    [2012.12.14 10:54:40 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\pdfforge
    [2012.12.14 10:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
    [2012.12.14 10:54:37 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
    [2012.12.14 10:54:37 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
    [2012.12.14 10:54:37 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
    [2012.12.14 10:54:36 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
    [2012.12.14 10:54:36 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
    [2012.12.14 10:54:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
    [2012.12.14 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Programs
    [2012.12.13 18:01:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012.12.13 18:01:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012.12.13 18:01:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012.12.13 18:01:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012.12.13 18:01:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012.12.13 18:01:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012.12.13 18:01:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012.12.13 18:01:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012.12.13 18:01:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012.12.13 18:01:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012.12.13 18:01:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012.12.13 18:01:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012.12.13 18:01:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012.12.13 18:01:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012.12.13 18:01:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012.12.12 21:26:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012.12.12 21:26:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012.12.12 21:26:12 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012.12.12 21:26:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012.12.12 21:26:09 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012.12.12 21:26:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012.12.12 21:26:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012.12.12 21:26:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012.12.12 21:26:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012.12.12 21:26:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012.12.12 21:26:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012.12.12 21:26:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012.12.12 21:26:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012.12.12 21:26:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012.12.12 21:26:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012.12.12 21:26:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012.12.12 21:26:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012.12.12 21:25:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012.12.12 21:25:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012.12.12 21:25:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
    [2012.12.12 21:25:50 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
    [2012.12.08 16:55:38 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\Lagerbilder
    [2012.12.08 14:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012.12.08 00:00:13 | 001,148,766 | ---- | C] (pendrivelinux.com) -- C:\Users\Uwe\Universal-USB-Installer-1.9.1.8.exe
    [2012.12.07 22:52:29 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\sendungs
    [2012.09.21 09:36:26 | 003,951,464 | ---- | C] (Martin Prikryl                                              ) -- C:\Users\Uwe\winscp439setup.exe
    [2012.09.17 18:50:19 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Users\Uwe\DOSBox0.74-win32-installer.exe
    [2012.09.17 10:50:06 | 008,697,544 | ---- | C] (Georgy Berdyshev) -- C:\Users\Uwe\CDex-win32-1.70-b4-2009.exe
    [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.12.30 10:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
    [2012.12.30 10:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.12.30 01:56:15 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.12.30 01:56:15 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.12.30 01:48:49 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2012.12.30 01:48:45 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2012.12.30 01:48:45 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012.12.30 01:48:44 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
    [2012.12.30 01:48:44 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012.12.30 01:48:43 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2012.12.30 01:47:00 | 000,896,016 | ---- | M] (Oracle Corporation) -- C:\Users\Uwe\Desktop\jxpiinstall.exe
    [2012.12.30 01:13:50 | 081,537,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Uwe\Desktop\msert.exe
    [2012.12.30 00:52:22 | 000,002,310 | -H-- | M] () -- C:\Users\Uwe\Documents\Default.rdp
    [2012.12.29 19:01:07 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.12.29 19:01:07 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.12.29 19:01:07 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.12.29 19:01:07 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.12.29 19:01:06 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.12.29 09:29:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.12.29 09:29:43 | 2960,461,824 | -HS- | M] () -- C:\hiberfil.sys
    [2012.12.23 17:34:16 | 000,017,739 | ---- | M] () -- C:\Users\Uwe\AppData\Local\recently-used.xbel
    [2012.12.21 15:20:47 | 000,444,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012.12.16 13:10:38 | 001,568,008 | ---- | M] () -- C:\Users\Uwe\Desktop\setup_OnlineFotoservice.exe
    [2012.12.15 19:22:39 | 000,007,334 | ---- | M] () -- C:\Users\Uwe\Desktop\OpenDocument Text (neu).odt
    [2012.12.15 18:45:27 | 000,441,568 | ---- | M] () -- C:\Users\Uwe\Desktop\bedienungsanleitung-digital-multimeter-pce-dm12.pdf
    [2012.12.14 10:54:40 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
    [2012.12.12 22:00:10 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012.12.12 22:00:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012.12.09 18:27:57 | 000,002,923 | ---- | M] () -- C:\Users\Uwe\Documents\10141700_verschmolzen_v3.m_p
    [2012.12.09 18:25:04 | 000,005,851 | ---- | M] () -- C:\Users\Uwe\Documents\10141700.m_p
    [2012.12.09 18:21:37 | 000,001,812 | ---- | M] () -- C:\Users\Uwe\Documents\10141650_montage_v3.m_p
    [2012.12.09 18:21:07 | 000,001,806 | ---- | M] () -- C:\Users\Uwe\Documents\10141647_sub_v3.m_p
    [2012.12.09 18:19:32 | 000,001,806 | ---- | M] () -- C:\Users\Uwe\Documents\10141643_def_v3.m_p
    [2012.12.09 18:17:37 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141683_v3.m_p
    [2012.12.09 17:58:37 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141679_v3.m_p
    [2012.12.09 17:54:22 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141680_v3.m_p
    [2012.12.09 17:32:46 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141655_v3.m_p
    [2012.12.09 17:32:14 | 000,004,091 | ---- | M] () -- C:\Users\Uwe\Documents\std.out
    [2012.12.09 17:29:55 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141652_v3.m_p
    [2012.12.09 17:23:29 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141673_v3.m_p
    [2012.12.08 17:36:28 | 000,001,799 | ---- | M] () -- C:\Users\Uwe\Documents\lager_ersatz_003.m_p
    [2012.12.08 17:35:22 | 000,001,781 | ---- | M] () -- C:\Users\Uwe\Documents\prt0003ddd.m_p
    [2012.12.08 17:32:09 | 000,001,782 | ---- | M] () -- C:\Users\Uwe\Documents\prt0001.m_p
    [2012.12.08 17:29:39 | 000,013,312 | ---- | M] () -- C:\Users\Uwe\Documents\70195000239_asm_verschmolzen_log.xml
    [2012.12.08 17:29:09 | 000,005,024 | ---- | M] () -- C:\Users\Uwe\Documents\lagerfeder_log.xml
    [2012.12.08 17:26:36 | 000,005,050 | ---- | M] () -- C:\Users\Uwe\Documents\lager_ersatz_001_log.xml
    [2012.12.08 17:16:42 | 000,001,776 | ---- | M] () -- C:\Users\Uwe\Documents\prt000123.m_p
    [2012.12.08 17:14:33 | 000,001,763 | ---- | M] () -- C:\Users\Uwe\Documents\2222.m_p
    [2012.12.08 16:48:01 | 000,001,775 | ---- | M] () -- C:\Users\Uwe\Documents\prt00012.m_p
    [2012.12.08 16:46:12 | 000,004,208 | ---- | M] () -- C:\Users\Uwe\Documents\70195000239.m_p
    [2012.12.08 16:45:08 | 000,001,799 | ---- | M] () -- C:\Users\Uwe\Documents\lager_ersatz_001.m_p
    [2012.12.08 13:08:59 | 000,257,861 | ---- | M] () -- C:\Users\Uwe\Rechnung 06.12.2012 Netzgruppe.pdf
    [2012.12.08 00:00:16 | 001,148,766 | ---- | M] (pendrivelinux.com) -- C:\Users\Uwe\Universal-USB-Installer-1.9.1.8.exe
    [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012.12.23 17:34:16 | 000,017,739 | ---- | C] () -- C:\Users\Uwe\AppData\Local\recently-used.xbel
    [2012.12.16 13:10:36 | 001,568,008 | ---- | C] () -- C:\Users\Uwe\Desktop\setup_OnlineFotoservice.exe
    [2012.12.15 19:22:39 | 000,007,334 | ---- | C] () -- C:\Users\Uwe\Desktop\OpenDocument Text (neu).odt
    [2012.12.15 18:45:26 | 000,441,568 | ---- | C] () -- C:\Users\Uwe\Desktop\bedienungsanleitung-digital-multimeter-pce-dm12.pdf
    [2012.12.14 10:54:40 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
    [2012.12.09 18:24:24 | 000,002,923 | ---- | C] () -- C:\Users\Uwe\Documents\10141700_verschmolzen_v3.m_p
    [2012.12.09 18:21:37 | 000,001,812 | ---- | C] () -- C:\Users\Uwe\Documents\10141650_montage_v3.m_p
    [2012.12.09 18:21:07 | 000,001,806 | ---- | C] () -- C:\Users\Uwe\Documents\10141647_sub_v3.m_p
    [2012.12.09 18:17:37 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141683_v3.m_p
    [2012.12.09 17:58:37 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141679_v3.m_p
    [2012.12.09 17:54:22 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141680_v3.m_p
    [2012.12.09 17:32:46 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141655_v3.m_p
    [2012.12.09 17:29:55 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141652_v3.m_p
    [2012.12.09 17:23:29 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141673_v3.m_p
    [2012.12.09 16:02:13 | 000,001,806 | ---- | C] () -- C:\Users\Uwe\Documents\10141643_def_v3.m_p
    [2012.12.08 17:36:28 | 000,001,799 | ---- | C] () -- C:\Users\Uwe\Documents\lager_ersatz_003.m_p
    [2012.12.08 17:35:22 | 000,001,781 | ---- | C] () -- C:\Users\Uwe\Documents\prt0003ddd.m_p
    [2012.12.08 17:32:09 | 000,001,782 | ---- | C] () -- C:\Users\Uwe\Documents\prt0001.m_p
    [2012.12.08 17:29:39 | 000,013,312 | ---- | C] () -- C:\Users\Uwe\Documents\70195000239_asm_verschmolzen_log.xml
    [2012.12.08 17:29:09 | 000,005,024 | ---- | C] () -- C:\Users\Uwe\Documents\lagerfeder_log.xml
    [2012.12.08 17:26:36 | 000,005,050 | ---- | C] () -- C:\Users\Uwe\Documents\lager_ersatz_001_log.xml
    [2012.12.08 17:16:42 | 000,001,776 | ---- | C] () -- C:\Users\Uwe\Documents\prt000123.m_p
    [2012.12.08 17:14:33 | 000,001,763 | ---- | C] () -- C:\Users\Uwe\Documents\2222.m_p
    [2012.12.08 16:48:01 | 000,001,775 | ---- | C] () -- C:\Users\Uwe\Documents\prt00012.m_p
    [2012.12.08 16:36:08 | 000,004,208 | ---- | C] () -- C:\Users\Uwe\Documents\70195000239.m_p
    [2012.12.08 16:35:29 | 000,001,799 | ---- | C] () -- C:\Users\Uwe\Documents\lager_ersatz_001.m_p
    [2012.12.08 13:08:58 | 000,257,861 | ---- | C] () -- C:\Users\Uwe\Rechnung 06.12.2012 Netzgruppe.pdf
    [2012.11.25 11:58:01 | 000,258,478 | ---- | C] () -- C:\Users\Uwe\Rechnung 22.11.2012 Netzgruppe.pdf
    [2012.11.23 01:06:24 | 000,769,189 | ---- | C] () -- C:\Users\Uwe\animated-gifs-81-001.gif
    [2012.11.23 01:04:11 | 000,160,146 | ---- | C] () -- C:\Users\Uwe\animated-gifs-81-002.gif
    [2012.11.19 17:29:38 | 000,090,497 | ---- | C] () -- C:\Users\Uwe\old TV.gif
    [2012.11.19 14:42:14 | 007,909,786 | ---- | C] () -- C:\Users\Uwe\Hd-Ag-aktuell - Kopie.xcf
    [2012.11.19 14:31:51 | 000,752,441 | ---- | C] () -- C:\Users\Uwe\Philosoraptor.png
    [2012.11.19 14:01:30 | 001,410,147 | ---- | C] () -- C:\Users\Uwe\Hd-Ag-aktuell.jpg
    [2012.11.16 22:38:58 | 017,904,640 | ---- | C] () -- C:\Users\Uwe\mumble-1.2.3a(1).msi
    [2012.11.16 14:36:06 | 000,993,201 | ---- | C] () -- C:\Users\Uwe\5838933_460s_v2.jpg
    [2012.11.01 18:18:24 | 012,458,536 | ---- | C] () -- C:\Users\Uwe\USB-AVCPTSetup_For_Win7.zip
    [2012.10.26 11:19:54 | 008,688,607 | ---- | C] () -- C:\Users\Uwe\The Survival Games 2.zip
    [2012.10.21 02:48:28 | 000,041,625 | ---- | C] () -- C:\Users\Uwe\picdump-12-10-20-058.jpg
    [2012.10.21 02:37:27 | 000,032,283 | ---- | C] () -- C:\Users\Uwe\hornoxe.com_picdump281_119.jpg
    [2012.10.21 02:32:47 | 000,044,720 | ---- | C] () -- C:\Users\Uwe\hornoxe.com_picdump281_075.jpg
    [2012.10.20 02:14:52 | 000,173,122 | ---- | C] () -- C:\Users\Uwe\jf5xQ.jpg
    [2012.10.18 23:48:09 | 000,346,259 | ---- | C] () -- C:\Users\Uwe\Abgeordnetenkorruption.pdf
    [2012.10.18 23:07:52 | 000,180,616 | ---- | C] () -- C:\Users\Uwe\NewImage123.png
    [2012.10.17 18:15:22 | 000,230,136 | ---- | C] () -- C:\Users\Uwe\Checkliste HD-AG.pdf
    [2012.10.16 13:14:12 | 000,019,982 | ---- | C] () -- C:\Users\Uwe\yahoo passwortwiederherstellung.htm
    [2012.10.15 14:09:45 | 000,021,403 | ---- | C] () -- C:\Users\Uwe\PB_Überweisung_KtoNr0806222608_15-10-2012_1509.pdf
    [2012.10.15 03:00:11 | 000,038,474 | ---- | C] () -- C:\Users\Uwe\601444_10151069143006304_914520234_n.jpg
    [2012.10.15 02:57:48 | 000,041,587 | ---- | C] () -- C:\Users\Uwe\523156_10151069143216304_248255900_n.jpg
    [2012.10.14 14:47:10 | 000,059,274 | ---- | C] () -- C:\Users\Uwe\Unbenannt.jpg
    [2012.10.12 19:50:31 | 000,007,655 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\.freeciv-client-rc-2.3
    [2012.10.11 02:25:34 | 000,089,060 | ---- | C] () -- C:\Users\Uwe\RZ - CATIA V5.mht
    [2012.10.10 23:23:50 | 222,002,373 | ---- | C] () -- C:\Users\Uwe\Dark Heresy - Core Book Bookmarked.pdf
    [2012.10.10 15:00:12 | 043,623,559 | ---- | C] () -- C:\Users\Uwe\Bilder von Mona und Andreas Andy Uwe für Heike.zip
    [2012.10.08 07:24:31 | 000,779,189 | ---- | C] () -- C:\Users\Uwe\windows_creeper_wallpaper_by_andyd4-d45mj70.jpg
    [2012.10.03 02:36:39 | 000,001,785 | ---- | C] () -- C:\Users\Uwe\char.png
    [2012.10.03 01:45:20 | 000,664,455 | ---- | C] () -- C:\Users\Uwe\HWJC3.png
    [2012.10.03 01:40:20 | 000,697,674 | ---- | C] () -- C:\Users\Uwe\DjVi1.png
    [2012.10.03 01:37:49 | 000,197,039 | ---- | C] () -- C:\Users\Uwe\mAAkm.jpg
    [2012.10.03 01:35:40 | 000,161,301 | ---- | C] () -- C:\Users\Uwe\HMdhvh.jpg
    [2012.10.03 01:30:13 | 000,244,643 | ---- | C] () -- C:\Users\Uwe\MauFN.jpg
    [2012.10.03 01:18:02 | 000,329,054 | ---- | C] () -- C:\Users\Uwe\9ftoa.png
    [2012.10.03 01:06:19 | 000,127,962 | ---- | C] () -- C:\Users\Uwe\eNm7X.jpg
    [2012.09.27 16:05:08 | 490,110,442 | ---- | C] () -- C:\Users\Uwe\Hoeren.7z
    [2012.09.23 15:20:41 | 000,016,449 | ---- | C] () -- C:\Users\Uwe\z-1-3kl-kniffel_vorlage_fuer_protokoll-ID_18232.gif
    [2012.09.21 09:42:31 | 001,265,579 | ---- | C] () -- C:\Users\Uwe\File transfer - Unix-Cluster Documentation - Confluence.mht
    [2012.09.21 09:39:08 | 000,000,600 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\winscp.rnd
    [2012.09.19 19:51:59 | 000,047,818 | ---- | C] () -- C:\Users\Uwe\2-format152.jpg
    [2012.09.19 19:51:39 | 000,045,328 | ---- | C] () -- C:\Users\Uwe\2-format15.jpg
    [2012.09.17 10:38:05 | 000,899,414 | ---- | C] () -- C:\Users\Uwe\SetupDVDDecrypter_3.5.4.0.exe
    [2012.09.10 13:40:25 | 000,004,712 | ---- | C] () -- C:\Users\Uwe\Ihre PIN und PUK zur DeutschlandSIM-Karte.eml
    [2012.09.06 16:57:05 | 000,013,720 | ---- | C] () -- C:\Users\Uwe\AMA PZ12 I.pdf
    [2012.09.03 15:28:03 | 000,255,747 | ---- | C] () -- C:\Users\Uwe\image2.jpg
    [2012.09.03 15:21:13 | 000,442,045 | ---- | C] () -- C:\Users\Uwe\image.jpg
    [2012.08.30 14:52:00 | 000,045,219 | ---- | C] () -- C:\Users\Uwe\5195045_460s.jpg
    [2012.08.29 12:06:55 | 000,705,724 | ---- | C] () -- C:\Users\Uwe\49.gif
    [2012.08.29 12:03:12 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012.08.29 12:03:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012.08.22 21:24:00 | 000,022,750 | ---- | C] () -- C:\Users\Uwe\eistee rezept.odt
    [2012.07.30 14:40:52 | 000,024,923 | ---- | C] () -- C:\Users\Uwe\PB_Überweisung_KtoNr0806222608_30-07-2012_1539.pdf
    [2012.07.30 10:46:17 | 733,479,111 | ---- | C] () -- C:\Users\Uwe\Simon Traditionsgrillen sortiert.zip
    [2012.07.23 13:07:20 | 000,002,468 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\.ptbt0
    [2012.07.16 10:36:08 | 002,018,348 | ---- | C] () -- C:\Users\Uwe\Erfolgreich_Briefe_schreiben.pdf
    [2012.07.16 10:36:08 | 001,552,462 | ---- | C] () -- C:\Users\Uwe\Bewerbungstraining_Irmato.pdf
    [2012.04.01 14:33:46 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012.01.15 14:40:52 | 000,007,607 | ---- | C] () -- C:\Users\Uwe\AppData\Local\resmon.resmoncfg
    [2012.01.15 11:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012.01.15 11:06:48 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2012.01.14 19:09:06 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2012.01.14 19:09:06 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2012.01.14 19:09:06 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2012.01.14 19:09:05 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2012.01.14 19:08:59 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2012.01.14 19:08:43 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
     
    ========== ZeroAccess Check ==========
     
    [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012.10.12 19:29:39 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\.freeciv
    [2012.11.11 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\.minecraft
    [2012.07.16 14:35:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\.purple
    [2012.12.14 10:55:00 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\APP_NAME_NON_STRING
    [2012.05.27 20:57:59 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Autodesk
    [2012.01.23 18:55:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\BluetoothDriverInstaller
    [2012.09.16 21:49:35 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\BSW
    [2012.01.20 00:21:52 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Command & Conquer 3 Kanes Rache
    [2012.10.20 21:25:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DAEMON Tools Lite
    [2012.11.12 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DassaultSystemes
    [2012.12.30 01:54:09 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Dropbox
    [2012.10.12 18:28:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Firefly Studios
    [2012.10.12 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\FreeOrion
    [2012.12.16 13:53:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\gtk-2.0
    [2012.05.13 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Leadertech
    [2012.01.28 13:57:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\LucasArts
    [2012.12.24 12:15:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\MediaMonkey
    [2012.01.15 12:13:05 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Miranda
    [2012.03.06 06:15:59 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Motorola
    [2012.11.20 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Mumble
    [2012.10.15 22:27:27 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\NetSpeedMonitor
    [2012.01.27 14:44:31 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\OpenOffice.org
    [2012.07.23 10:10:02 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Opera
    [2012.11.06 19:02:19 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Origin
    [2012.12.14 11:05:00 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PDF Architect
    [2012.12.14 10:54:40 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\pdfforge
    [2012.07.02 08:35:19 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PTC
    [2012.09.17 10:39:21 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\RipIt4Me
    [2012.01.15 11:44:34 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Thunderbird
    [2012.11.13 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Trillian
    [2012.05.03 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TS3Client
    [2012.03.06 16:48:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Vodafone
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 921 bytes -> C:\Users\Uwe\[...].eml:OECustomProperty
    
    < End of report >
    Extras.txt
    Code:
    OTL Extras logfile created on: 30.12.2012 10:47:28 - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,68 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 32,32% Memory free
    7,35 Gb Paging File | 4,87 Gb Available in Paging File | 66,21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119,14 Gb Total Space | 26,28 Gb Free Space | 22,06% Space Free | Partition Type: NTFS
     
    Computer Name: RAUL | User Name: Uwe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    "" = 
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06CF2B52-1590-47BC-86A8-E0672DD069DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{211B84C8-595F-44FB-AA3A-B943CBDE81BB}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{233FC4AC-133B-4768-B522-BF27A0D0DBD1}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{2F88ECAB-59CC-4BFD-A4EF-11933A6B4F3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{37D177A4-76BF-4711-8154-FCFFBD8B90F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{45CC9498-A7B6-445B-98FB-206864090AC9}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{60462A8C-D941-4D50-90E0-6A3869AAA65E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{640FF713-394A-4C12-B0FC-EAB310A67931}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{673DEC1B-743D-4603-B524-88BEEE181E07}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{6B6B0C66-3258-4DCB-9C93-4BDA5F7FDA0A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{83CE1132-6AA6-49F0-8F66-1568BD25BCFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{8AC0883A-DD9D-49E0-9F47-AD40417354CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{8C2A6A10-47B7-4828-BB34-0C12777C3376}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{92ECA2BA-C3C3-4E44-BC6B-C2D9A18F6949}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{9AB4E92D-219A-407F-9132-CE91761E0E8B}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{B349E2B7-C244-4446-BC12-65F935650972}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{C2E0F4F9-7EF7-40CA-9889-605FBB38CD18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{C9660E2C-A1A3-442D-B8AF-980D3562C4F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{EC3C2024-69F2-4BE9-B04B-ED248932C68B}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{EE543CDD-75ED-4CA6-BDAF-6B3566E3D8E2}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{F9F4F255-B0BB-4138-A541-05870F6461A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] 
    "{03E9AE93-FDFB-4286-950C-3861FDD23443}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
    "{06DC0879-4C3A-44E8-9F65-58FA45CCF089}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
    "{07A715A2-92EF-4267-82F7-6577A32CCAA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{087F0F61-1BA1-40BD-B3AA-2DB25A594F21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |  
    "{1327EB15-B270-4275-B1F5-6E4B0897DAEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
    "{137FFFE7-942F-4928-804A-D42AFBFA770D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{147513AD-97E9-4DEF-B4FE-35F55151A585}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{15D2697E-F45D-48FF-A033-47CF92CFD1B1}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | 
    "{1B5EA8B5-232F-4784-8C9B-F45F4BCACD48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{1C1BAECE-8E97-4ABC-B447-1B98CFB3C837}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{1CE86587-968F-4B53-877D-0D8F98CB90E4}" = protocol=6 | dir=in | app=c:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe | 
    "{28F94C0C-0633-48BC-BB8B-42B5EBAEB5B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{319BBD07-EE3D-4A45-A9A5-833EBA4A0B98}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{4505A3FB-CBF4-474F-9D98-91B517898BCD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | 
    "{56C80990-CFA8-4C0C-A0D8-C51B7D0CE3D6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | 
    "{58CBB2DE-40FA-48E1-AEAC-A67FA69DAFAA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{5DBB4BA8-C42C-40C4-9788-495AC01C2700}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
    "{6092E45C-5067-495F-AA18-7F98410B144E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{6A5BE62B-7624-4F29-A7F6-4A09ACA93A6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{6DF0CE02-9ED4-4596-AA46-5DB4436A9365}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{6F06A7B7-08C7-497F-B094-29535EB797FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{730984DB-0203-47E1-90A0-9ED75DEB39E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{739E71E5-396A-40D2-8324-9D749EEE6E9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
    "{7605DCBC-290C-4D43-881E-A44169FAFEE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
    "{7E635171-86C9-48BD-8D4C-4CD48AF6A205}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
    "{7FBDEC3F-0084-48DB-A975-08BC695A48CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
    "{8493EB7F-704B-4A24-8370-0915080027D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{85F18A46-1166-46B6-AE60-FB693E3436A8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{870A1594-0A0E-4701-ACDD-E958B94D77FD}" = protocol=17 | dir=in | app=c:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe | 
    "{9145FEC1-6E6C-4373-B277-3BC004F41396}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
    "{92E6CD14-7AC3-4594-874C-077C4851E393}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
    "{9C371F94-66F9-400D-9B2E-4E67889D7474}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{9DC8B75A-D7F9-4101-AB8C-B2C5FB9BCDCB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{A36C26B1-551C-4F7F-8D06-01E8CEF54267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{A6C3A7BB-D9D1-4C61-B403-730CD0C76CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe | 
    "{ADC88142-09C5-4343-98CE-3C97F6937F0D}" = protocol=6 | dir=out | app=system | 
    "{AF372C71-E1F0-447F-8608-046D783450E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{B5312700-ADC5-4524-BC3F-6F6FA309FAA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
    "{B918B730-FC58-4F6B-9EEB-C0FFDD6473C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{C573A299-B4C0-4AA6-97E5-5CF16CB4C1D8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{C6E84788-89EB-4992-8857-0E09EEDC5790}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{C8B5B347-4965-48D0-8188-E091AA05D636}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
    "{CC271C71-5E52-4E45-8A0B-FDC8A94579C1}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
    "{CDC799E6-3843-4515-9E11-A9EA57BE94DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
    "{D341CA22-2591-4F6D-9EDD-1DC50F674AF9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{DB236089-AC91-478C-8848-CC6281BB002B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{DBCFE21C-EFF0-4E4D-805F-ADAA8C576020}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{E0F7722D-C52B-4062-B3C2-A7B5B4E4C86F}" = protocol=17 | dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe | 
    "{E16FE53E-59A5-4DF9-9A55-08CAB87B0176}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{E5E3C93A-0AF6-48A9-B13F-AC1AFC6798BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{EEEAF790-6F2A-4A50-BCDD-02FFD1E62AB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
    "TCP Query User{01A3AA7E-35E5-4A36-A5E7-9029C2B7ED20}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
    "TCP Query User{254454E5-09D8-4697-A21C-22D81B786536}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
    "TCP Query User{2D06413C-4C84-4ABD-A501-62F29731158F}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
    "TCP Query User{577FB109-70E2-41CD-8551-C915F9E44DFC}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "TCP Query User{6AE502FA-7755-481C-BB6F-6F1E84BAEF5C}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
    "TCP Query User{6E3E4D09-328F-4664-BD99-18C5AE6F3519}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
    "TCP Query User{6E6244EE-5C68-475A-B693-DC208F443F3E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "TCP Query User{7831F516-FDC5-4954-9D36-3C667DF56F0B}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
    "TCP Query User{7BC48C1E-B2A9-49F9-A2AD-55DABB003A90}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe | 
    "TCP Query User{81317C93-5057-443A-A806-ECBA82F26A04}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "TCP Query User{A12C419C-73DA-4043-855E-F9B3ECCC0833}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | 
    "TCP Query User{AC523576-FC71-44D6-8FFD-F70326E04D72}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
    "TCP Query User{AE652FA4-6011-445E-A6FE-1C3B89729EF5}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
    "TCP Query User{BFF60903-730B-4F10-B247-6953A1C50BD2}C:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe | 
    "TCP Query User{C694128B-8B16-40FC-AF5E-EB75BDF1B8C1}C:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe | 
    "TCP Query User{D5C6CBB6-57FE-4D4C-87E5-AAE3D70A6C98}C:\program files (x86)\freeorion\freeoriond.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeorion\freeoriond.exe | 
    "TCP Query User{DA76091E-4A75-4F09-9498-87A8EFFEB60C}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
    "TCP Query User{F87A8506-6D3C-48F5-AB66-D93E2E073AE2}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
    "TCP Query User{FF0AB657-894C-43A6-B8DF-32C5CEC83E9A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "UDP Query User{0A1C74F2-ED6E-40AC-9EB5-227D89D1F608}C:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe | 
    "UDP Query User{0A22BD6C-F16D-405E-846E-192C45B9715A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "UDP Query User{0B69FBD3-5A3C-4944-AFD5-5CB18F7B008A}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe | 
    "UDP Query User{1112CF35-53B8-4A3C-92AE-C19C5191FE50}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | 
    "UDP Query User{18A9A074-CC52-464F-AAB6-98260A2BBEF2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "UDP Query User{2180FF66-A58E-4F4A-BE62-BBED6CEC9069}C:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe | 
    "UDP Query User{2E4930E0-5717-4EEA-B622-8055DCF587AE}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
    "UDP Query User{3F3E6C65-8AC4-4269-97D8-5C0C4BC28B30}C:\program files (x86)\freeorion\freeoriond.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeorion\freeoriond.exe | 
    "UDP Query User{434DCC27-74A6-49DE-95B4-BBEED8769020}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
    "UDP Query User{4ADC9CB0-33B4-4883-8E1D-B3D26BC00E44}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
    "UDP Query User{6EC84EB3-7946-4246-B671-D63B185CB72E}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
    "UDP Query User{87470DB9-4866-40D7-8C0B-036A19AE72FA}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "UDP Query User{89AA896D-A4DF-4DF2-B9D2-08662C182C34}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
    "UDP Query User{9E18A6D5-2493-4FFB-A5C4-9005D4356ABF}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
    "UDP Query User{AF0D5ED4-372B-4DED-9DB6-B63A9F2F2017}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
    "UDP Query User{C38CA49E-622A-4225-AF57-16F08C9BE8B6}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
    "UDP Query User{D8E5D1DC-A957-4018-9D31-F5AB2609B15E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "UDP Query User{DBE777CC-2CFA-41F1-A74A-573216DF2AD5}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
    "UDP Query User{F57917C0-90A9-4E70-A3FA-849A83E4B4E4}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    "{1DA72689-5F3E-9B80-1E06-FBC2567EBF44}" = ATI Catalyst Install Manager
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) German Language Pack
    "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul Language Pack
    "{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul
    "{51BC086E-2946-442C-B01D-37587285E833}" = ProductView Express 9.1
    "{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012
    "{5960C9E4-D4B8-CB6A-54A7-796D82D93CB9}" = ccc-utility64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
    "{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
    "{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 Language Pack - Deutsch
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
    "{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
    "{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
    "{D25FF5C1-1664-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2012
    "{D44320DB-2B49-4EF7-BE7E-9EEFAF9CCF7B}" = Pro/ENGINEER Thumbnail Viewer 1.0
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
    "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
    "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
    "Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul" = Autodesk Inventor Fusion for Inventor 2012 Add-in
    "Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 Deutsch
    "DWG TrueView 2012" = DWG TrueView 2012
    "GIMP-2_is1" = GIMP 2.8.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
    "Pro/ENGINEER Release Wildfire 5.0 Datecode M060" = Pro/ENGINEER Release Wildfire 5.0 Datecode M060
    "sp6" = Logitech SetPoint 6.32
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0237D5C3-B31E-088C-B19B-38083FDBE5AF}" = CCC Help Italian
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{137FDFDF-C5BF-C499-4A00-933D04AEA177}" = CCC Help Danish
    "{15251617-87E5-E307-E191-D23D994CE0FD}" = CCC Help Hungarian
    "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
    "{1A30E575-B4C9-EFBF-FB36-2BF5FB9EB173}" = CCC Help Norwegian
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
    "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
    "{30B2AB70-E678-3913-4727-F3167B878D6D}" = Catalyst Control Center Localization All
    "{316B0D68-0170-F6C5-D7C6-6021EEC52EB4}" = CCC Help French
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{4583C747-FB0B-40DA-750D-663717824278}" = ccc-core-static
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
    "{555A72BD-E280-4399-B91D-61DD68F2F222}" = CCC Help Japanese
    "{567E2E99-BF74-797C-7A3F-36A02007CFF7}" = CCC Help Finnish
    "{56C3467E-A509-D84E-1A46-0BC2D5C80FEF}" = CCC Help Chinese Traditional
    "{578995E9-9AA9-C86C-8859-A3D209F6BA11}" = CCC Help Turkish
    "{57CA189D-BAEB-49BC-AE75-CE70E9B775E1}" = Catalyst Control Center - Branding
    "{59B3215B-0604-E6E7-9916-CF8137A29628}" = CCC Help Polish
    "{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
    "{5FAFBE0F-F86B-0CD8-A573-B90591AA4A97}" = CCC Help Czech
    "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "{62939D22-F2E8-44BD-A655-0D1F41D5EBA2}" = Autodesk 123D Catch
    "{62E70245-1784-13CF-9131-781AC247F58F}" = CCC Help Spanish
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{6913ED40-2BCF-C84D-AE73-AD73A116DCF9}" = CCC Help Dutch
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{723BF0BF-1C39-AAEA-B5B3-7922A67DDFD4}" = Catalyst Control Center InstallProxy
    "{75AB5D01-6381-633C-910B-1E2F53801E94}" = Catalyst Control Center Graphics Previews Vista
    "{786F31EB-84E1-4C0C-B13E-1412C5E1C534}" = CCC Help German
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{862259F3-C998-2E23-49BB-EFD7F26ADCE7}" = CCC Help Russian
    "{88FF8A21-F198-43DF-A5D9-5F9E0EB620A8}" = Autodesk 123D Make 1.0
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9313C9B0-C33A-576D-93DC-1652DBAD69AF}" = CCC Help Korean
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
    "{9BAD13FC-855F-06DA-FD9C-86B7F751932C}" = PX Profile Update
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
    "{AC2F724E-83C9-F665-DCC3-66D742BC792C}" = CCC Help Portuguese
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
    "{B6F1F5CF-A550-7ED5-B578-33CA464B5713}" = CCC Help Chinese Standard
    "{B6F99B9C-D7A6-37F1-8019-0FFC98B1FF72}" = CCC Help English
    "{D1D21276-7B56-59A0-D35B-D089C24F5229}" = CCC Help Thai
    "{D9ED6557-6D68-3AA7-0354-6A75194608B6}" = CCC Help Greek
    "{DD87ADFB-CF5F-011F-6CE9-63EA5C9DAA94}" = CCC Help Swedish
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Autodesk Design Review 2012" = Autodesk Design Review 2012
    "Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
    "BrettspielWelt" = BrettspielWelt
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Hugin" = Hugin 2011.4.0
    "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "LManager" = Launch Manager
    "Miranda IM" = Miranda IM 0.10.9
    "MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
    "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
    "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Opera 12.12.1707" = Opera 12.12
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 400" = Portal
    "Steam App 630" = Alien Swarm
    "VLC media player" = VLC media player 2.0.4
    "winscp3_is1" = WinSCP 4.3.9
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 22.10.2012 13:52:57 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: ALMon.exe, Version: 3.45.111.317,
     Zeitstempel: 0x4ff70377  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
     Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bc21  ID des fehlerhaften
     Prozesses: 0xcd8  Startzeit der fehlerhaften Anwendung: 0x01cdb077c761484a  Pfad der
     fehlerhaften Anwendung: C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe  Pfad 
    des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 4fa1f277-1c71-11e2-a7e1-206a8a142f19
     
    Error - 25.10.2012 19:06:45 | Computer Name = Raul | Source = Application Hang | ID = 1002
    Description = Programm miranda32.exe, Version 0.10.4.0 kann nicht mehr unter Windows
     ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
     um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 136c    Startzeit:
     01cdb2f6b6b85a87    Endzeit: 20    Anwendungspfad: C:\Program Files (x86)\Miranda IM\miranda32.exe
    
    Berichts-ID:
     a1d05c6a-1ef8-11e2-bebd-206a8a142f19  
     
    Error - 29.10.2012 10:22:59 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.1.0, Zeitstempel:
     0x4f63d546  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17932,
     Zeitstempel: 0x50327672  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00036f45  ID des fehlerhaften
     Prozesses: 0x13a8  Startzeit der fehlerhaften Anwendung: 0x01cdb5e0de6b4cb5  Pfad der
     fehlerhaften Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
     Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 238f872f-21d4-11e2-8b90-206a8a142f19
     
    Error - 07.11.2012 12:40:24 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: ALMon.exe, Version: 3.46.113.326,
     Zeitstempel: 0x5058a6c4  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
     Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bc21  ID des fehlerhaften
     Prozesses: 0xbdc  Startzeit der fehlerhaften Anwendung: 0x01cdbcfc52dab14f  Pfad der
     fehlerhaften Anwendung: C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe  Pfad 
    des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: d34fc2f1-28f9-11e2-8fbd-5cac4c61185c
     
    Error - 08.11.2012 04:35:11 | Computer Name = Raul | Source = RasClient | ID = 20227
    Description = 
     
    Error - 08.11.2012 04:35:11 | Computer Name = Raul | Source = RasClient | ID = 20227
    Description = 
     
    Error - 11.11.2012 15:19:53 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.4.0, Zeitstempel:
     0x507c71cd  Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.4.0, Zeitstempel:
     0x507c71cd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001665  ID des fehlerhaften Prozesses:
     0x1678  Startzeit der fehlerhaften Anwendung: 0x01cdc03f673cbada  Pfad der fehlerhaften
     Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
     C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: c4aa7ae4-2c34-11e2-9395-206a8a142f19
     
    Error - 11.11.2012 15:40:39 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.4.0, Zeitstempel:
     0x507c71cd  Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.4.0, Zeitstempel:
     0x507c71cd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001665  ID des fehlerhaften Prozesses:
     0x2fc  Startzeit der fehlerhaften Anwendung: 0x01cdc0418dc0fd52  Pfad der fehlerhaften
     Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
     C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: ab439c17-2c37-11e2-9395-206a8a142f19
     
    Error - 14.11.2012 11:01:42 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1069,
     Zeitstempel: 0x4c892701  Name des fehlerhaften Moduls: atiadlxx.dll, Version: 6.14.10.1054,
     Zeitstempel: 0x4c891f0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001f468
    ID
     des fehlerhaften Prozesses: 0xae4  Startzeit der fehlerhaften Anwendung: 0x01cdc23ac7082792
    Pfad
     der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe  Pfad des fehlerhaften
     Moduls: C:\Windows\system32\atiadlxx.dll  Berichtskennung: 32c067fc-2e6c-11e2-95b5-d7b9a3adc751
     
    Error - 20.11.2012 11:08:24 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1069,
     Zeitstempel: 0x4c892701  Name des fehlerhaften Moduls: atiadlxx.dll, Version: 6.14.10.1054,
     Zeitstempel: 0x4c891f0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001f468
    ID
     des fehlerhaften Prozesses: 0x45c  Startzeit der fehlerhaften Anwendung: 0x01cdc71c1d3e05df
    Pfad
     der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe  Pfad des fehlerhaften
     Moduls: C:\Windows\system32\atiadlxx.dll  Berichtskennung: 20d46f25-3324-11e2-82f5-206a8a142f19
     
    Error - 20.11.2012 14:31:38 | Computer Name = Raul | Source = RasClient | ID = 20227
    Description = 
     
    [ Cisco AnyConnect Secure Mobility Client Events ]
    Error - 15.01.2012 07:03:00 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 1847 ConnectMgr::processIfcData
     failed
     
    Error - 15.01.2012 07:03:00 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::initiateConnect File: .\ConnectMgr.cpp Line: 913
    Connection
     failed.
     
    Error - 15.01.2012 07:03:00 | Computer Name = Raul | Source = acvpnui | ID = 67108866
    Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 531 Invoked Function:
     ConnectMgr::initiateConnect Return Code: -29556727 (0xFE3D0009) Description: CONNECTMGR_ERROR_UNEXPECTED
    
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108866
    Description = Function: ConnectIfc::connect File: .\ConnectIfc.cpp Line: 312 Invoked
     Function: ConnectIfc::handleRedirects Return Code: -30015460 (0xFE36001C) Description:
     CONNECTIFC_ERROR_CAPTIVE_PORTAL_REDIRECT:An unknown redirect was received, possibly
     from a captive portal. 
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108866
    Description = Function: ConnectMgr::doConnectIfcConnect File: .\ConnectMgr.cpp Line:
     1792 Invoked Function: ConnectIfc::connect Return Code: -30015460 (0xFE36001C) Description:
     CONNECTIFC_ERROR_CAPTIVE_PORTAL_REDIRECT:An unknown redirect was received, possibly
     from a captive portal. 
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 2234
    Content
     type (unknown) received. Response type (failed) from www.rz.rwth-aachen.de: 
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 1847 ConnectMgr::processIfcData
     failed
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::initiateConnect File: .\ConnectMgr.cpp Line: 913
    Connection
     failed.
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108866
    Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 531 Invoked Function:
     ConnectMgr::initiateConnect Return Code: -29556727 (0xFE3D0009) Description: CONNECTMGR_ERROR_UNEXPECTED
    
     
    Error - 15.01.2012 07:32:56 | Computer Name = Raul | Source = acvpnagent | ID = 67110873
    Description = Termination reason code 7: The agent has been stopped.
     
    [ System Events ]
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "\Device\HarddiskVolume4" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 24.12.2012 05:07:25 | Computer Name = Raul | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
     
     
    < End of report >
    Geändert von Freischneider (30.12.2012 um 11:15 Uhr)

  4. #4
    Einsteiger
    Registriert seit
    30.12.2012
    Beiträge
    11

    AW: Win32/Small.CA-Virus

    5. Rootkit-Scan: (64-bit)
    Code:
    Sophos Anti-Rootkit Version 1.5.20 (data 4.84)  (c) 2009 Sophos Plc
    Started logging on 30.12.2012 at 11:10:39
    User "Uwe" on computer "RAUL"
    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    Info:	Starting registry scan.
    Stopped logging on 30.12.2012 at 11:11:12
    
    
    Sophos Anti-Rootkit Version 1.5.20 (data 4.84)  (c) 2009 Sophos Plc
    Started logging on 30.12.2012 at 11:13:04
    User "Uwe" on computer "RAUL"
    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    Info:	Starting registry scan.
    Info:	Starting disk scan of C: (NTFS).
    Stopped logging on 30.12.2012 at 11:21:48
    Geändert von Freischneider (30.12.2012 um 11:14 Uhr)

  5. #5
    Einsteiger
    Registriert seit
    30.12.2012
    Beiträge
    11

    AW: Win32/Small.CA-Virus

    6. Dateiliste mit HJTscanlist.bat
    Code:
     
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                            º                                    º 
                                        hjtscanlist v2.0              
                            º                                    º 
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
    
    Microsoft Windows [Version 6.1.7601]
     
     
    C:
    
      30.12.2012 11:30     C:\Temp --------- 0   
           C:\pagefile.sys ---------    
           C:\hiberfil.sys ---------    
      30.12.2012 01:59     C:\System Volume Information --------- 16384   
      30.12.2012 01:56     C:\Program Files --------- 8192   
      30.12.2012 01:56     C:\Program Files (x86) --------- 24576   
      24.12.2012 12:19     C:\ProgramData --------- 8192   
      15.12.2012 18:39     C:\Windows --------- 20480   
      22.09.2012 01:40     C:\pckaiser --------- 4096   
      27.05.2012 20:54     C:\Autodesk --------- 0   
      09.04.2012 11:28     C:\MSOCache --------- 0   
      01.04.2012 14:37     C:\MITSI 2012 Temporary Files --------- 0   
      01.04.2012 14:34     C:\c123d3fe0db214625aa1 --------- 0   
      27.03.2012 21:17     C:\PerfLogs --------- 0   
      30.01.2012 14:50     C:\$Recycle.Bin --------- 0   
      15.01.2012 10:51     C:\Intel --------- 0   
      15.01.2012 10:49     C:\Users --------- 4096   
      15.01.2012 10:48     C:\Recovery --------- 0   
      15.01.2012 10:48     C:\Programme --------- 0   
      15.01.2012 10:48     C:\Dokumente und Einstellungen --------- 0   
      14.07.2009 06:08     C:\Documents and Settings --------- 0   
      07.11.2007 07:12     C:\VC_RED.MSI --------- 232960   
      07.11.2007 07:09     C:\VC_RED.cab --------- 1442522   
      07.11.2007 07:03     C:\install.res.1041.dll --------- 81424   
      07.11.2007 07:03     C:\install.res.1042.dll --------- 79888   
      07.11.2007 07:03     C:\install.res.2052.dll --------- 75792   
      07.11.2007 07:03     C:\install.res.3082.dll --------- 96272   
      07.11.2007 07:03     C:\install.res.1040.dll --------- 95248   
      07.11.2007 07:03     C:\install.res.1028.dll --------- 76304   
      07.11.2007 07:03     C:\install.res.1036.dll --------- 97296   
      07.11.2007 07:03     C:\install.res.1031.dll --------- 96272   
      07.11.2007 07:03     C:\install.res.1033.dll --------- 91152   
      07.11.2007 07:03     C:\install.exe --------- 562688   
      07.11.2007 07:00     C:\eula.1036.txt --------- 17734   
      07.11.2007 07:00     C:\eula.1033.txt --------- 10134   
      07.11.2007 07:00     C:\eula.1031.txt --------- 17734   
      07.11.2007 07:00     C:\eula.1028.txt --------- 17734   
      07.11.2007 07:00     C:\eula.1041.txt --------- 118   
      07.11.2007 07:00     C:\eula.1042.txt --------- 17734   
      07.11.2007 07:00     C:\eula.2052.txt --------- 17734   
      07.11.2007 07:00     C:\install.ini --------- 843   
      07.11.2007 07:00     C:\eula.1040.txt --------- 17734   
      07.11.2007 07:00     C:\vcredist.bmp --------- 5686   
      07.11.2007 07:00     C:\eula.3082.txt --------- 17734   
      07.11.2007 07:00     C:\globdata.ini --------- 1110   
      01.12.2006 22:37     C:\msdia80.dll --------- 904704   
    ----------------------------------------
    
     
    C:\Windows
    
      30.12.2012 11:30     C:\Windows\setupact.log --------- 109992   
      30.12.2012 11:29     C:\Windows\bootstat.dat --------- 67584   
      30.12.2012 11:29     C:\Windows\PFRO.log --------- 12112   
      30.12.2012 11:33     C:\Windows\WindowsUpdate.log --------- 1267578   
      17.11.2012 17:47     C:\Windows\Setup1.exe --------- 290816   
      17.11.2012 17:47     C:\Windows\ST6UNST.EXE --------- 74752   
      06.11.2012 19:55     C:\Windows\DirectX.log --------- 303187   
      24.08.2012 13:22     C:\Windows\LkmdfCoInst.log --------- 2920   
      04.06.2012 22:02     C:\Windows\LucasArts Uninstall Log.txt --------- 4588   
      13.05.2012 21:25     C:\Windows\LDPINST.LOG --------- 7117   
      26.02.2012 14:50     C:\Windows\msxml4-KB973688-enu.LOG --------- 282918   
      26.02.2012 14:50     C:\Windows\msxml4-KB954430-enu.LOG --------- 289040   
      11.02.2012 07:36     C:\Windows\splwow64.exe --------- 67072   
      28.01.2012 13:55     C:\Windows\LucasArts Setup Log.txt --------- 10267   
      15.01.2012 22:55     C:\Windows\IE9_main.log --------- 6487   
      15.01.2012 15:07     C:\Windows\DIFx.log --------- 1330   
      15.01.2012 12:34     C:\Windows\VPNInstall.MIF --------- 1594   
      15.01.2012 11:25     C:\Windows\DPINST.LOG --------- 5530   
      15.01.2012 11:07     C:\Windows\ativpsrm.bin --------- 0   
      15.01.2012 11:03     C:\Windows\LMv4.UNI --------- 184   
      15.01.2012 10:45     C:\Windows\DtcInstall.log --------- 1774   
      15.01.2012 10:45     C:\Windows\TSSysprep.log --------- 1313   
      25.02.2011 07:19     C:\Windows\explorer.exe --------- 2871808   
      20.11.2010 14:24     C:\Windows\bfsvc.exe --------- 71168   
      20.11.2010 13:21     C:\Windows\twain_32.dll --------- 51200   
      02.08.2010 04:38     C:\Windows\atiogl.xml --------- 21866   
      25.01.2010 15:09     C:\Windows\UNINSTLMv4.EXE --------- 349776   
      13.01.2010 13:17     C:\Windows\RtlExUpd.dll --------- 1247776   
      14.07.2009 06:09     C:\Windows\win.ini --------- 403   
      14.07.2009 05:54     C:\Windows\WindowsShell.Manifest --------- 749   
      14.07.2009 05:51     C:\Windows\setuperr.log --------- 0   
      14.07.2009 02:39     C:\Windows\write.exe --------- 10240   
      14.07.2009 02:39     C:\Windows\regedit.exe --------- 427008   
      14.07.2009 02:39     C:\Windows\notepad.exe --------- 193536   
      14.07.2009 02:39     C:\Windows\HelpPane.exe --------- 733696   
      14.07.2009 02:39     C:\Windows\hh.exe --------- 16896   
      14.07.2009 02:39     C:\Windows\fveupdate.exe --------- 15360   
      14.07.2009 02:14     C:\Windows\winhlp32.exe --------- 9728   
      14.07.2009 02:14     C:\Windows\twunk_32.exe --------- 31232   
      14.07.2009 00:06     C:\Windows\mib.bin --------- 43131   
      10.06.2009 22:41     C:\Windows\twunk_16.exe --------- 49680   
      10.06.2009 22:41     C:\Windows\twain.dll --------- 94784   
      10.06.2009 22:08     C:\Windows\system.ini --------- 219   
      10.06.2009 21:52     C:\Windows\WMSysPr9.prx --------- 316640   
      10.06.2009 21:36     C:\Windows\msdfmap.ini --------- 1405   
      10.06.2009 21:31     C:\Windows\Starter.xml --------- 48201   
      10.06.2009 21:30     C:\Windows\Professional.xml --------- 53551   
    ----------------------------------------
    
     
    C:\Windows\System
    
    ----------------------------------------
    
     
    C:\Windows\System32
    
     30.12.2012 11:33     C:\Windows\system32\config --------- 24576  
     30.12.2012 11:32     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 16896  
     30.12.2012 11:32     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 16896  
     30.12.2012 11:19     C:\Windows\system32\perfc007.dat --------- 148134  
     30.12.2012 11:19     C:\Windows\system32\perfc009.dat --------- 121080  
     30.12.2012 11:19     C:\Windows\system32\perfh007.dat --------- 696870  
     30.12.2012 11:19     C:\Windows\system32\perfh009.dat --------- 652148  
     30.12.2012 11:19     C:\Windows\system32\PerfStringBackup.INI --------- 1612484  
     30.12.2012 11:01     C:\Windows\system32\FxsTmp --------- 0  
     30.12.2012 01:53     C:\Windows\system32\drivers --------- 65536  
     30.12.2012 01:53     C:\Windows\system32\catroot --------- 8192  
     30.12.2012 01:53     C:\Windows\system32\DriverStore --------- 4096  
     29.12.2012 13:59     C:\Windows\system32\NDF --------- 0  
     21.12.2012 15:20     C:\Windows\system32\FNTCACHE.DAT --------- 444056  
     21.12.2012 15:17     C:\Windows\system32\catroot2 --------- 40960  
     16.12.2012 18:11     C:\Windows\system32\atmlib.dll --------- 46080  
     16.12.2012 15:45     C:\Windows\system32\atmfd.dll --------- 367616  
     13.12.2012 18:05     C:\Windows\system32\de-DE --------- 327680  
     13.12.2012 18:05     C:\Windows\system32\migration --------- 0  
     13.12.2012 18:03     C:\Windows\system32\MRT.exe --------- 67413224  
     22.11.2012 04:26     C:\Windows\system32\win32k.sys --------- 3149824  
     14.11.2012 08:35     C:\Windows\system32\wbem --------- 65536  
     14.11.2012 08:06     C:\Windows\system32\mshtml.dll --------- 17811968  
     14.11.2012 07:32     C:\Windows\system32\ieframe.dll --------- 10925568  
     14.11.2012 07:11     C:\Windows\system32\jscript9.dll --------- 2312704  
     14.11.2012 07:04     C:\Windows\system32\urlmon.dll --------- 1346048  
     14.11.2012 07:04     C:\Windows\system32\wininet.dll --------- 1392128  
     14.11.2012 07:02     C:\Windows\system32\inetcpl.cpl --------- 1494528  
     14.11.2012 07:02     C:\Windows\system32\url.dll --------- 237056  
     14.11.2012 06:59     C:\Windows\system32\jsproxy.dll --------- 85504  
     14.11.2012 06:58     C:\Windows\system32\jscript.dll --------- 816640  
     14.11.2012 06:57     C:\Windows\system32\vbscript.dll --------- 599040  
     14.11.2012 06:57     C:\Windows\system32\ieUnatt.exe --------- 173056  
     14.11.2012 06:55     C:\Windows\system32\iertutil.dll --------- 2144768  
     14.11.2012 06:55     C:\Windows\system32\msfeeds.dll --------- 729088  
     14.11.2012 06:53     C:\Windows\system32\mshtmled.dll --------- 96768  
     14.11.2012 06:52     C:\Windows\system32\mshtml.tlb --------- 2382848  
     14.11.2012 06:46     C:\Windows\system32\ieui.dll --------- 248320  
     11.11.2012 20:04     C:\Windows\system32\Tasks --------- 24576  
     09.11.2012 06:45     C:\Windows\system32\tzres.dll --------- 2048  
     05.11.2012 10:54     C:\Windows\system32\SophosBootTasks.exe --------- 37440  
     02.11.2012 06:59     C:\Windows\system32\dpnet.dll --------- 478208  
     28.10.2012 18:32     C:\Windows\system32\pdfcmon.dll --------- 103936  
     12.10.2012 16:35     C:\Windows\system32\msvcp110.dll --------- 661448  
     12.10.2012 16:35     C:\Windows\system32\msvcr110.dll --------- 828872  
     12.10.2012 16:35     C:\Windows\system32\vccorlib110.dll --------- 354264  
     11.10.2012 10:48     C:\Windows\system32\appmgmt --------- 0  
     09.10.2012 19:17     C:\Windows\system32\dhcpcsvc6.dll --------- 55296  
     09.10.2012 19:17     C:\Windows\system32\dhcpcore6.dll --------- 226816  
     04.10.2012 18:46     C:\Windows\system32\wow64win.dll --------- 362496  
     04.10.2012 18:46     C:\Windows\system32\wow64cpu.dll --------- 13312  
     04.10.2012 18:46     C:\Windows\system32\wow64.dll --------- 243200  
     04.10.2012 18:45     C:\Windows\system32\winsrv.dll --------- 215040  
     04.10.2012 18:43     C:\Windows\system32\ntvdm64.dll --------- 16384  
     04.10.2012 18:41     C:\Windows\system32\KernelBase.dll --------- 424960  
     04.10.2012 18:41     C:\Windows\system32\kernel32.dll --------- 1161216  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll --------- 6144  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll --------- 4608  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll --------- 4096  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll --------- 4096  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll --------- 3584  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll --------- 4608  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll --------- 3584  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll --------- 3584  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll --------- 3584  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll --------- 3584  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll --------- 4096  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll --------- 4096  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll --------- 3584  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll --------- 3584  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll --------- 5120  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll --------- 3072  
     04.10.2012 18:38     C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll --------- 3072  
     04.10.2012 16:21     C:\Windows\system32\conhost.exe --------- 338432  
     04.10.2012 12:37     C:\Windows\system32\WindowsAccessBridge-64.dll --------- 108008  
     04.10.2012 12:37     C:\Windows\system32\javaws.exe --------- 289768  
     04.10.2012 12:37     C:\Windows\system32\javaw.exe --------- 189416  
     04.10.2012 12:37     C:\Windows\system32\java.exe --------- 188904  
     04.10.2012 12:37     C:\Windows\system32\npDeployJava1.dll --------- 1034216  
     04.10.2012 12:37     C:\Windows\system32\deployJava1.dll --------- 916456  
     03.10.2012 18:44     C:\Windows\system32\nlasvc.dll --------- 303104  
     03.10.2012 18:44     C:\Windows\system32\nlaapi.dll --------- 70656  
     03.10.2012 18:44     C:\Windows\system32\netevent.dll --------- 18944  
     03.10.2012 18:44     C:\Windows\system32\netcorehc.dll --------- 246272  
     03.10.2012 18:44     C:\Windows\system32\ncsi.dll --------- 216576  
     03.10.2012 18:42     C:\Windows\system32\iphlpsvc.dll --------- 569344  
     28.09.2012 21:42     C:\Windows\system32\coin92.dll --------- 2177704  
     25.09.2012 23:46     C:\Windows\system32\synceng.dll --------- 95744  
     30.08.2012 19:03     C:\Windows\system32\ntoskrnl.exe --------- 5559664  
    ----------------------------------------
    
     
    C:\Windows\Prefetch
    
    ----------------------------------------
    
     
    C:\Windows\Tasks
    
     30.12.2012 11:30     C:\Windows\Tasks\SA.DAT --------- 6  
     30.12.2012 11:00     C:\Windows\Tasks\Adobe Flash Player Updater.job --------- 884  
     25.11.2012 19:56     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632  
    ----------------------------------------
    
     
    C:\Windows\Temp
    
    ----------------------------------------
    
     
    C:\Users\Uwe\AppData\Local\Temp
    
     30.12.2012 11:35     C:\Users\Uwe\AppData\Local\Temp\jusched.log --------- 677075  
     30.12.2012 11:31     C:\Users\Uwe\AppData\Local\Temp\AdobeARM.log --------- 957375  
     30.12.2012 11:31     C:\Users\Uwe\AppData\Local\Temp\~DFF1B15F2A609855D9.TMP --------- 16384  
     30.12.2012 11:31     C:\Users\Uwe\AppData\Local\Temp\acro_rd_dir --------- 4096  
     30.12.2012 11:31     C:\Users\Uwe\AppData\Local\Temp\A9R34F6.tmp --------- 425984  
     30.12.2012 11:30     C:\Users\Uwe\AppData\Local\Temp\WPDNSE --------- 0  
     30.12.2012 11:30     C:\Users\Uwe\AppData\Local\Temp\LMworker.log --------- 0  
     30.12.2012 11:30     C:\Users\Uwe\AppData\Local\Temp\aipflib.log --------- 0  
     30.12.2012 11:30     C:\Users\Uwe\AppData\Local\Temp\LManager.log --------- 0  
     30.12.2012 11:21     C:\Users\Uwe\AppData\Local\Temp\sarscan.log --------- 634  
     30.12.2012 11:14     C:\Users\Uwe\AppData\Local\Temp\samples.sar --------- 8  
     30.12.2012 01:49     C:\Users\Uwe\AppData\Local\Temp\JAUReg.log --------- 1873  
     30.12.2012 01:49     C:\Users\Uwe\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 1904  
     30.12.2012 01:49     C:\Users\Uwe\AppData\Local\Temp\RDDCD9.tmp --------- 0  
     30.12.2012 01:49     C:\Users\Uwe\AppData\Local\Temp\java_install_reg.log --------- 30425  
     30.12.2012 01:49     C:\Users\Uwe\AppData\Local\Temp\hsperfdata_Uwe --------- 0  
     30.12.2012 01:49     C:\Users\Uwe\AppData\Local\Temp\java_install.log --------- 174379  
     30.12.2012 01:47     C:\Users\Uwe\AppData\Local\Temp\java_install_sp.log --------- 10465  
     30.12.2012 01:47     C:\Users\Uwe\AppData\Local\Temp\jinstall.cfg --------- 1334  
     29.12.2012 13:59     C:\Users\Uwe\AppData\Local\Temp\msdt --------- 0  
     28.12.2012 17:45     C:\Users\Uwe\AppData\Local\Temp\plugtmp-74 --------- 0  
     28.12.2012 15:14     C:\Users\Uwe\AppData\Local\Temp\plugtmp-73 --------- 0  
     23.12.2012 16:24     C:\Users\Uwe\AppData\Local\Temp\oxG8XPBY.htm.part --------- 0  
     23.12.2012 13:29     C:\Users\Uwe\AppData\Local\Temp\7e6f38b0-b7d7-9f43-a378-0fb6adcdc739.xml --------- 316  
     17.12.2012 23:19     C:\Users\Uwe\AppData\Local\Temp\plugtmp-72 --------- 0  
     15.12.2012 18:35     C:\Users\Uwe\AppData\Local\Temp\plugtmp-71 --------- 0  
     14.12.2012 18:15     C:\Users\Uwe\AppData\Local\Temp\SDIAG_894b45a1-e4e8-488d-ad8d-bc1e3fd23837 --------- 0  
     14.12.2012 11:25     C:\Users\Uwe\AppData\Local\Temp\Lebenslauf.doc --------- 308736  
     14.12.2012 11:25     C:\Users\Uwe\AppData\Local\Temp\Anschreiben.doc --------- 48640  
     14.12.2012 11:08     C:\Users\Uwe\AppData\Local\Temp\Temporary PDF Files --------- 0  
     14.12.2012 11:03     C:\Users\Uwe\AppData\Local\Temp\~DF16C034D5439EFE61.TMP --------- 114688  
     14.12.2012 10:55     C:\Users\Uwe\AppData\Local\Temp\PDFCreator --------- 0  
     14.12.2012 10:52     C:\Users\Uwe\AppData\Local\Temp\PDFCreatorUninstall.txt --------- 723  
     13.12.2012 18:00     C:\Users\Uwe\AppData\Local\Temp\MozillaMailnews --------- 0  
     13.12.2012 18:00     C:\Users\Uwe\AppData\Local\Temp\Anschreiben.pdf --------- 45138  
     13.12.2012 17:58     C:\Users\Uwe\AppData\Local\Temp\Anschreiben.pdf --------- 44510  
     09.12.2012 18:33     C:\Users\Uwe\AppData\Local\Temp\plugtmp-70 --------- 0  
     08.12.2012 16:37     C:\Users\Uwe\AppData\Local\Temp\MozUpdater-3 --------- 0  
     06.12.2012 20:19     C:\Users\Uwe\AppData\Local\Temp\plugtmp-69 --------- 0  
     05.12.2012 16:08     C:\Users\Uwe\AppData\Local\Temp\_TSFED9.tmp --------- 0  
     04.12.2012 14:15     C:\Users\Uwe\AppData\Local\Temp\plugtmp-68 --------- 0  
     02.12.2012 19:58     C:\Users\Uwe\AppData\Local\Temp\plugtmp-67 --------- 0  
     30.11.2012 22:48     C:\Users\Uwe\AppData\Local\Temp\plugtmp-66 --------- 0  
     30.11.2012 08:30     C:\Users\Uwe\AppData\Local\Temp\~DF5B6D90795D6B3CBC.TMP --------- 65536  
     29.11.2012 19:25     C:\Users\Uwe\AppData\Local\Temp\PDFF93C.tmp --------- 0  
     29.11.2012 19:25     C:\Users\Uwe\AppData\Local\Temp\PDF8797.tmp --------- 0  
     29.11.2012 10:42     C:\Users\Uwe\AppData\Local\Temp\msohtmlclip1 --------- 0  
     28.11.2012 23:34     C:\Users\Uwe\AppData\Local\Temp\plugtmp-65 --------- 0  
     28.11.2012 15:00     C:\Users\Uwe\AppData\Local\Temp\MB_Dipl_PraktikantenRichtlinien_DE.pdf --------- 33976  
     28.11.2012 10:55     C:\Users\Uwe\AppData\Local\Temp\DisplaySwitchPerfLog.log --------- 486  
     28.11.2012 10:55     C:\Users\Uwe\AppData\Local\Temp\MMDUtl.ini --------- 1161  
     27.11.2012 17:46     C:\Users\Uwe\AppData\Local\Temp\plugtmp-64 --------- 0  
     26.11.2012 17:42     C:\Users\Uwe\AppData\Local\Temp\Uwe.bmp --------- 31832  
     25.11.2012 13:09     C:\Users\Uwe\AppData\Local\Temp\Preisliste_oktober_2012.pdf --------- 6134  
     23.11.2012 14:04     C:\Users\Uwe\AppData\Local\Temp\plugtmp-63 --------- 0  
     22.11.2012 17:51     C:\Users\Uwe\AppData\Local\Temp\Div_Div_Antrag_Pruefungsausschuss_DE.pdf --------- 1595370  
     22.11.2012 11:05     C:\Users\Uwe\AppData\Local\Temp\FLUIDON Konferenz 2012.pdf --------- 1306256  
     22.11.2012 09:16     C:\Users\Uwe\AppData\Local\Temp\Diplomarbeit.pdf --------- 2814724  
     21.11.2012 10:35     C:\Users\Uwe\AppData\Local\Temp\a25d5ff2-26c5-1840-ac23-1ac18f4e4b32.xml --------- 316  
     21.11.2012 00:14     C:\Users\Uwe\AppData\Local\Temp\plugtmp-62 --------- 0  
     20.11.2012 23:59     C:\Users\Uwe\AppData\Local\Temp\~DFFF260284360720D1.TMP --------- 16384  
     19.11.2012 11:14     C:\Users\Uwe\AppData\Local\Temp\Einladung Neueinzieher.pdf --------- 75323  
     19.11.2012 09:53     C:\Users\Uwe\AppData\Local\Temp\EModule-1.xlsx --------- 14367  
     19.11.2012 09:52     C:\Users\Uwe\AppData\Local\Temp\EModule.xlsx --------- 14367  
     18.11.2012 18:38     C:\Users\Uwe\AppData\Local\Temp\~DF4FA86C68E3665C4D.TMP --------- 16384  
     18.11.2012 11:00     C:\Users\Uwe\AppData\Local\Temp\~DF68931935F3E9CB4A.TMP --------- 16384  
     17.11.2012 17:46     C:\Users\Uwe\AppData\Local\Temp\SWV21C2.tmp --------- 0  
     17.11.2012 09:36     C:\Users\Uwe\AppData\Local\Temp\lilo.1408 --------- 0  
     15.11.2012 14:58     C:\Users\Uwe\AppData\Local\Temp\JabF09C.png --------- 12273  
     13.11.2012 14:38     C:\Users\Uwe\AppData\Local\Temp\Bunndle --------- 0  
     13.11.2012 14:38     C:\Users\Uwe\AppData\Local\Temp\APNLogs --------- 0  
     13.11.2012 14:38     C:\Users\Uwe\AppData\Local\Temp\AskSLib.dll --------- 248008  
     13.11.2012 14:38     C:\Users\Uwe\AppData\Local\Temp\APN-Stub --------- 0  
     13.11.2012 14:37     C:\Users\Uwe\AppData\Local\Temp\ApnToolbarInstaller.exe --------- 3500712  
     13.11.2012 14:37     C:\Users\Uwe\AppData\Local\Temp\ApnStub.exe --------- 143240  
     13.11.2012 14:37     C:\Users\Uwe\AppData\Local\Temp\ApnIC.dll --------- 246440  
     13.11.2012 14:37     C:\Users\Uwe\AppData\Local\Temp\BunndleOfferManager.dll --------- 342016  
     12.11.2012 09:56     C:\Users\Uwe\AppData\Local\Temp\jar_cache6074823508197681888.tmp --------- 0  
     12.11.2012 09:56     C:\Users\Uwe\AppData\Local\Temp\jar_cache3050157353668342964.tmp --------- 0  
     12.11.2012 09:33     C:\Users\Uwe\AppData\Local\Temp\{CB5EBDEC-43D5-4B2C-8EA2-991F9DEC124C} --------- 0  
     12.11.2012 09:33     C:\Users\Uwe\AppData\Local\Temp\{4AC0EF8E-E186-46C5-B3E9-470BB73893DE} --------- 0  
     11.11.2012 20:40     C:\Users\Uwe\AppData\Local\Temp\vlc-timeshift.15ZTGZ --------- 48121868  
     11.11.2012 20:02     C:\Users\Uwe\AppData\Local\Temp\chrome_installer.log --------- 0  
     11.11.2012 08:55     C:\Users\Uwe\AppData\Local\Temp\~DF9CC0B74F68D752F7.TMP --------- 16384  
     10.11.2012 23:25     C:\Users\Uwe\AppData\Local\Temp\~DF1B5366BCB98DB5B8.TMP --------- 16384  
     10.11.2012 17:22     C:\Users\Uwe\AppData\Local\Temp\~DF7CC60D88E1BD0923.TMP --------- 65536  
     10.11.2012 17:11     C:\Users\Uwe\AppData\Local\Temp\plugtmp-61 --------- 0  
     10.11.2012 15:50     C:\Users\Uwe\AppData\Local\Temp\~DF870D945947B7BF5E.TMP --------- 49152  
     10.11.2012 15:18     C:\Users\Uwe\AppData\Local\Temp\plugtmp-60 --------- 0  
     09.11.2012 23:45     C:\Users\Uwe\AppData\Local\Temp\ece15ca1-36f5-9b4c-90c3-d551649e3a4a.xml --------- 316  
     09.11.2012 14:09     C:\Users\Uwe\AppData\Local\Temp\wmsetup.log --------- 11841  
     08.11.2012 12:45     C:\Users\Uwe\AppData\Local\Temp\R61RxVa0.docx.part --------- 13461  
     07.11.2012 17:23     C:\Users\Uwe\AppData\Local\Temp\plugtmp-59 --------- 0  
     07.11.2012 11:35     C:\Users\Uwe\AppData\Local\Temp\process.log --------- 0  
     07.11.2012 10:52     C:\Users\Uwe\AppData\Local\Temp\19 --------- 16384  
     07.11.2012 10:52     C:\Users\Uwe\AppData\Local\Temp\18 --------- 16384  
     07.11.2012 10:49     C:\Users\Uwe\AppData\Local\Temp\17 --------- 16384  
     07.11.2012 10:49     C:\Users\Uwe\AppData\Local\Temp\16 --------- 16384  
     07.11.2012 10:38     C:\Users\Uwe\AppData\Local\Temp\15 --------- 16384  
     07.11.2012 10:38     C:\Users\Uwe\AppData\Local\Temp\14 --------- 16384  
     07.11.2012 08:25     C:\Users\Uwe\AppData\Local\Temp\Origin --------- 0  
     06.11.2012 20:44     C:\Users\Uwe\AppData\Local\Temp\nsemail-23.eml --------- 4300  
     06.11.2012 20:44     C:\Users\Uwe\AppData\Local\Temp\nsemail-22.eml --------- 1233  
     06.11.2012 20:29     C:\Users\Uwe\AppData\Local\Temp\{17a3597b-9967-4ea1-8738-d4eb007e4182} --------- 0  
     06.11.2012 20:22     C:\Users\Uwe\AppData\Local\Temp\{0470861d-62fa-4e47-8d36-5d0142de1114} --------- 0  
     06.11.2012 20:20     C:\Users\Uwe\AppData\Local\Temp\{5be19ce4-5821-4620-a4b1-005e23036c55} --------- 0  
     06.11.2012 20:20     C:\Users\Uwe\AppData\Local\Temp\{15df029f-ffd0-49bc-9d6e-45d08ede1462} --------- 0  
     06.11.2012 20:20     C:\Users\Uwe\AppData\Local\Temp\{7d1c1105-bbd0-4807-be20-a5a273b8c51c} --------- 0  
     06.11.2012 20:19     C:\Users\Uwe\AppData\Local\Temp\PCWF81.xml --------- 716  
     06.11.2012 20:19     C:\Users\Uwe\AppData\Local\Temp\PCWF81.tmp --------- 0  
     06.11.2012 20:19     C:\Users\Uwe\AppData\Local\Temp\{6328adc0-0438-4ceb-b727-3e56c314d947} --------- 0  
     06.11.2012 20:18     C:\Users\Uwe\AppData\Local\Temp\{2f843682-cd89-45f8-9997-0a55844040df} --------- 0  
     06.11.2012 18:42     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20121106_184212677.html --------- 79440  
     06.11.2012 18:42     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20121106_184212677-MSI_vc_red.msi.txt --------- 277122  
     06.11.2012 18:42     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.40219 --------- 0  
     06.11.2012 18:41     C:\Users\Uwe\AppData\Local\Temp\nslA087.tmp --------- 0  
     06.11.2012 18:41     C:\Users\Uwe\AppData\Local\Temp\nsl8AE5.tmp --------- 0  
     06.11.2012 14:14     C:\Users\Uwe\AppData\Local\Temp\msdtadmin --------- 0  
     06.11.2012 12:21     C:\Users\Uwe\AppData\Local\Temp\~DFC6EEAF690BCCE986.TMP --------- 32768  
     05.11.2012 23:11     C:\Users\Uwe\AppData\Local\Temp\~DF23E4FCDDB3FB69F9.TMP --------- 16384  
     05.11.2012 22:24     C:\Users\Uwe\AppData\Local\Temp\plugtmp-58 --------- 0  
     05.11.2012 14:44     C:\Users\Uwe\AppData\Local\Temp\_TS2165.tmp --------- 0  
     05.11.2012 14:07     C:\Users\Uwe\AppData\Local\Temp\plugtmp-57 --------- 0  
     05.11.2012 10:15     C:\Users\Uwe\AppData\Local\Temp\_TSA6C7.tmp --------- 0  
     05.11.2012 10:00     C:\Users\Uwe\AppData\Local\Temp\~DF805B8D9E2362F959.TMP --------- 16384  
     04.11.2012 19:50     C:\Users\Uwe\AppData\Local\Temp\{0E9FA856-CFC0-4660-B673-B489776EFD18} --------- 0  
     04.11.2012 17:01     C:\Users\Uwe\AppData\Local\Temp\~DF02BD7B60D61E0EC1.TMP --------- 32768  
     03.11.2012 12:07     C:\Users\Uwe\AppData\Local\Temp\~DF3E46818EFD0933AA.TMP --------- 49152  
     02.11.2012 16:06     C:\Users\Uwe\AppData\Local\Temp\~DFB5BA031BAF59ED11.TMP --------- 49152  
     01.11.2012 23:31     C:\Users\Uwe\AppData\Local\Temp\plugtmp-56 --------- 0  
     01.11.2012 23:25     C:\Users\Uwe\AppData\Local\Temp\~DF60AAAE2F3D3FE998.TMP --------- 16384  
     01.11.2012 20:04     C:\Users\Uwe\AppData\Local\Temp\plugtmp-55 --------- 0  
     01.11.2012 18:31     C:\Users\Uwe\AppData\Local\Temp\{430dba6a-90a6-4006-8712-55d02d97f843} --------- 0  
     01.11.2012 18:30     C:\Users\Uwe\AppData\Local\Temp\SetC2C3.tmp --------- 107512  
     01.11.2012 18:21     C:\Users\Uwe\AppData\Local\Temp\{FED64C6E-03CC-47C2-AFAF-1031879BF3F8} --------- 0  
     01.11.2012 18:16     C:\Users\Uwe\AppData\Local\Temp\DMIF343.tmp --------- 0  
     01.11.2012 18:13     C:\Users\Uwe\AppData\Local\Temp\DMI70FA.tmp --------- 0  
     01.11.2012 18:09     C:\Users\Uwe\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe --------- 50154648  
     01.11.2012 18:07     C:\Users\Uwe\AppData\Local\Temp\DMI140C.tmp --------- 0  
     30.10.2012 22:11     C:\Users\Uwe\AppData\Local\Temp\MozUpdater-2 --------- 0  
     30.10.2012 19:15     C:\Users\Uwe\AppData\Local\Temp\~DF04B1831F5A508A23.TMP --------- 32768  
     30.10.2012 14:37     C:\Users\Uwe\AppData\Local\Temp\Seminar Vorstellungsgespr„ch - Was steckt dahinter-1.pdf --------- 718921  
     29.10.2012 15:23     C:\Users\Uwe\AppData\Local\Temp\vlc-2.0.4-win32.exe --------- 8223744  
     29.10.2012 12:08     C:\Users\Uwe\AppData\Local\Temp\plugtmp-54 --------- 0  
     28.10.2012 22:02     C:\Users\Uwe\AppData\Local\Temp\~DFE8027AD4F9E5AFE6.TMP --------- 16384  
     28.10.2012 15:08     C:\Users\Uwe\AppData\Local\Temp\MozUpdater-1 --------- 0  
     28.10.2012 12:44     C:\Users\Uwe\AppData\Local\Temp\plugtmp-53 --------- 0  
     27.10.2012 18:00     C:\Users\Uwe\AppData\Local\Temp\{882CDD1E-1D19-40E5-9A3C-3D7ABFF4A21E} --------- 0  
     27.10.2012 00:10     C:\Users\Uwe\AppData\Local\Temp\~DF0A634339D6903D17.TMP --------- 16384  
     25.10.2012 22:29     C:\Users\Uwe\AppData\Local\Temp\vlc-2.0.2-win32.exe --------- 7317504  
     25.10.2012 21:21     C:\Users\Uwe\AppData\Local\Temp\SDIAG_bd6e68ac-8746-41cc-9cc3-0d383da7c325 --------- 0  
     25.10.2012 00:06     C:\Users\Uwe\AppData\Local\Temp\comtypes_cache --------- 0  
     23.10.2012 08:10     C:\Users\Uwe\AppData\Local\Temp\plugtmp-52 --------- 0  
     22.10.2012 10:11     C:\Users\Uwe\AppData\Local\Temp\_TS9474.tmp --------- 0  
     21.10.2012 09:22     C:\Users\Uwe\AppData\Local\Temp\~DF951F5C9813F20790.TMP --------- 16384  
     21.10.2012 01:29     C:\Users\Uwe\AppData\Local\Temp\MozUpdater --------- 0  
     20.10.2012 02:28     C:\Users\Uwe\AppData\Local\Temp\plugtmp-51 --------- 0  
     19.10.2012 14:57     C:\Users\Uwe\AppData\Local\Temp\plugtmp-50 --------- 0  
     19.10.2012 12:53     C:\Users\Uwe\AppData\Local\Temp\_TSADB0.tmp --------- 0  
     18.10.2012 19:42     C:\Users\Uwe\AppData\Local\Temp\SWVF42D.tmp --------- 0  
     18.10.2012 19:26     C:\Users\Uwe\AppData\Local\Temp\SIntfIcn.ani --------- 4592  
     18.10.2012 19:26     C:\Users\Uwe\AppData\Local\Temp\SIntfNT.dll --------- 24512  
     18.10.2012 19:26     C:\Users\Uwe\AppData\Local\Temp\SIntf32.dll --------- 17212  
     18.10.2012 19:26     C:\Users\Uwe\AppData\Local\Temp\SIntf16.dll --------- 11971  
     18.10.2012 19:26     C:\Users\Uwe\AppData\Local\Temp\CmdLineExt02.dll --------- 36864  
     18.10.2012 01:16     C:\Users\Uwe\AppData\Local\Temp\~DF2226D0E1B0B501A8.TMP --------- 32768  
     17.10.2012 18:48     C:\Users\Uwe\AppData\Local\Temp\~DF292D3026AF04C4A6.TMP --------- 49152  
     17.10.2012 18:34     C:\Users\Uwe\AppData\Local\Temp\plugtmp-49 --------- 0  
     16.10.2012 10:58     C:\Users\Uwe\AppData\Local\Temp\2012-10-17 Einladung Haussenat WS1213.pdf --------- 39208  
     16.10.2012 10:17     C:\Users\Uwe\AppData\Local\Temp\200 --------- 16384  
     16.10.2012 10:17     C:\Users\Uwe\AppData\Local\Temp\198 --------- 16384  
     16.10.2012 09:33     C:\Users\Uwe\AppData\Local\Temp\13 --------- 16384  
     16.10.2012 09:33     C:\Users\Uwe\AppData\Local\Temp\11 --------- 16384  
     15.10.2012 22:04     C:\Users\Uwe\AppData\Local\Temp\WER46CF.tmp.resp.erc.xml --------- 0  
     15.10.2012 17:53     C:\Users\Uwe\AppData\Local\Temp\{cfe5eae1-1e55-4b6d-9fa4-800b4bc09f69} --------- 0  
     15.10.2012 17:42     C:\Users\Uwe\AppData\Local\Temp\PCW4BC7.xml --------- 664  
     15.10.2012 17:42     C:\Users\Uwe\AppData\Local\Temp\PCW4BC7.tmp --------- 0  
     15.10.2012 13:44     C:\Users\Uwe\AppData\Local\Temp\174 --------- 16384  
     15.10.2012 13:44     C:\Users\Uwe\AppData\Local\Temp\org.apache.commons.launcher.heartbeatFile.33162 --------- 0  
     15.10.2012 13:39     C:\Users\Uwe\AppData\Local\Temp\173 --------- 0  
     15.10.2012 10:24     C:\Users\Uwe\AppData\Local\Temp\12 --------- 16384  
     12.10.2012 23:20     C:\Users\Uwe\AppData\Local\Temp\scoped_dir21907 --------- 0  
     12.10.2012 23:20     C:\Users\Uwe\AppData\Local\Temp\scoped_dir668 --------- 0  
     12.10.2012 23:20     C:\Users\Uwe\AppData\Local\Temp\scoped_dir24015 --------- 0  
     12.10.2012 19:51     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20121012_205114566.html --------- 40468  
     12.10.2012 18:26     C:\Users\Uwe\AppData\Local\Temp\scoped_dir31986 --------- 0  
     12.10.2012 18:26     C:\Users\Uwe\AppData\Local\Temp\scoped_dir3579 --------- 0  
     12.10.2012 18:26     C:\Users\Uwe\AppData\Local\Temp\scoped_dir31940 --------- 0  
     12.10.2012 18:26     C:\Users\Uwe\AppData\Local\Temp\scoped_dir26937 --------- 0  
     12.10.2012 18:25     C:\Users\Uwe\AppData\Local\Temp\uxeventlog.txt --------- 1576  
     12.10.2012 18:25     C:\Users\Uwe\AppData\Local\Temp\dd_dotnetfx20install.txt --------- 25834  
     12.10.2012 18:25     C:\Users\Uwe\AppData\Local\Temp\dd_dotnetfx20error.txt --------- 696  
     12.10.2012 18:25     C:\Users\Uwe\AppData\Local\Temp\dd_depcheck_NETFX20_EXP_35.txt --------- 2736  
     12.10.2012 18:25     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistUI7C4B.txt --------- 11456  
     12.10.2012 18:25     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistMSI7C4B.txt --------- 428336  
     12.10.2012 11:52     C:\Users\Uwe\AppData\Local\Temp\_TS7E24.tmp --------- 0  
     11.10.2012 17:36     C:\Users\Uwe\AppData\Local\Temp\plugtmp-48 --------- 0  
     11.10.2012 08:54     C:\Users\Uwe\AppData\Local\Temp\_TS1083.tmp --------- 0  
     10.10.2012 13:14     C:\Users\Uwe\AppData\Local\Temp\BWzbBg4U.pdf.part --------- 15117  
     10.10.2012 13:06     C:\Users\Uwe\AppData\Local\Temp\10 --------- 16384  
     10.10.2012 13:06     C:\Users\Uwe\AppData\Local\Temp\9 --------- 16384  
     10.10.2012 12:33     C:\Users\Uwe\AppData\Local\Temp\plugtmp-47 --------- 0  
     10.10.2012 10:10     C:\Users\Uwe\AppData\Local\Temp\_TS4568.tmp --------- 0  
     09.10.2012 16:15     C:\Users\Uwe\AppData\Local\Temp\~DF8697AD1E9D926B27.TMP --------- 16384  
     05.10.2012 10:30     C:\Users\Uwe\AppData\Local\Temp\JG4empoQ.pdf.part --------- 5497539  
     04.10.2012 12:38     C:\Users\Uwe\AppData\Local\Temp\JavaDeployReg.log --------- 4290  
     04.10.2012 12:38     C:\Users\Uwe\AppData\Local\Temp\RD3B6D.tmp --------- 0  
     03.10.2012 02:29     C:\Users\Uwe\AppData\Local\Temp\plugtmp-46 --------- 0  
     01.10.2012 17:44     C:\Users\Uwe\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe --------- 912880  
     29.09.2012 10:34     C:\Users\Uwe\AppData\Local\Temp\~DF6E60BDA510EBB6F2.TMP --------- 16384  
     28.09.2012 17:05     C:\Users\Uwe\AppData\Local\Temp\DMI6315.tmp --------- 0  
     27.09.2012 19:02     C:\Users\Uwe\AppData\Local\Temp\_TSC218.tmp --------- 0  
     26.09.2012 11:23     C:\Users\Uwe\AppData\Local\Temp\moz_mapi --------- 0  
     25.09.2012 14:40     C:\Users\Uwe\AppData\Local\Temp\tmpDE06.tmp --------- 0  
     24.09.2012 14:15     C:\Users\Uwe\AppData\Local\Temp\plugtmp-45 --------- 0  
     21.09.2012 21:03     C:\Users\Uwe\AppData\Local\Temp\~DF4E19C1BCFE996899.TMP --------- 32768  
     21.09.2012 17:35     C:\Users\Uwe\AppData\Local\Temp\{6058ba4b-3414-44cc-a5de-fe0d475fa3a7} --------- 0  
     20.09.2012 10:23     C:\Users\Uwe\AppData\Local\Temp\plugtmp-44 --------- 0  
     18.09.2012 11:15     C:\Users\Uwe\AppData\Local\Temp\13973165.od --------- 134  
     18.09.2012 11:15     C:\Users\Uwe\AppData\Local\Temp\CVR366F.tmp.cvr --------- 0  
     18.09.2012 10:52     C:\Users\Uwe\AppData\Local\Temp\Xln0ARJq.htm.part --------- 0  
     17.09.2012 18:53     C:\Users\Uwe\AppData\Local\Temp\{628f6609-b1c1-4d8c-aa38-2465f345a2ee} --------- 0  
     17.09.2012 18:53     C:\Users\Uwe\AppData\Local\Temp\{a79db40f-41b2-42b2-8e97-d69d84436952} --------- 0  
     17.09.2012 18:51     C:\Users\Uwe\AppData\Local\Temp\~DF1172705A1B8DAA26.TMP --------- 65536  
     17.09.2012 18:47     C:\Users\Uwe\AppData\Local\Temp\{d601135a-3fc9-45da-bd2f-dedd46dc8ff1} --------- 0  
     17.09.2012 18:47     C:\Users\Uwe\AppData\Local\Temp\{c9adb719-6e42-4142-b57d-ad1313c17257} --------- 0  
     17.09.2012 18:45     C:\Users\Uwe\AppData\Local\Temp\{e4decfb9-4a9a-4317-9125-cfaa4631966e} --------- 0  
     17.09.2012 18:44     C:\Users\Uwe\AppData\Local\Temp\RK0QSsO9.htm.part --------- 0  
     17.09.2012 18:10     C:\Users\Uwe\AppData\Local\Temp\plugtmp-43 --------- 0  
     17.09.2012 11:26     C:\Users\Uwe\AppData\Local\Temp\nsemail-20.eml --------- 425  
     13.09.2012 10:38     C:\Users\Uwe\AppData\Local\Temp\nse85EA.tmp --------- 0  
     13.09.2012 10:31     C:\Users\Uwe\AppData\Local\Temp\_TSEA9C.tmp --------- 0  
     07.09.2012 11:10     C:\Users\Uwe\AppData\Local\Temp\{764b79fe-0c5e-45b7-b8aa-18fe6fc1ae4d} --------- 0  
     07.09.2012 11:10     C:\Users\Uwe\AppData\Local\Temp\PCW36F7.xml --------- 994  
     07.09.2012 11:10     C:\Users\Uwe\AppData\Local\Temp\PCW36F7.tmp --------- 0  
     06.09.2012 15:48     C:\Users\Uwe\AppData\Local\Temp\PCWDC8A.xml --------- 994  
     06.09.2012 15:48     C:\Users\Uwe\AppData\Local\Temp\PCWDC8A.tmp --------- 0  
     06.09.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\e96c025c-0a5c-5846-90db-4f4354515e44.xml --------- 316  
     05.09.2012 10:00     C:\Users\Uwe\AppData\Local\Temp\Excel8.0 --------- 0  
     04.09.2012 09:20     C:\Users\Uwe\AppData\Local\Temp\xfs_C9oj.jpg.part --------- 175514  
     04.09.2012 09:19     C:\Users\Uwe\AppData\Local\Temp\RkXozNNh.jpg.part --------- 116927  
     04.09.2012 09:04     C:\Users\Uwe\AppData\Local\Temp\45189_checkliste_ruecksendung_serienpost.pdf --------- 1536347  
     04.09.2012 08:56     C:\Users\Uwe\AppData\Local\Temp\{1edd8d2e-5c83-42f2-a7e2-4ba01f48a7a1} --------- 0  
     04.09.2012 08:55     C:\Users\Uwe\AppData\Local\Temp\{fe91c436-531a-456f-97a5-c0f4e23c1327} --------- 0  
     04.09.2012 08:54     C:\Users\Uwe\AppData\Local\Temp\{26c2f094-be84-443e-8164-f29f605fc0a6} --------- 0  
     04.09.2012 08:45     C:\Users\Uwe\AppData\Local\Temp\nsemail-21.eml --------- 104070  
     04.09.2012 08:45     C:\Users\Uwe\AppData\Local\Temp\nsemail-19.eml --------- 490  
     04.09.2012 08:45     C:\Users\Uwe\AppData\Local\Temp\nsemail-18.eml --------- 2766751  
     04.09.2012 08:45     C:\Users\Uwe\AppData\Local\Temp\nsemail-17.eml --------- 5901  
     04.09.2012 08:42     C:\Users\Uwe\AppData\Local\Temp\BGInfo.bmp --------- 4196406  
     30.08.2012 14:51     C:\Users\Uwe\AppData\Local\Temp\TGT7AcV1.htm.part --------- 0  
     29.08.2012 20:30     C:\Users\Uwe\AppData\Local\Temp\d3dxMemUsage.csv --------- 0  
     29.08.2012 20:29     C:\Users\Uwe\AppData\Local\Temp\tmp415.tmp --------- 399  
     29.08.2012 13:56     C:\Users\Uwe\AppData\Local\Temp\scoped_dir4385 --------- 0  
     29.08.2012 13:56     C:\Users\Uwe\AppData\Local\Temp\scoped_dir6063 --------- 0  
     29.08.2012 13:56     C:\Users\Uwe\AppData\Local\Temp\scoped_dir16474 --------- 0  
     29.08.2012 13:07     C:\Users\Uwe\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe --------- 908272  
     29.08.2012 12:08     C:\Users\Uwe\AppData\Local\Temp\UCDebugger --------- 0  
     29.08.2012 12:08     C:\Users\Uwe\AppData\Local\Temp\PBWrapper --------- 0  
     29.08.2012 12:07     C:\Users\Uwe\AppData\Local\Temp\DXWrapper --------- 0  
     29.08.2012 12:07     C:\Users\Uwe\AppData\Local\Temp\tmpAEB6.tmp --------- 399  
     29.08.2012 12:04     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistUI6A6A.txt --------- 11426  
     29.08.2012 12:04     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistMSI6A6A.txt --------- 381166  
     29.08.2012 12:02     C:\Users\Uwe\AppData\Local\Temp\MSI3be21.LOG --------- 187696  
     29.08.2012 11:53     C:\Users\Uwe\AppData\Local\Temp\tmp9D0.tmp --------- 399  
     29.08.2012 11:53     C:\Users\Uwe\AppData\Local\Temp\dd_netfx20UI6288.txt --------- 11768  
     28.08.2012 13:26     C:\Users\Uwe\AppData\Local\Temp\plugtmp-42 --------- 0  
     24.08.2012 15:35     C:\Users\Uwe\AppData\Local\Temp\plugtmp-41 --------- 0  
     23.08.2012 10:38     C:\Users\Uwe\AppData\Local\Temp\scoped_dir21510 --------- 0  
     23.08.2012 10:38     C:\Users\Uwe\AppData\Local\Temp\scoped_dir30632 --------- 0  
     23.08.2012 10:38     C:\Users\Uwe\AppData\Local\Temp\scoped_dir8932 --------- 0  
     23.08.2012 10:38     C:\Users\Uwe\AppData\Local\Temp\scoped_dir21474 --------- 0  
     22.08.2012 15:12     C:\Users\Uwe\AppData\Local\Temp\938c3ff7-e66e-7447-8cb1-df8fd7da418b.xml --------- 316  
     21.08.2012 12:49     C:\Users\Uwe\AppData\Local\Temp\_TSA536.tmp --------- 0  
     21.08.2012 12:17     C:\Users\Uwe\AppData\Local\Temp\plugtmp-40 --------- 0  
     17.08.2012 20:23     C:\Users\Uwe\AppData\Local\Temp\{C8386211-2D27-4B9E-9003-A4DF9D3DEBA3} --------- 0  
     05.08.2012 19:32     C:\Users\Uwe\AppData\Local\Temp\plugtmp-39 --------- 0  
     03.08.2012 13:22     C:\Users\Uwe\AppData\Local\Temp\plugtmp-38 --------- 0  
     03.08.2012 12:09     C:\Users\Uwe\AppData\Local\Temp\9.trl --------- 557  
     02.08.2012 15:01     C:\Users\Uwe\AppData\Local\Temp\plugtmp-37 --------- 0  
     01.08.2012 15:02     C:\Users\Uwe\AppData\Local\Temp\_TS7B2.tmp --------- 0  
     01.08.2012 12:04     C:\Users\Uwe\AppData\Local\Temp\8 --------- 16384  
     01.08.2012 12:04     C:\Users\Uwe\AppData\Local\Temp\7 --------- 16384  
     01.08.2012 09:23     C:\Users\Uwe\AppData\Local\Temp\plugtmp-36 --------- 0  
     31.07.2012 17:50     C:\Users\Uwe\AppData\Local\Temp\plugtmp-35 --------- 0  
     31.07.2012 17:17     C:\Users\Uwe\AppData\Local\Temp\SDIAG_143a68cd-b8b2-48bb-8d77-8dbeaef85b8f --------- 0  
     30.07.2012 14:30     C:\Users\Uwe\AppData\Local\Temp\plugtmp-34 --------- 0  
     30.07.2012 09:49     C:\Users\Uwe\AppData\Local\Temp\nsqEF1A.tmp --------- 0  
     27.07.2012 12:53     C:\Users\Uwe\AppData\Local\Temp\6 --------- 16384  
     27.07.2012 12:53     C:\Users\Uwe\AppData\Local\Temp\5 --------- 16384  
     27.07.2012 10:39     C:\Users\Uwe\AppData\Local\Temp\lu --------- 0  
     23.07.2012 14:54     C:\Users\Uwe\AppData\Local\Temp\_TS9BF0.tmp --------- 0  
     23.07.2012 12:24     C:\Users\Uwe\AppData\Local\Temp\hug19DC.tmp --------- 45074  
     23.07.2012 12:24     C:\Users\Uwe\AppData\Local\Temp\hug19BC.tmp --------- 118720  
     23.07.2012 11:41     C:\Users\Uwe\AppData\Local\Temp\nsemail-16.eml --------- 3101  
     23.07.2012 11:41     C:\Users\Uwe\AppData\Local\Temp\nsemail-15.eml --------- 3099  
     23.07.2012 11:41     C:\Users\Uwe\AppData\Local\Temp\nsemail-14.eml --------- 3500  
     23.07.2012 11:41     C:\Users\Uwe\AppData\Local\Temp\nsemail-13.eml --------- 3498  
     23.07.2012 11:36     C:\Users\Uwe\AppData\Local\Temp\~DF5347EB6C4A62A326.TMP --------- 16384  
     22.07.2012 22:11     C:\Users\Uwe\AppData\Local\Temp\ASK26D1.tmp --------- 114344  
     22.07.2012 19:04     C:\Users\Uwe\AppData\Local\Temp\plugtmp-33 --------- 0  
     19.07.2012 08:50     C:\Users\Uwe\AppData\Local\Temp\{714f6cdc-90c2-488f-839f-4123f372acdb} --------- 0  
     19.07.2012 08:42     C:\Users\Uwe\AppData\Local\Temp\{e334ab5f-e362-422f-9994-d7bfcf8dde21} --------- 0  
     19.07.2012 08:39     C:\Users\Uwe\AppData\Local\Temp\{551df048-6508-4b3a-973f-ab39466124cd} --------- 0  
     19.07.2012 08:39     C:\Users\Uwe\AppData\Local\Temp\{d7d82fda-8f08-43b8-a6af-8d7813cebe05} --------- 0  
     19.07.2012 08:05     C:\Users\Uwe\AppData\Local\Temp\{37B06EC5-A2F3-403E-B401-42C95E2CDDE3} --------- 0  
     19.07.2012 08:04     C:\Users\Uwe\AppData\Local\Temp\{7a2b2b3a-2458-43eb-9108-b75b0f655c65} --------- 0  
     19.07.2012 08:04     C:\Users\Uwe\AppData\Local\Temp\{1337A8A4-766C-48CA-B9B4-DA8DA3641A19} --------- 0  
     17.07.2012 18:59     C:\Users\Uwe\AppData\Local\Temp\~DFAB5F96D65F9D33F5.TMP --------- 311296  
     17.07.2012 18:56     C:\Users\Uwe\AppData\Local\Temp\~DF209899D850EFF0C8.TMP --------- 311296  
     17.07.2012 18:37     C:\Users\Uwe\AppData\Local\Temp\nsemail-12.eml --------- 1894  
     17.07.2012 18:37     C:\Users\Uwe\AppData\Local\Temp\nsemail-11.eml --------- 2001  
     17.07.2012 18:37     C:\Users\Uwe\AppData\Local\Temp\nsemail-10.eml --------- 405  
     17.07.2012 15:57     C:\Users\Uwe\AppData\Local\Temp\~DF93557483EB5C2E47.TMP --------- 98304  
     17.07.2012 13:52     C:\Users\Uwe\AppData\Local\Temp\_TSA8BC.tmp --------- 0  
     17.07.2012 12:23     C:\Users\Uwe\AppData\Local\Temp\~DF4F3386C186D96878.TMP --------- 49152  
     16.07.2012 18:11     C:\Users\Uwe\AppData\Local\Temp\~DFEF51564E6FF412E7.TMP --------- 278528  
     16.07.2012 18:07     C:\Users\Uwe\AppData\Local\Temp\{5aecbd9b-c315-4f8f-b345-873f4d2b9ced} --------- 0  
     16.07.2012 18:07     C:\Users\Uwe\AppData\Local\Temp\{b4bd0740-472c-4e04-9a63-f8932bc760b4} --------- 0  
     16.07.2012 18:07     C:\Users\Uwe\AppData\Local\Temp\{36cf6a71-599e-453f-a847-00a6da657282} --------- 0  
     16.07.2012 18:05     C:\Users\Uwe\AppData\Local\Temp\{63d40d0c-afb5-4a2a-b036-3b02747af563} --------- 0  
     16.07.2012 18:05     C:\Users\Uwe\AppData\Local\Temp\{37c6f42c-1098-46b1-b3a6-d78c9363678c} --------- 0  
     16.07.2012 18:04     C:\Users\Uwe\AppData\Local\Temp\{11cabaca-4205-42e6-a012-75ebaf0d330e} --------- 0  
     16.07.2012 18:04     C:\Users\Uwe\AppData\Local\Temp\{b663c409-710d-49e7-9535-3878401a6401} --------- 0  
     16.07.2012 17:32     C:\Users\Uwe\AppData\Local\Temp\DMI147.tmp --------- 0  
     15.07.2012 18:30     C:\Users\Uwe\AppData\Local\Temp\Eine Einfhrung in den Robitkeinsatz in Kernkraftwerken_2012-07-15 Notizen.pdf --------- 2930932  
     14.07.2012 15:00     C:\Users\Uwe\AppData\Local\Temp\~DF5EEF1C5970B664FE.TMP --------- 49152  
     14.07.2012 11:22     C:\Users\Uwe\AppData\Local\Temp\plugtmp-32 --------- 0  
     14.07.2012 07:52     C:\Users\Uwe\AppData\Local\Temp\{7ED0B234-3DD9-43A0-9B78-4BAC2F278293} --------- 0  
     14.07.2012 02:39     C:\Users\Uwe\AppData\Local\Temp\plugtmp-31 --------- 0  
     13.07.2012 18:22     C:\Users\Uwe\AppData\Local\Temp\kreuzbund_ab_konzept_familie_als_system.pdf --------- 88761  
     13.07.2012 11:23     C:\Users\Uwe\AppData\Local\Temp\Flyer_Bewerbungstraining.pdf --------- 199515  
     12.07.2012 10:59     C:\Users\Uwe\AppData\Local\Temp\~DF307919B83E4F56B1.TMP --------- 16384  
     12.07.2012 10:57     C:\Users\Uwe\AppData\Local\Temp\plugtmp-30 --------- 0  
     12.07.2012 10:23     C:\Users\Uwe\AppData\Local\Temp\~DF0AE0752254C8716C.TMP --------- 65536  
     12.07.2012 06:43     C:\Users\Uwe\AppData\Local\Temp\nsemail-9.eml --------- 295970  
     12.07.2012 06:43     C:\Users\Uwe\AppData\Local\Temp\nsemail-8.eml --------- 857  
     12.07.2012 06:43     C:\Users\Uwe\AppData\Local\Temp\nsemail-6.eml --------- 513  
     12.07.2012 06:43     C:\Users\Uwe\AppData\Local\Temp\nsemail-7.eml --------- 620  
     12.07.2012 06:43     C:\Users\Uwe\AppData\Local\Temp\nsemail-5.eml --------- 436  
     11.07.2012 15:14     C:\Users\Uwe\AppData\Local\Temp\plugtmp-29 --------- 0  
     11.07.2012 14:51     C:\Users\Uwe\AppData\Local\Temp\~DF806F6106AA5D465E.TMP --------- 16384  
     11.07.2012 13:01     C:\Users\Uwe\AppData\Local\Temp\~DF6E358924ADADB2E8.TMP --------- 16384  
     11.07.2012 11:25     C:\Users\Uwe\AppData\Local\Temp\plugtmp-28 --------- 0  
     10.07.2012 12:39     C:\Users\Uwe\AppData\Local\Temp\plugtmp-27 --------- 0  
     10.07.2012 09:32     C:\Users\Uwe\AppData\Local\Temp\5.trl --------- 593  
     06.07.2012 04:30     C:\Users\Uwe\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe --------- 910128  
     04.07.2012 14:13     C:\Users\Uwe\AppData\Local\Temp\_TS3052.tmp --------- 0  
     04.07.2012 14:13     C:\Users\Uwe\AppData\Local\Temp\319380.od --------- 134  
     04.07.2012 14:13     C:\Users\Uwe\AppData\Local\Temp\CVRDF56.tmp.cvr --------- 0  
     04.07.2012 09:32     C:\Users\Uwe\AppData\Local\Temp\plugtmp-26 --------- 0  
     04.07.2012 08:52     C:\Users\Uwe\AppData\Local\Temp\4 --------- 16384  
     04.07.2012 08:52     C:\Users\Uwe\AppData\Local\Temp\org.apache.commons.launcher.heartbeatFile.45149 --------- 0  
     04.07.2012 08:52     C:\Users\Uwe\AppData\Local\Temp\3 --------- 16384  
     04.07.2012 08:52     C:\Users\Uwe\AppData\Local\Temp\2 --------- 16384  
     03.07.2012 15:31     C:\Users\Uwe\AppData\Local\Temp\_TS99A0.tmp --------- 0  
     03.07.2012 14:35     C:\Users\Uwe\AppData\Local\Temp\_TS8229.tmp --------- 0  
     03.07.2012 12:18     C:\Users\Uwe\AppData\Local\Temp\~DFE69504B3ADE5BC4F.TMP --------- 16384  
     02.07.2012 17:56     C:\Users\Uwe\AppData\Local\Temp\{71EBCA64-B01E-4340-9BDA-B280409ABD3F} --------- 0  
     02.07.2012 13:50     C:\Users\Uwe\AppData\Local\Temp\_TS4BE2.tmp --------- 0  
     02.07.2012 13:14     C:\Users\Uwe\AppData\Local\Temp\{bc4c76a9-6696-410e-a2ef-74fb13582a7e} --------- 0  
     29.06.2012 19:48     C:\Users\Uwe\AppData\Local\Temp\plugtmp-25 --------- 0  
     29.06.2012 13:17     C:\Users\Uwe\AppData\Local\Temp\MK5l7C4R.gz.part --------- 1490  
     29.06.2012 13:17     C:\Users\Uwe\AppData\Local\Temp\uzYEzlug.gz.part --------- 1490  
     29.06.2012 13:17     C:\Users\Uwe\AppData\Local\Temp\CPOMB3ks.gz.part --------- 1490  
     29.06.2012 13:17     C:\Users\Uwe\AppData\Local\Temp\NCw20UsK.gz.part --------- 1490  
     29.06.2012 13:17     C:\Users\Uwe\AppData\Local\Temp\bFU5mRDL.gz.part --------- 1490  
     29.06.2012 13:17     C:\Users\Uwe\AppData\Local\Temp\WbJkCwkC.gz.part --------- 1490  
     29.06.2012 09:16     C:\Users\Uwe\AppData\Local\Temp\_TS7FF9.tmp --------- 0  
     29.06.2012 08:45     C:\Users\Uwe\AppData\Local\Temp\mfc42.dll --------- 995383  
     29.06.2012 08:45     C:\Users\Uwe\AppData\Local\Temp\ptcCF40_tmp.exe --------- 9971712  
     28.06.2012 13:41     C:\Users\Uwe\AppData\Local\Temp\_TSEB78.tmp --------- 0  
     28.06.2012 09:40     C:\Users\Uwe\AppData\Local\Temp\_TSC89C.tmp --------- 0  
     25.06.2012 15:23     C:\Users\Uwe\AppData\Local\Temp\mozilla-media-cache --------- 0  
     23.06.2012 21:14     C:\Users\Uwe\AppData\Local\Temp\plugtmp-24 --------- 0  
     23.06.2012 19:08     C:\Users\Uwe\AppData\Local\Temp\Low --------- 0  
     23.06.2012 19:05     C:\Users\Uwe\AppData\Local\Temp\4517976.od --------- 134  
     23.06.2012 19:05     C:\Users\Uwe\AppData\Local\Temp\CVRF00A.tmp.cvr --------- 0  
     20.06.2012 19:40     C:\Users\Uwe\AppData\Local\Temp\{6CB074C7-8D8C-411A-9DCD-8B19C7295D65} --------- 0  
     19.06.2012 15:23     C:\Users\Uwe\AppData\Local\Temp\Anfahrtskizze_Lohr.pdf --------- 379859  
     18.06.2012 11:37     C:\Users\Uwe\AppData\Local\Temp\R999000062_EasyHandling_2012_01_Media.pdf --------- 9121578  
     15.06.2012 17:27     C:\Users\Uwe\AppData\Local\Temp\JF+PMBIn.JPG.part --------- 5034496  
     15.06.2012 14:25     C:\Users\Uwe\AppData\Local\Temp\Anf_Ratingen_201010.pdf --------- 143133  
     14.06.2012 16:10     C:\Users\Uwe\AppData\Local\Temp\plugtmp-23 --------- 0  
     11.06.2012 07:42     C:\Users\Uwe\AppData\Local\Temp\u0oNoSth.doc.part --------- 287232  
     08.06.2012 18:39     C:\Users\Uwe\AppData\Local\Temp\plugtmp-22 --------- 0  
     08.06.2012 10:37     C:\Users\Uwe\AppData\Local\Temp\ws_Crypto_20120608_0.log --------- 112  
     07.06.2012 12:30     C:\Users\Uwe\AppData\Local\Temp\plugtmp-21 --------- 0  
     05.06.2012 07:45     C:\Users\Uwe\AppData\Local\Temp\nsemail-3.eml --------- 7147144  
     05.06.2012 07:45     C:\Users\Uwe\AppData\Local\Temp\nsemail-4.eml --------- 1998  
     31.05.2012 18:33     C:\Users\Uwe\AppData\Local\Temp\plugtmp-20 --------- 0  
     31.05.2012 13:12     C:\Users\Uwe\AppData\Local\Temp\_TSFC6C.tmp --------- 0  
     29.05.2012 18:04     C:\Users\Uwe\AppData\Local\Temp\~DFED9B490AF8CAE709.TMP --------- 65536  
     29.05.2012 17:21     C:\Users\Uwe\AppData\Local\Temp\DMICAEF.tmp --------- 0  
     29.05.2012 09:54     C:\Users\Uwe\AppData\Local\Temp\Studienbescheinigung_273490_29.05.2012.pdf --------- 100584  
     28.05.2012 13:33     C:\Users\Uwe\AppData\Local\Temp\plugtmp-19 --------- 0  
     28.05.2012 10:47     C:\Users\Uwe\AppData\Local\Temp\Einladung_Breuer-1.pdf --------- 118396  
     28.05.2012 09:59     C:\Users\Uwe\AppData\Local\Temp\Reisekostenformular-1.pdf --------- 162619  
     28.05.2012 09:58     C:\Users\Uwe\AppData\Local\Temp\Einladung_Breuer.pdf --------- 118396  
     27.05.2012 20:54     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20120527_215437305.html --------- 74494  
     27.05.2012 20:54     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20120527_215437305-MSI_vc_red.msi.txt --------- 774120  
     27.05.2012 20:54     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219 --------- 0  
     27.05.2012 20:54     C:\Users\Uwe\AppData\Local\Temp\{b2b6d82e-b9a4-447e-91f1-e948c95a64c4} --------- 0  
     27.05.2012 20:12     C:\Users\Uwe\AppData\Local\Temp\ws_Crypto_20120527_0.log --------- 112  
     24.05.2012 20:52     C:\Users\Uwe\AppData\Local\Temp\Silverlight0.log --------- 634  
     24.05.2012 20:41     C:\Users\Uwe\AppData\Local\Temp\plugtmp-18 --------- 0  
     23.05.2012 18:57     C:\Users\Uwe\AppData\Local\Temp\Reisekostenformular.pdf --------- 162619  
     21.05.2012 21:29     C:\Users\Uwe\AppData\Local\Temp\Alias_Edit_Temp.sat --------- 38388  
     21.05.2012 21:28     C:\Users\Uwe\AppData\Local\Temp\ACIA8417.ac$ --------- 0  
     21.05.2012 21:24     C:\Users\Uwe\AppData\Local\Temp\ACIB595A.ac$ --------- 0  
     21.05.2012 20:09     C:\Users\Uwe\AppData\Local\Temp\ws_Crypto_20120521_0.log --------- 112  
     21.05.2012 19:58     C:\Users\Uwe\AppData\Local\Temp\InventorRegistrationLog_20120521205857_00000029.log --------- 535  
     21.05.2012 19:58     C:\Users\Uwe\AppData\Local\Temp\Inventor Fusion 2012 Temporary Files --------- 0  
     21.05.2012 19:58     C:\Users\Uwe\AppData\Local\Temp\ACIS.ac$ --------- 0  
     15.05.2012 13:31     C:\Users\Uwe\AppData\Local\Temp\~DF517614DD382E9AB7.TMP --------- 16384  
     14.05.2012 18:51     C:\Users\Uwe\AppData\Local\Temp\plugtmp-17 --------- 0  
     14.05.2012 10:08     C:\Users\Uwe\AppData\Local\Temp\98F5.dir --------- 0  
     14.05.2012 10:07     C:\Users\Uwe\AppData\Local\Temp\98F5.tmp --------- 0  
     14.05.2012 10:05     C:\Users\Uwe\AppData\Local\Temp\DMI6C0B.tmp --------- 0  
     14.05.2012 10:03     C:\Users\Uwe\AppData\Local\Temp\plugtmp-16 --------- 0  
     13.05.2012 22:04     C:\Users\Uwe\AppData\Local\Temp\{3c8129a1-470c-4638-878f-fa1bd8915ed6} --------- 0  
     13.05.2012 22:03     C:\Users\Uwe\AppData\Local\Temp\scoped_dir16110 --------- 0  
     13.05.2012 22:03     C:\Users\Uwe\AppData\Local\Temp\scoped_dir14657 --------- 0  
     13.05.2012 22:03     C:\Users\Uwe\AppData\Local\Temp\scoped_dir24723 --------- 0  
     13.05.2012 22:03     C:\Users\Uwe\AppData\Local\Temp\scoped_dir16084 --------- 0  
     13.05.2012 21:25     C:\Users\Uwe\AppData\Local\Temp\LuUpdater.log --------- 0  
     13.05.2012 21:24     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistUI210B.txt --------- 11426  
     13.05.2012 21:24     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistMSI210B.txt --------- 361946  
     13.05.2012 21:24     C:\Users\Uwe\AppData\Local\Temp\Logishrd --------- 0  
     13.05.2012 21:23     C:\Users\Uwe\AppData\Local\Temp\Logitech --------- 0  
     10.05.2012 16:57     C:\Users\Uwe\AppData\Local\Temp\tmp-xo5.xpi --------- 140964  
     10.05.2012 10:15     C:\Users\Uwe\AppData\Local\Temp\scoped_dir17907 --------- 0  
     10.05.2012 10:15     C:\Users\Uwe\AppData\Local\Temp\scoped_dir23376 --------- 0  
     10.05.2012 10:15     C:\Users\Uwe\AppData\Local\Temp\scoped_dir13990 --------- 0  
     09.05.2012 19:05     C:\Users\Uwe\AppData\Local\Temp\scoped_dir32203 --------- 0  
     09.05.2012 19:04     C:\Users\Uwe\AppData\Local\Temp\scoped_dir30627 --------- 0  
     09.05.2012 19:04     C:\Users\Uwe\AppData\Local\Temp\scoped_dir9295 --------- 0  
     09.05.2012 19:04     C:\Users\Uwe\AppData\Local\Temp\scoped_dir32170 --------- 0  
     09.05.2012 16:48     C:\Users\Uwe\AppData\Local\Temp\scoped_dir5546 --------- 0  
     09.05.2012 16:48     C:\Users\Uwe\AppData\Local\Temp\scoped_dir22758 --------- 0  
     09.05.2012 16:48     C:\Users\Uwe\AppData\Local\Temp\scoped_dir5513 --------- 0  
     09.05.2012 16:48     C:\Users\Uwe\AppData\Local\Temp\scoped_dir22995 --------- 0  
     09.05.2012 16:44     C:\Users\Uwe\AppData\Local\Temp\WERB7F5.tmp.txt --------- 37647  
     09.05.2012 16:44     C:\Users\Uwe\AppData\Local\Temp\WERB72E.tmp.cab --------- 36721  
     09.05.2012 16:44     C:\Users\Uwe\AppData\Local\Temp\WERB71E.tmp.WERInternalMetadata.xml --------- 1898  
     09.05.2012 16:44     C:\Users\Uwe\AppData\Local\Temp\WER-27159-0.sysdata.xml --------- 233964  
     09.05.2012 16:41     C:\Users\Uwe\AppData\Local\Temp\DMI28E3.tmp --------- 0  
     08.05.2012 22:52     C:\Users\Uwe\AppData\Local\Temp\scoped_dir23962 --------- 0  
     08.05.2012 22:52     C:\Users\Uwe\AppData\Local\Temp\scoped_dir23933 --------- 0  
     08.05.2012 22:52     C:\Users\Uwe\AppData\Local\Temp\scoped_dir18877 --------- 0  
     08.05.2012 22:52     C:\Users\Uwe\AppData\Local\Temp\scoped_dir23929 --------- 0  
     08.05.2012 22:02     C:\Users\Uwe\AppData\Local\Temp\scoped_dir25035 --------- 0  
     08.05.2012 22:02     C:\Users\Uwe\AppData\Local\Temp\scoped_dir7667 --------- 0  
     08.05.2012 22:02     C:\Users\Uwe\AppData\Local\Temp\scoped_dir14110 --------- 0  
     08.05.2012 17:50     C:\Users\Uwe\AppData\Local\Temp\scoped_dir30270 --------- 0  
     08.05.2012 17:49     C:\Users\Uwe\AppData\Local\Temp\scoped_dir28449 --------- 0  
     08.05.2012 17:49     C:\Users\Uwe\AppData\Local\Temp\scoped_dir22610 --------- 0  
     08.05.2012 17:49     C:\Users\Uwe\AppData\Local\Temp\scoped_dir30241 --------- 0  
     07.05.2012 10:40     C:\Users\Uwe\AppData\Local\Temp\scoped_dir24480 --------- 0  
     02.05.2012 20:58     C:\Users\Uwe\AppData\Local\Temp\plugtmp-15 --------- 0  
     02.05.2012 18:28     C:\Users\Uwe\AppData\Local\Temp\~DFC8D9ECDE31EC0ED8.TMP --------- 16384  
     02.05.2012 14:36     C:\Users\Uwe\AppData\Local\Temp\645_035.pdf --------- 277378  
     02.05.2012 01:56     C:\Users\Uwe\AppData\Local\Temp\ts3U5B8e.htm.part --------- 0  
     02.05.2012 01:56     C:\Users\Uwe\AppData\Local\Temp\kGudZUK+.htm.part --------- 0  
     26.04.2012 21:21     C:\Users\Uwe\AppData\Local\Temp\msohtmlclip --------- 0  
     26.04.2012 15:46     C:\Users\Uwe\AppData\Local\Temp\VBE --------- 0  
     26.04.2012 15:46     C:\Users\Uwe\AppData\Local\Temp\8243280.od --------- 134  
     26.04.2012 15:46     C:\Users\Uwe\AppData\Local\Temp\CVRC811.tmp.cvr --------- 0  
     26.04.2012 00:24     C:\Users\Uwe\AppData\Local\Temp\plugtmp-14 --------- 0  
     19.04.2012 18:43     C:\Users\Uwe\AppData\Local\Temp\68_NcAZU.htm.part --------- 0  
     19.04.2012 18:02     C:\Users\Uwe\AppData\Local\Temp\9Oul8+vB.htm.part --------- 0  
     10.04.2012 22:24     C:\Users\Uwe\AppData\Local\Temp\KB2656368_20120410_232202498.html --------- 58916  
     10.04.2012 22:24     C:\Users\Uwe\AppData\Local\Temp\KB2656368_20120410_232202498-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 19521276  
     10.04.2012 22:22     C:\Users\Uwe\AppData\Local\Temp\KB2656368_10.0.30319 --------- 0  
     10.04.2012 22:22     C:\Users\Uwe\AppData\Local\Temp\dd_clwireg.txt --------- 15203  
     10.04.2012 21:10     C:\Users\Uwe\AppData\Local\Temp\SilverlightMSI.log --------- 1532550  
     10.04.2012 06:41     C:\Users\Uwe\AppData\Local\Temp\CUMD welding_flyer.pdf --------- 386567  
     09.04.2012 21:12     C:\Users\Uwe\AppData\Local\Temp\OIS --------- 0  
     09.04.2012 21:12     C:\Users\Uwe\AppData\Local\Temp\622272.manifest --------- 2950  
     09.04.2012 21:12     C:\Users\Uwe\AppData\Local\Temp\622163.cvr --------- 2184  
     09.04.2012 11:38     C:\Users\Uwe\AppData\Local\Temp\OneNoteRuntimeCache --------- 0  
     09.04.2012 11:38     C:\Users\Uwe\AppData\Local\Temp\OneNote_MigrationLog.txt --------- 62  
     09.04.2012 11:33     C:\Users\Uwe\AppData\Local\Temp\SetupExe(20120409122745FCC).log --------- 85630  
     05.04.2012 13:11     C:\Users\Uwe\AppData\Local\Temp\plugtmp-13 --------- 0  
     04.04.2012 17:49     C:\Users\Uwe\AppData\Local\Temp\plugtmp-12 --------- 0  
     04.04.2012 15:09     C:\Users\Uwe\AppData\Local\Temp\11752148.od --------- 134  
     04.04.2012 15:09     C:\Users\Uwe\AppData\Local\Temp\CVR51EA.tmp.cvr --------- 0  
     04.04.2012 11:53     C:\Users\Uwe\AppData\Local\Temp\WER99F2.tmp.WERInternalMetadata.xml --------- 2970  
     04.04.2012 11:53     C:\Users\Uwe\AppData\Local\Temp\WER9781.tmp.appcompat.txt --------- 54014  
     04.04.2012 11:52     C:\Users\Uwe\AppData\Local\Temp\plugtmp-11 --------- 0  
     03.04.2012 08:09     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistUI0B44.txt --------- 11392  
     03.04.2012 08:09     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistMSI0B44.txt --------- 366232  
     03.04.2012 08:09     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistUI0B3E.txt --------- 11408  
     03.04.2012 08:09     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistMSI0B3E.txt --------- 355194  
     01.04.2012 22:10     C:\Users\Uwe\AppData\Local\Temp\123D Catch BetaTemp --------- 0  
     01.04.2012 14:58     C:\Users\Uwe\AppData\Local\Temp\InventorRegistrationLog_20120401155757_00000029.log --------- 535  
     01.04.2012 14:57     C:\Users\Uwe\AppData\Local\Temp\Autodesk Inventor Suite 2012 Setup.log --------- 27586  
     01.04.2012 14:52     C:\Users\Uwe\AppData\Local\Temp\FUSION4INVADDINS2012Install (de-de).log --------- 243656  
     01.04.2012 14:51     C:\Users\Uwe\AppData\Local\Temp\FUSION4INVADDINS2012Install.log --------- 229444  
     01.04.2012 14:51     C:\Users\Uwe\AppData\Local\Temp\Inventor Fusion 2012 Install (de-de).log --------- 1107640  
     01.04.2012 14:51     C:\Users\Uwe\AppData\Local\Temp\Media.idt --------- 147  
     01.04.2012 14:51     C:\Users\Uwe\AppData\Local\Temp\Inventor Fusion 2012 Install.log --------- 4503224  
     01.04.2012 14:49     C:\Users\Uwe\AppData\Local\Temp\Autodesk Vault 2012 Install (de-de).log --------- 3812900  
     01.04.2012 14:49     C:\Users\Uwe\AppData\Local\Temp\Autodesk Vault 2012 Install.log --------- 7616320  
     01.04.2012 14:48     C:\Users\Uwe\AppData\Local\Temp\DWG TrueView 2012 Install.log --------- 7531954  
     01.04.2012 14:46     C:\Users\Uwe\AppData\Local\Temp\DCLibraryInstall.log --------- 138150  
     01.04.2012 14:44     C:\Users\Uwe\AppData\Local\Temp\Granta Install.log --------- 823806  
     01.04.2012 14:44     C:\Users\Uwe\AppData\Local\Temp\Inventor2012Install (de-de).log --------- 21439960  
     01.04.2012 14:44     C:\Users\Uwe\AppData\Local\Temp\InventorRegistrationLog_20120401154421_00000029.log --------- 2627  
     01.04.2012 14:44     C:\Users\Uwe\AppData\Local\Temp\InventorViewCompute --------- 0  
     01.04.2012 14:44     C:\Users\Uwe\AppData\Local\Temp\InventorRegistrationLog_20120401154406_00000029.log --------- 1197  
     01.04.2012 14:41     C:\Users\Uwe\AppData\Local\Temp\Inventor2012Install.log --------- 20771892  
     01.04.2012 14:41     C:\Users\Uwe\AppData\Local\Temp\SysN_Autodesk Robot Structural Analysis Engine.log --------- 6667  
     01.04.2012 14:36     C:\Users\Uwe\AppData\Local\Temp\MSChart.htm --------- 61214  
     01.04.2012 14:36     C:\Users\Uwe\AppData\Local\Temp\MSChart-MSI_DataVisualization_SetupCore.msi.txt --------- 120606  
     01.04.2012 14:36     C:\Users\Uwe\AppData\Local\Temp\Microsoft Chart Controls for Microsoft .NET Framework 3.5 --------- 0  
     01.04.2012 14:36     C:\Users\Uwe\AppData\Local\Temp\MaterialLibrary2012CMILL.log --------- 2135996  
     01.04.2012 14:36     C:\Users\Uwe\AppData\Local\Temp\WSE30_setupLog.log --------- 176376  
     01.04.2012 14:35     C:\Users\Uwe\AppData\Local\Temp\MaterialLibrary2012CMILB.log --------- 2133406  
     01.04.2012 14:35     C:\Users\Uwe\AppData\Local\Temp\MaterialLibrary2012CM.log --------- 4034770  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\Autodesk Design Review 2012 Install.log --------- 1341894  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\DWFFilt.00.log --------- 218  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\WhipFilt.00.log --------- 218  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\setupverifier_main_04-01-12_15.34.08.txt --------- 196662  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\setupverifier_errors_04-01-12_15.34.08.txt --------- 1123  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\dd_dotNetFx40_Full_x86_x64_decompression_log.txt --------- 1167  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20120401_153259515.html --------- 682534  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\dd_SetupUtility.txt --------- 660  
     01.04.2012 14:34     C:\Users\Uwe\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20120401_153259515-MSI_netfx_Extended_x64.msi.txt --------- 3484118  
     01.04.2012 14:33     C:\Users\Uwe\AppData\Local\Temp\ASPNETSetup_00001.log --------- 3432  
     01.04.2012 14:33     C:\Users\Uwe\AppData\Local\Temp\ASPNETSetup_00000.log --------- 4716  
     01.04.2012 14:33     C:\Users\Uwe\AppData\Local\Temp\RGIE121.tmp --------- 10668  
     01.04.2012 14:33     C:\Users\Uwe\AppData\Local\Temp\RGIE121.tmp-tmp --------- 9234  
     01.04.2012 14:33     C:\Users\Uwe\AppData\Local\Temp\dd_wcf_CA_smci_20120401_133324_268.txt --------- 4572  
     01.04.2012 14:33     C:\Users\Uwe\AppData\Local\Temp\dd_wcf_CA_smci_20120401_133322_814.txt --------- 7940  
     01.04.2012 14:32     C:\Users\Uwe\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319 --------- 0  
     01.04.2012 14:32     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20120401_153244243.html --------- 74458  
     01.04.2012 14:32     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20120401_153244243-MSI_vc_red.msi.txt --------- 264804  
     01.04.2012 14:32     C:\Users\Uwe\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.30319 --------- 0  
     01.04.2012 14:30     C:\Users\Uwe\AppData\Local\Temp\setupverifier_errors_04-01-12_15.30.41.txt --------- 102781  
     01.04.2012 14:30     C:\Users\Uwe\AppData\Local\Temp\setupverifier_main_04-01-12_15.30.41.txt --------- 196138  
     01.04.2012 14:30     C:\Users\Uwe\AppData\Local\Temp\setupverifier_errors_04-01-12_15.30.25.txt --------- 571  
     01.04.2012 14:30     C:\Users\Uwe\AppData\Local\Temp\setupverifier_main_04-01-12_15.30.25.txt --------- 149364  
     01.04.2012 12:39     C:\Users\Uwe\AppData\Local\Temp\Studienbescheinigung_273490_01.04.2012.pdf --------- 100580  
     31.03.2012 17:42     C:\Users\Uwe\AppData\Local\Temp\plugtmp-10 --------- 0  
     27.03.2012 21:32     C:\Users\Uwe\AppData\Local\Temp\All_CPU_Meter_V3.5.gadget.~0000 --------- 118270  
     27.03.2012 21:32     C:\Users\Uwe\AppData\Local\Temp\All_CPU_Meter_V3.5.gadget.~0001 --------- 118270  
     27.03.2012 21:32     C:\Users\Uwe\AppData\Local\Temp\GPU_Meter_V1.1.gadget.~0000 --------- 546907  
     27.03.2012 21:31     C:\Users\Uwe\AppData\Local\Temp\Piano.gadget.~0000 --------- 416196  
     27.03.2012 21:30     C:\Users\Uwe\AppData\Local\Temp\Control_System_With_Clock.gadget.~0000 --------- 150066  
     27.03.2012 21:30     C:\Users\Uwe\AppData\Local\Temp\Drives_Meter_V2.2.gadget.~0000 --------- 80788  
     27.03.2012 21:23     C:\Users\Uwe\AppData\Local\Temp\Gast.bmp --------- 49208  
     27.03.2012 21:13     C:\Users\Uwe\AppData\Local\Temp\18FEBC40-93A5-4F97-9730-8F896DD3B74D --------- 0  
     27.03.2012 21:09     C:\Users\Uwe\AppData\Local\Temp\PrintPreview.hta --------- 36524  
     22.03.2012 21:26     C:\Users\Uwe\AppData\Local\Temp\DMIA7D5.tmp --------- 0  
     22.03.2012 21:26     C:\Users\Uwe\AppData\Local\Temp\DMI6BCE.tmp --------- 0  
     22.03.2012 21:26     C:\Users\Uwe\AppData\Local\Temp\DMI3AA0.tmp --------- 0  
     22.03.2012 21:25     C:\Users\Uwe\AppData\Local\Temp\HSPA_Modem_Datacard_Setup.log --------- 102577  
     22.03.2012 20:46     C:\Users\Uwe\AppData\Local\Temp\VmbServiceConfig.log --------- 60  
     22.03.2012 20:46     C:\Users\Uwe\AppData\Local\Temp\preinstlog.txt --------- 62762  
     22.03.2012 20:44     C:\Users\Uwe\AppData\Local\Temp\bmqwsd123cv54.ini --------- 1688  
     22.03.2012 20:41     C:\Users\Uwe\AppData\Local\Temp\setup_vmb_full.log --------- 373  
     22.03.2012 20:26     C:\Users\Uwe\AppData\Local\Temp\DMI22DB.tmp --------- 0  
     22.03.2012 18:51     C:\Users\Uwe\AppData\Local\Temp\plugtmp-9 --------- 0  
     21.03.2012 18:12     C:\Users\Uwe\AppData\Local\Temp\plugtmp-8 --------- 0  
     20.03.2012 16:54     C:\Users\Uwe\AppData\Local\Temp\nsemail-2.eml --------- 2418  
     19.03.2012 20:04     C:\Users\Uwe\AppData\Local\Temp\accesstest.tmp --------- 0  
     13.03.2012 15:25     C:\Users\Uwe\AppData\Local\Temp\D03B.tmp --------- 0  
     13.03.2012 15:25     C:\Users\Uwe\AppData\Local\Temp\8E7A.dir --------- 0  
     13.03.2012 15:24     C:\Users\Uwe\AppData\Local\Temp\8E7A.tmp --------- 0  
     10.03.2012 11:44     C:\Users\Uwe\AppData\Local\Temp\FXSTIFFDebugLogFile.txt --------- 0  
     10.03.2012 08:58     C:\Users\Uwe\AppData\Local\Temp\plugtmp-7 --------- 0  
     08.03.2012 14:11     C:\Users\Uwe\AppData\Local\Temp\plugtmp-6 --------- 0  
     08.03.2012 10:53     C:\Users\Uwe\AppData\Local\Temp\GXbJxEjM.pdf.part --------- 1444829  
     08.03.2012 10:47     C:\Users\Uwe\AppData\Local\Temp\~DFC97D7525BEC89981.TMP --------- 65536  
     08.03.2012 10:25     C:\Users\Uwe\AppData\Local\Temp\plugtmp-5 --------- 0  
     08.03.2012 09:00     C:\Users\Uwe\AppData\Local\Temp\DMI117D.tmp --------- 0  
     08.03.2012 08:58     C:\Users\Uwe\AppData\Local\Temp\JETC042.tmp --------- 0  
     06.03.2012 17:36     C:\Users\Uwe\AppData\Local\Temp\Temp1_mwconn.zip --------- 0  
     06.03.2012 17:33     C:\Users\Uwe\AppData\Local\Temp\plugtmp-4 --------- 0  
     06.03.2012 15:56     C:\Users\Uwe\AppData\Local\Temp\DMI2CAB.tmp --------- 0  
     06.03.2012 15:49     C:\Users\Uwe\AppData\Local\Temp\au-descriptor-1.6.0_31-b74.xml --------- 7802  
     06.03.2012 06:11     C:\Users\Uwe\AppData\Local\Temp\PCW447C.xml --------- 740  
     06.03.2012 06:11     C:\Users\Uwe\AppData\Local\Temp\PCW447C.tmp --------- 0  
     06.03.2012 06:10     C:\Users\Uwe\AppData\Local\Temp\{f86f017c-ff1c-4bd2-b472-447696d7e28c} --------- 0  
     05.03.2012 22:48     C:\Users\Uwe\AppData\Local\Temp\motsetup.log --------- 1548  
     05.03.2012 18:08     C:\Users\Uwe\AppData\Local\Temp\BBA1.tmp --------- 0  
     04.03.2012 21:29     C:\Users\Uwe\AppData\Local\Temp\nsemail.eml --------- 2901741  
     04.03.2012 21:29     C:\Users\Uwe\AppData\Local\Temp\nsemail-1.eml --------- 2851354  
     04.03.2012 21:01     C:\Users\Uwe\AppData\Local\Temp\plugtmp-3 --------- 0  
     03.03.2012 18:25     C:\Users\Uwe\AppData\Local\Temp\yX4rxq3q.zip.part --------- 2256351  
     26.02.2012 16:12     C:\Users\Uwe\AppData\Local\Temp\~DFF2939F0BD4F2188C.TMP --------- 32768  
     26.02.2012 15:46     C:\Users\Uwe\AppData\Local\Temp\~DF7A7330CA650115CF.TMP --------- 32768  
     26.02.2012 13:11     C:\Users\Uwe\AppData\Local\Temp\DMID586.tmp --------- 0  
     26.02.2012 13:10     C:\Users\Uwe\AppData\Local\Temp\DMI77DD.tmp --------- 0  
     26.02.2012 12:36     C:\Users\Uwe\AppData\Local\Temp\DMIA3DC.tmp --------- 0  
     26.02.2012 12:35     C:\Users\Uwe\AppData\Local\Temp\DMI297F.tmp --------- 0  
     26.02.2012 12:27     C:\Users\Uwe\AppData\Local\Temp\nsa3BEA.tmp --------- 0  
     26.02.2012 11:56     C:\Users\Uwe\AppData\Local\Temp\nsyA97A.tmp --------- 0  
     26.02.2012 11:53     C:\Users\Uwe\AppData\Local\Temp\nss9F2E.tmp --------- 0  
     25.02.2012 16:48     C:\Users\Uwe\AppData\Local\Temp\fontconfig --------- 0  
     20.02.2012 16:45     C:\Users\Uwe\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe --------- 909600  
     19.02.2012 20:47     C:\Users\Uwe\AppData\Local\Temp\par-Uwe --------- 0  
     19.02.2012 11:19     C:\Users\Uwe\AppData\Local\Temp\plugtmp-2 --------- 0  
     17.02.2012 18:36     C:\Users\Uwe\AppData\Local\Temp\{70FF7DF1-E69E-47df-9AA6-F062FADD6146} --------- 0  
     13.02.2012 23:01     C:\Users\Uwe\AppData\Local\Temp\plugtmp-1 --------- 0  
     12.02.2012 00:06     C:\Users\Uwe\AppData\Local\Temp\~DF62BC705D3FB92425.TMP --------- 32768  
     11.02.2012 15:29     C:\Users\Uwe\AppData\Local\Temp\Panasonic-Datenblatt.pdf --------- 329213  
     11.02.2012 14:24     C:\Users\Uwe\AppData\Local\Temp\MMCache525593960_2 --------- 0  
     07.02.2012 23:14     C:\Users\Uwe\AppData\Local\Temp\plugtmp --------- 0  
     05.02.2012 17:58     C:\Users\Uwe\AppData\Local\Temp\~DF5AFB02AB7D62067E.TMP --------- 16384  
     31.01.2012 14:14     C:\Users\Uwe\AppData\Local\Temp\scoped_dir27664 --------- 0  
     31.01.2012 14:14     C:\Users\Uwe\AppData\Local\Temp\scoped_dir26782 --------- 0  
     30.01.2012 15:01     C:\Users\Uwe\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 1061  
     28.01.2012 13:55     C:\Users\Uwe\AppData\Local\Temp\_ir_sf_temp_0 --------- 0  
     27.01.2012 01:22     C:\Users\Uwe\AppData\Local\Temp\{9DF49A57-BFFD-4DF6-81B0-FE3E64B40F3C} --------- 0  
     27.01.2012 01:20     C:\Users\Uwe\AppData\Local\Temp\drm_dialogs.dll --------- 65536  
     27.01.2012 01:20     C:\Users\Uwe\AppData\Local\Temp\drm_dyndata_7400009.dll --------- 204800  
     24.01.2012 18:36     C:\Users\Uwe\AppData\Local\Temp\MMCache525593960_1 --------- 0  
     23.01.2012 19:44     C:\Users\Uwe\AppData\Local\Temp\AUCHECK_CORE.txt --------- 302  
     23.01.2012 18:51     C:\Users\Uwe\AppData\Local\Temp\DMI4950.tmp --------- 0  
     23.01.2012 18:43     C:\Users\Uwe\AppData\Local\Temp\OutofProcReport5593569.txt --------- 1636  
     23.01.2012 18:39     C:\Users\Uwe\AppData\Local\Temp\DMI44A0.tmp --------- 0  
     23.01.2012 18:39     C:\Users\Uwe\AppData\Local\Temp\DMI207C.tmp --------- 0  
     23.01.2012 18:38     C:\Users\Uwe\AppData\Local\Temp\DMIEFAC.tmp --------- 0  
     23.01.2012 17:29     C:\Users\Uwe\AppData\Local\Temp\DMIAAA.tmp --------- 0  
     22.01.2012 20:29     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistUI47B8.txt --------- 11680  
     22.01.2012 20:29     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistMSI47B8.txt --------- 414774  
     22.01.2012 20:29     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistUI477E.txt --------- 11728  
     22.01.2012 20:29     C:\Users\Uwe\AppData\Local\Temp\dd_vcredistMSI477E.txt --------- 403576  
     21.01.2012 00:48     C:\Users\Uwe\AppData\Local\Temp\{9b5e3976-46cd-4254-ab7f-b2f098321b7c} --------- 0  
     21.01.2012 00:16     C:\Users\Uwe\AppData\Local\Temp\scoped_dir7409 --------- 0  
     21.01.2012 00:16     C:\Users\Uwe\AppData\Local\Temp\scoped_dir22869 --------- 0  
     21.01.2012 00:16     C:\Users\Uwe\AppData\Local\Temp\scoped_dir29429 --------- 0  
     21.01.2012 00:16     C:\Users\Uwe\AppData\Local\Temp\scoped_dir22866 --------- 0  
     20.01.2012 22:37     C:\Users\Uwe\AppData\Local\Temp\tmp86522.WMC --------- 0  
     20.01.2012 22:12     C:\Users\Uwe\AppData\Local\Temp\tmp27412.WMC --------- 0  
     20.01.2012 17:22     C:\Users\Uwe\AppData\Local\Temp\tmp64180.WMC --------- 0  
     19.01.2012 23:36     C:\Users\Uwe\AppData\Local\Temp\{e7f2991d-8a42-4e07-ae28-01a67ad11f00} --------- 0  
     19.01.2012 23:36     C:\Users\Uwe\AppData\Local\Temp\MSIdb312.LOG --------- 190  
     15.01.2012 22:49     C:\Users\Uwe\AppData\Local\Temp\DMI8A73.tmp --------- 0  
     15.01.2012 22:42     C:\Users\Uwe\AppData\Local\Temp\cc34dabff5ced5196fd672ba7c --------- 0  
     15.01.2012 22:18     C:\Users\Uwe\AppData\Local\Temp\dd_NDP40-KB2468871-v2-x64_decompression_log.txt --------- 1479  
     15.01.2012 22:18     C:\Users\Uwe\AppData\Local\Temp\KB2468871v2_20120115_221546123.html --------- 55542  
     15.01.2012 22:18     C:\Users\Uwe\AppData\Local\Temp\KB2468871v2_20120115_221546123-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 13272690  
     15.01.2012 22:15     C:\Users\Uwe\AppData\Local\Temp\KB2468871v2_10.0.30319 --------- 0  
     15.01.2012 22:15     C:\Users\Uwe\AppData\Local\Temp\KB2572078_20120115_221219860.html --------- 55948  
     15.01.2012 22:15     C:\Users\Uwe\AppData\Local\Temp\KB2572078_20120115_221219860-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 11334528  
     15.01.2012 22:12     C:\Users\Uwe\AppData\Local\Temp\KB2572078_10.0.30319 --------- 0  
     15.01.2012 22:06     C:\Users\Uwe\AppData\Local\Temp\KB2656351_20120115_220540000.html --------- 58676  
     15.01.2012 22:06     C:\Users\Uwe\AppData\Local\Temp\KB2656351_20120115_220540000-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 10654212  
     15.01.2012 22:05     C:\Users\Uwe\AppData\Local\Temp\KB2656351_10.0.30319 --------- 0  
     15.01.2012 22:05     C:\Users\Uwe\AppData\Local\Temp\KB2518870_20120115_220333172.html --------- 58630  
     15.01.2012 22:05     C:\Users\Uwe\AppData\Local\Temp\KB2518870_20120115_220333172-Microsoft .NET Framework 4 Client Profile DEU Language Pack-MSP1.txt --------- 3596374  
     15.01.2012 22:04     C:\Users\Uwe\AppData\Local\Temp\KB2518870_20120115_220333172-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 9900736  
     15.01.2012 22:03     C:\Users\Uwe\AppData\Local\Temp\KB2518870_10.0.30319 --------- 0  
     15.01.2012 22:03     C:\Users\Uwe\AppData\Local\Temp\KB2533523_20120115_220044816.html --------- 56528  
     15.01.2012 22:03     C:\Users\Uwe\AppData\Local\Temp\KB2533523_20120115_220044816-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 9415524  
     15.01.2012 22:00     C:\Users\Uwe\AppData\Local\Temp\KB2533523_10.0.30319 --------- 0  
     15.01.2012 22:00     C:\Users\Uwe\AppData\Local\Temp\KB2539636_20120115_215729784.html --------- 55414  
     15.01.2012 21:59     C:\Users\Uwe\AppData\Local\Temp\KB2539636_20120115_215729784-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 8682642  
     15.01.2012 21:57     C:\Users\Uwe\AppData\Local\Temp\KB2539636_10.0.30319 --------- 0  
     15.01.2012 14:27     C:\Users\Uwe\AppData\Local\Temp\~DF1FDA3B563B043E44.TMP --------- 32768  
     15.01.2012 14:15     C:\Users\Uwe\AppData\Local\Temp\Jab2414.png --------- 3993  
     15.01.2012 14:12     C:\Users\Uwe\AppData\Local\Temp\C978.tmp --------- 0  
     15.01.2012 14:10     C:\Users\Uwe\AppData\Local\Temp\C265.tmp --------- 376480  
     15.01.2012 13:52     C:\Users\Uwe\AppData\Local\Temp\History --------- 0  
     15.01.2012 13:52     C:\Users\Uwe\AppData\Local\Temp\Cookies --------- 0  
     15.01.2012 13:52     C:\Users\Uwe\AppData\Local\Temp\Temporary Internet Files --------- 0  
     15.01.2012 13:52     C:\Users\Uwe\AppData\Local\Temp\Adobe --------- 0  
     15.01.2012 13:49     C:\Users\Uwe\AppData\Local\Temp\AdobeSFX.log --------- 1983  
     15.01.2012 13:41     C:\Users\Uwe\AppData\Local\Temp\install_reader10_de_mssd_aih_1.exe --------- 765544  
     15.01.2012 13:18     C:\Users\Uwe\AppData\Local\Temp\~DF011DF1E78F913250.TMP --------- 16384  
     15.01.2012 12:59     C:\Users\Uwe\AppData\Local\Temp\DMIFCB6.tmp --------- 0  
     15.01.2012 12:34     C:\Users\Uwe\AppData\Local\Temp\vastat.out --------- 115  
     15.01.2012 12:34     C:\Users\Uwe\AppData\Local\Temp\CsCaTemp --------- 0  
     15.01.2012 12:34     C:\Users\Uwe\AppData\Local\Temp\_5FDC06BF_3D3D_4367_8FFB_4FAFCB61972D_.TMP --------- 1280  
     15.01.2012 12:34     C:\Users\Uwe\AppData\Local\Temp\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D} --------- 0  
     15.01.2012 12:11     C:\Users\Uwe\AppData\Local\Temp\MSI11ee.LOG --------- 324  
     15.01.2012 11:50     C:\Users\Uwe\AppData\Local\Temp\install_reader10_de_mssd_aih.exe --------- 765544  
     15.01.2012 11:49     C:\Users\Uwe\AppData\Local\Temp\DMID0D5.tmp --------- 0  
     15.01.2012 11:48     C:\Users\Uwe\AppData\Local\Temp\DMI587B.tmp --------- 0  
     15.01.2012 11:48     C:\Users\Uwe\AppData\Local\Temp\Sophos Standalone Installer.txt --------- 1580  
     15.01.2012 11:48     C:\Users\Uwe\AppData\Local\Temp\Sophos AutoUpdate Install Log.txt --------- 692464  
     15.01.2012 11:48     C:\Users\Uwe\AppData\Local\Temp\Sophos Anti-Virus Install Log_120115_104730.txt --------- 4260564  
     15.01.2012 11:48     C:\Users\Uwe\AppData\Local\Temp\Sophos Anti-Virus CustomActions Log_120115_104730.txt --------- 18306  
     15.01.2012 11:47     C:\Users\Uwe\AppData\Local\Temp\avremove.log --------- 152498  
     15.01.2012 11:47     C:\Users\Uwe\AppData\Local\Temp\crt --------- 0  
     15.01.2012 11:28     C:\Users\Uwe\AppData\Local\Temp\{441df79d-8ef8-49dd-83c3-39043ee25c7b} --------- 0  
     15.01.2012 11:28     C:\Users\Uwe\AppData\Local\Temp\iProInstLogs --------- 0  
     15.01.2012 11:23     C:\Users\Uwe\AppData\Local\Temp\{2A8DDEA9-817E-4B8A-BDE8-158B4D6BA53B} --------- 0  
     15.01.2012 11:20     C:\Users\Uwe\AppData\Local\Temp\ispFC.tmp --------- 0  
     15.01.2012 11:17     C:\Users\Uwe\AppData\Local\Temp\mso27EA.tmp --------- 28160  
     15.01.2012 11:17     C:\Users\Uwe\AppData\Local\Temp\{4C8C6BF8-5611-4F13-A665-9E1D6559C7E7} --------- 0  
     15.01.2012 11:17     C:\Users\Uwe\AppData\Local\Temp\IXP000.TMP --------- 0  
     15.01.2012 11:13     C:\Users\Uwe\AppData\Local\Temp\DMI9452.tmp --------- 0  
     15.01.2012 11:02     C:\Users\Uwe\AppData\Local\Temp\aiPlatformSetupAddOn.log --------- 0  
     15.01.2012 11:00     C:\Users\Uwe\AppData\Local\Temp\{D45A694F-0A96-486A-9662-42C82ECAD96C} --------- 0  
     15.01.2012 10:59     C:\Users\Uwe\AppData\Local\Temp\{5a8d46c6-d883-4b3d-a60a-8148285ad33c} --------- 0  
     15.01.2012 10:59     C:\Users\Uwe\AppData\Local\Temp\{CC3E26AE-6BEB-4BD1-9500-D4CD11315E4B} --------- 0  
     15.01.2012 10:50     C:\Users\Uwe\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
     23.11.2011 19:56     C:\Users\Uwe\AppData\Local\Temp\Motorola_End_User_Driver_Installation_5.4.0_64bit.msi --------- 2344960  
     14.11.2011 22:08     C:\Users\Uwe\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe --------- 909088  
     12.10.2011 23:12     C:\Users\Uwe\AppData\Local\Temp\Uninstaller-5056.exe --------- 314272  
     27.09.2011 20:15     C:\Users\Uwe\AppData\Local\Temp\LMkRstPt.exe --------- 101144  
     04.03.2011 23:05     C:\Users\Uwe\AppData\Local\Temp\MotoHelper_2.0.45_Driver_5.0.0.exe --------- 8459800  
     04.03.2011 12:52     C:\Users\Uwe\AppData\Local\Temp\vpnclient_jp.mst --------- 47616  
     04.03.2011 12:52     C:\Users\Uwe\AppData\Local\Temp\vpnclient_setup.msi --------- 7255040  
     04.03.2011 12:52     C:\Users\Uwe\AppData\Local\Temp\vpnclient_fc.mst --------- 43008  
     04.03.2011 12:52     C:\Users\Uwe\AppData\Local\Temp\vpnclient_setup.exe --------- 56832  
     04.03.2011 12:52     C:\Users\Uwe\AppData\Local\Temp\vpnclient_setup.ini --------- 964  
     04.03.2011 12:52     C:\Users\Uwe\AppData\Local\Temp\vpnclient_setup.sms --------- 819  
     04.03.2011 12:52     C:\Users\Uwe\AppData\Local\Temp\vpnclient_setup.pdf --------- 640  
     26.02.2011 07:55     C:\Users\Uwe\AppData\Local\Temp\AcDeltree.exe --------- 161704  
     25.02.2011 22:34     C:\Users\Uwe\AppData\Local\Temp\Motorola_End_User_Driver_Installation_5.0.0_64bit.msi --------- 2433024  
     17.12.2007 21:36     C:\Users\Uwe\AppData\Local\Temp\patchw32.dll --------- 202240  
     28.10.2006 13:17     C:\Users\Uwe\AppData\Local\Temp\ose00000.exe --------- 145184  
     14.11.2005 16:24     C:\Users\Uwe\AppData\Local\Temp\SetFF35.tmp --------- 121064  
     05.09.2001 04:24     C:\Users\Uwe\AppData\Local\Temp\IEC6D1C.tmp --------- 344923  
     11.04.2001 17:28     C:\Users\Uwe\AppData\Local\Temp\SetC312.tmp --------- 54784  
     11.04.2001 17:28     C:\Users\Uwe\AppData\Local\Temp\Set1FC1.tmp --------- 54784  
    ----------------------------------------
    
     
    C:\Program Files
    
     23.12.2012 16:40     C:\Program Files\GIMP 2 --------- 4096  
     13.12.2012 18:05     C:\Program Files\Internet Explorer --------- 4096  
     01.11.2012 18:10     C:\Program Files\Microsoft Mouse and Keyboard Center --------- 12288  
     04.10.2012 12:37     C:\Program Files\Java --------- 0  
     02.07.2012 08:31     C:\Program Files\proeWildfire 5.0 --------- 8192  
     13.05.2012 21:24     C:\Program Files\Logitech --------- 0  
     13.05.2012 21:24     C:\Program Files\Common Files --------- 4096  
     13.05.2012 16:12     C:\Program Files\Windows Journal --------- 0  
     03.05.2012 19:02     C:\Program Files\TeamSpeak 3 Client --------- 4096  
     09.04.2012 11:29     C:\Program Files\Microsoft Office --------- 0  
     01.04.2012 14:50     C:\Program Files\Autodesk --------- 4096  
     06.03.2012 06:14     C:\Program Files\Motorola Inc --------- 0  
     15.01.2012 22:37     C:\Program Files\Windows Sidebar --------- 4096  
     15.01.2012 22:37     C:\Program Files\Windows Mail --------- 0  
     15.01.2012 22:37     C:\Program Files\DVD Maker --------- 0  
     15.01.2012 22:37     C:\Program Files\Windows Portable Devices --------- 0  
     15.01.2012 22:37     C:\Program Files\Windows Media Player --------- 4096  
     15.01.2012 22:37     C:\Program Files\Windows Photo Viewer --------- 0  
     15.01.2012 22:37     C:\Program Files\Windows Defender --------- 4096  
     15.01.2012 12:11     C:\Program Files\7-Zip --------- 4096  
     15.01.2012 11:25     C:\Program Files\Synaptics --------- 0  
     15.01.2012 11:20     C:\Program Files\Realtek --------- 0  
     15.01.2012 11:07     C:\Program Files\ATI Technologies --------- 0  
     15.01.2012 11:06     C:\Program Files\ATI --------- 0  
     15.01.2012 11:00     C:\Program Files\Acer --------- 0  
     15.01.2012 10:48     C:\Program Files\Windows NT --------- 4096  
     15.01.2012 10:48     C:\Program Files\Gemeinsame Dateien --------- 0  
     14.07.2009 06:32     C:\Program Files\MSBuild --------- 0  
     14.07.2009 06:32     C:\Program Files\Reference Assemblies --------- 0  
     14.07.2009 06:09     C:\Program Files\Uninstall Information --------- 0  
     14.07.2009 05:54     C:\Program Files\desktop.ini --------- 174  
    ----------------------------------------
    
     
    C:\ProgramData\.. 
    
    Uwe    
    Public    
    Default    
    Default User    
    All Users    
    desktop.ini    
    ----------------------------------------
    
     
    C:\Windows\system32\drivers\etc\hosts
    
    
    ----------------------------------------
    
     
    
    Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
    ========================= ======== ================ =========== ===============
    System Idle Process              0 Services                   0            24 K
    System                           4 Services                   0           984 K
    smss.exe                       272 Services                   0         1.192 K
    csrss.exe                      396 Services                   0         4.496 K
    wininit.exe                    584 Services                   0         5.412 K
    csrss.exe                      604 Console                    1        14.076 K
    services.exe                   648 Services                   0        12.388 K
    lsass.exe                      664 Services                   0        11.656 K
    lsm.exe                        672 Services                   0         4.524 K
    winlogon.exe                   768 Console                    1         7.864 K
    svchost.exe                    832 Services                   0        10.928 K
    svchost.exe                    908 Services                   0        10.172 K
    atiesrxx.exe                   972 Services                   0         4.920 K
    svchost.exe                   1008 Services                   0        19.472 K
    svchost.exe                    408 Services                   0        19.628 K
    svchost.exe                    456 Services                   0       104.140 K
    audiodg.exe                    508 Services                   0        19.128 K
    svchost.exe                    352 Services                   0         5.784 K
    svchost.exe                    732 Services                   0        12.264 K
    SavService.exe                1052 Services                   0       190.668 K
    atieclxx.exe                  1188 Console                    1         7.372 K
    dwm.exe                       1348 Console                    1        37.380 K
    explorer.exe                  1404 Console                    1        88.204 K
    svchost.exe                   1676 Services                   0        16.956 K
    svchost.exe                   1772 Services                   0        19.096 K
    spoolsv.exe                   1884 Services                   0        15.328 K
    taskhost.exe                  1892 Console                    1         8.540 K
    armsvc.exe                    1028 Services                   0         4.140 K
    AdminService.exe              1384 Services                   0         5.720 K
    igfxpers.exe                  2120 Console                    1         8.084 K
    cvpnd.exe                     2208 Services                   0         7.268 K
    RAVCpl64.exe                  2248 Console                    1        12.004 K
    RAVBg64.exe                   2296 Console                    1        10.716 K
    dsiwmis.exe                   2312 Services                   0         6.424 K
    SynTPEnh.exe                  2324 Console                    1        13.808 K
    SetPoint.exe                  2372 Console                    1        19.464 K
    ePowerSvc.exe                 2424 Services                   0         7.640 K
    itype.exe                     2436 Console                    1        13.988 K
    ipoint.exe                    2460 Console                    1        13.260 K
    LMS.exe                       2508 Services                   0         4.980 K
    mitsijm.exe                   2580 Services                   0         6.024 K
    LManager.exe                  2736 Console                    1        13.656 K
    KHALMNPR.exe                  2760 Console                    1        13.856 K
    MotoHelperService.exe         2772 Services                   0         8.260 K
    ALMon.exe                     2832 Console                    1         1.728 K
    MMDx64Fx.exe                  2852 Console                    1         6.304 K
    jusched.exe                   2860 Console                    1        11.608 K
    PnkBstrA.exe                  3036 Services                   0         4.852 K
    SAVAdminService.exe           2024 Services                   0         3.140 K
    LMworker.exe                  2144 Console                    1         4.648 K
    ALsvc.exe                     2332 Services                   0         2.656 K
    swc_service.exe               1368 Services                   0         5.956 K
    MotoHelperAgent.exe           1364 Console                    1         8.640 K
    svchost.exe                   2728 Services                   0         6.116 K
    swi_service.exe               2408 Services                   0        16.488 K
    SearchIndexer.exe             3352 Services                   0        23.336 K
    SynTPHelper.exe               3700 Console                    1         5.060 K
    unsecapp.exe                  3740 Console                    1         7.020 K
    WmiPrvSE.exe                  3820 Services                   0         7.472 K
    svchost.exe                   4060 Services                   0        44.764 K
    firefox.exe                   4364 Console                    1       282.964 K
    plugin-container.exe          4872 Console                    1        12.064 K
    ePowerTray.exe                4628 Console                    1        10.060 K
    AcroRd32.exe                  3388 Console                    1        13.248 K
    AcroRd32.exe                  5024 Console                    1        46.752 K
    ePowerEvent.exe               4616 Console                    1         5.648 K
    MOM.exe                       4680 Console                    1         7.684 K
    CCC.exe                        340 Console                    1         9.040 K
    sppsvc.exe                    5568 Services                   0         8.080 K
    UNS.exe                       5604 Services                   0         8.964 K
    svchost.exe                   5696 Services                   0        32.140 K
    wmpnetwk.exe                  5732 Services                   0        27.876 K
    TrustedInstaller.exe          5488 Services                   0         9.456 K
    WMIADAP.exe                   6064 Services                   0         6.056 K
    SearchProtocolHost.exe        5316 Services                   0         9.380 K
    SearchFilterHost.exe          3760 Services                   0         7.492 K
    cmd.exe                       3412 Console                    1         4.596 K
    conhost.exe                   2084 Console                    1         6.908 K
    dllhost.exe                   3456 Console                    1         7.144 K
    tasklist.exe                  3944 Console                    1         6.252 K
    WmiPrvSE.exe                   808 Services                   0         6.912 K
    
     
    ***** Ende des Scans 30.12.2012 um 11:36:54,52 ***
    Geändert von Freischneider (30.12.2012 um 11:13 Uhr)

  6. #6
    Einsteiger
    Registriert seit
    30.12.2012
    Beiträge
    11

    AW: Win32/Small.CA-Virus

    Ich habe in der Zwischenzeit den Java-Cache geleert, wie in einem anderen Thread empfohlen.
    Des weiteren habe ich den CCleaner installiert und sowohl die Registry gereinigt als auch den Cleaner mit den Standardeinstellungen durchlaufen lassen und die Dateien entfernt.

    Braucht ihr jetzt die neuen Logfiles?

  7. #7
    Moderator Team-Mitglied Avatar von Eric Lee
    Registriert seit
    29.07.2012
    Beiträge
    2.397

    AW: Win32/Small.CA-Virus

    Hallo Freischneider,

    mir war dein Thema erst untergegangen da du dir oft selbst beantwortet hast, daher dachte ich das Thema wäre schon "in Arbeit". Als Hinweis: In Supportforen nicht auf das eigene Thema antworten da Helfer sonst nicht sehen das sich noch kein anderer Helfer um das Thema kümmert

    Da du jetzt Änderungen am System vorgenommen hast mache mir bitte einen neuen OTL Systemscan
    1)
    • Lade dir OTL von OldTimer herunter und speichere es auf deinem Desktop.
    • Schließe alle anderen Programme.
    • Windows Vista/7 User: Starte das Programm via Rechtsklick > als Administrator ausführen.
    • Wähle bei allen Einstellungen "Benutze SafeList", hake "Alle Benutzer" und falls erforderlich "64Bit Scans" an. Aktiviere Standard Ausgabe sowie LOP und Purity Prüfung.
    • Starte den Scan.
    • Nach dem Scan werden zwei Logfiles (OTL.txt und Extras.txt) erstellt. Anonymisiere falls erforderlich Nutzernamen durch ***** und poste sie hier im Forum. Benutze bitte die #Code-Tags.


    Schönen Gruß,
    Eric Lee
    | Neu hier? Bitte abarbeiten. | Forenregeln | Feedback | Stellenausschreibung im Forum | OS X or BSD Malware? PM me. |
    | Danke 1uV829dYGPwKk8Q1khoH4o9MuEqWSgyXE (BTC) | Browser TLSv1.2? | Wie sicher ist dein Browser? | How unique are you? |

  8. #8
    Einsteiger
    Registriert seit
    30.12.2012
    Beiträge
    11

    AW: Win32/Small.CA-Virus

    OTL:
    Code:
    OTL logfile created on: 30.12.2012 14:51:24 - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,68 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 59,76% Memory free
    7,35 Gb Paging File | 5,78 Gb Available in Paging File | 78,60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119,14 Gb Total Space | 29,49 Gb Free Space | 24,76% Space Free | Partition Type: NTFS
     
    Computer Name: RAUL | User Name: Uwe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.12.30 10:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
    PRC - [2012.12.04 19:16:55 | 000,236,608 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
    PRC - [2012.12.04 19:16:54 | 000,928,832 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
    PRC - [2012.12.04 19:16:46 | 002,878,016 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    PRC - [2012.12.04 19:16:46 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    PRC - [2012.11.05 10:54:30 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
    PRC - [2012.08.29 12:08:06 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012.05.09 18:36:14 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    PRC - [2011.12.06 22:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2011.12.06 22:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2009.09.30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009.09.30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2011.12.06 22:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2010.09.09 14:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012.12.12 22:00:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012.12.08 14:05:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.12.04 19:16:55 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
    SRV - [2012.12.04 19:16:46 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
    SRV - [2012.12.04 19:16:46 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
    SRV - [2012.12.04 19:16:44 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
    SRV - [2012.11.05 10:54:30 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
    SRV - [2012.10.12 18:25:53 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012.08.29 12:08:06 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.05.09 18:36:14 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
    SRV - [2012.04.01 14:40:48 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV - [2011.12.06 22:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010.12.08 05:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
    SRV - [2010.08.30 19:10:08 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2009.09.30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009.09.30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2012.11.05 10:56:45 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
    DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011.11.08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
    DRV:64bit: - [2011.10.01 10:47:32 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
    DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2011.08.25 03:46:56 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
    DRV:64bit: - [2011.07.12 14:02:56 | 000,130,048 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
    DRV:64bit: - [2011.07.12 14:02:56 | 000,089,600 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhsbus.sys -- (GTUHSBUS)
    DRV:64bit: - [2011.07.12 14:02:28 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2011.07.12 12:58:46 | 000,190,976 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhs62.sys -- (GTNDIS62)
    DRV:64bit: - [2011.07.12 12:58:44 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhsser.sys -- (GTUHSSER)
    DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\34E2.tmp -- (MEMSWEEP2)
    DRV:64bit: - [2011.04.04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
    DRV:64bit: - [2011.03.31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV:64bit: - [2011.03.30 14:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.09.09 14:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010.09.09 13:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,297,320 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,273,768 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,057,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2010.08.30 18:54:18 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2010.07.28 14:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2010.05.11 18:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010.04.01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
    DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2009.12.22 09:18:40 | 000,072,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C60x64.sys -- (L1C)
    DRV:64bit: - [2009.12.01 18:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009.09.17 20:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.01.29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
    DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
    DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2007.11.15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
    DRV:64bit: - [2007.11.02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 14:05:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 19:10:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 14:05:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 19:10:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
     
    [2012.01.15 11:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions
    [2012.12.30 10:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\e88b44ug.default\extensions
    [2012.07.05 16:43:10 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\firefox\profiles\e88b44ug.default\extensions\elemhidehelper@adblockplus.org.xpi
    [2012.11.24 10:58:04 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\firefox\profiles\e88b44ug.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012.12.08 14:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.12.08 14:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012.12.08 14:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012.12.08 14:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012.12.08 14:05:02 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012.06.25 19:16:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.09.13 10:38:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012.06.25 19:16:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2012.06.25 19:16:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012.06.25 19:16:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.06.25 19:16:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - Startup: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.10.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.226.144.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{125AFDE0-DBD4-45EB-8A2A-41EEBF183073}: DhcpNameServer = 139.7.30.126 139.7.30.125
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F1AC3C5-C15B-43BD-AF45-4EDC163CD647}: DhcpNameServer = 137.226.144.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6565B866-CD32-4B98-87B3-F721362CF473}: DhcpNameServer = 139.7.30.125 139.7.30.126
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DEC31E7-26C5-4329-B688-AFE5F2154B69}: DhcpNameServer = 137.226.144.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
    O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012.05.27 20:54:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O33 - MountPoints2\{186a7043-606d-11e1-b9dc-00046180e89a}\Shell - "" = AutoRun
    O33 - MountPoints2\{186a7043-606d-11e1-b9dc-00046180e89a}\Shell\AutoRun\command - "" = D:\setup.exe -a
    O33 - MountPoints2\{a41fed06-aaf3-11e1-a401-206a8a142f19}\Shell - "" = AutoRun
    O33 - MountPoints2\{a41fed06-aaf3-11e1-a401-206a8a142f19}\Shell\AutoRun\command - "" = E:\Launcher.exe
    O33 - MountPoints2\{a41fed14-aaf3-11e1-a401-206a8a142f19}\Shell - "" = AutoRun
    O33 - MountPoints2\{a41fed14-aaf3-11e1-a401-206a8a142f19}\Shell\AutoRun\command - "" = D:\Launcher.exe
    O33 - MountPoints2\{e0e14c12-1828-11e2-953d-206a8a142f19}\Shell - "" = AutoRun
    O33 - MountPoints2\{e0e14c12-1828-11e2-953d-206a8a142f19}\Shell\AutoRun\command - "" = D:\ANNOfinder.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.12.30 13:25:29 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Documents\Sicherung der Registry
    [2012.12.30 13:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012.12.30 13:22:49 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Users\Uwe\Desktop\ccsetup326.exe
    [2012.12.30 12:43:01 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\backups
    [2012.12.30 12:34:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Uwe\Desktop\HijackThis.exe
    [2012.12.30 11:36:06 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\hjtscanlist
    [2012.12.30 10:46:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
    [2012.12.30 01:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012.12.30 01:49:35 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2012.12.30 01:49:05 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012.12.30 01:49:05 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012.12.30 01:49:05 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2012.12.30 01:10:48 | 081,537,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Uwe\Desktop\msert.exe
    [2012.12.29 18:51:20 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Desktop\dokumente Mona
    [2012.12.23 16:46:33 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\fontconfig
    [2012.12.23 16:46:32 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\gegl-0.2
    [2012.12.23 16:46:32 | 000,000,000 | ---D | C] -- C:\Users\Uwe\.gimp-2.8
    [2012.12.23 16:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
    [2012.12.23 16:10:41 | 000,000,000 | ---D | C] -- C:\Users\Uwe\krefeld pinguine
    [2012.12.21 15:17:53 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012.12.21 15:17:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012.12.21 15:17:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012.12.21 15:17:52 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012.12.21 15:14:02 | 000,000,000 | ---D | C] -- C:\Users\Uwe\mario
    [2012.12.16 13:55:14 | 000,000,000 | ---D | C] -- C:\Users\Uwe\mama und papa
    [2012.12.16 12:49:47 | 000,000,000 | ---D | C] -- C:\Users\Uwe\kalender
    [2012.12.16 12:47:39 | 000,000,000 | ---D | C] -- C:\Users\Uwe\Auswahl Foto 2012 USA - Kopie
    [2012.12.15 14:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
    [2012.12.14 11:04:59 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\PDF Architect
    [2012.12.14 10:55:00 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\APP_NAME_NON_STRING
    [2012.12.14 10:54:40 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\pdfforge
    [2012.12.14 10:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
    [2012.12.14 10:54:37 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
    [2012.12.14 10:54:37 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
    [2012.12.14 10:54:37 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
    [2012.12.14 10:54:36 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
    [2012.12.14 10:54:36 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
    [2012.12.14 10:54:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
    [2012.12.14 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Programs
    [2012.12.13 18:01:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012.12.13 18:01:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012.12.13 18:01:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012.12.13 18:01:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012.12.13 18:01:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012.12.13 18:01:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012.12.13 18:01:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012.12.13 18:01:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012.12.13 18:01:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012.12.13 18:01:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012.12.13 18:01:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012.12.13 18:01:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012.12.13 18:01:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012.12.13 18:01:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012.12.13 18:01:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012.12.12 21:26:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012.12.12 21:26:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012.12.12 21:26:12 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012.12.12 21:26:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012.12.12 21:26:09 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012.12.12 21:26:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012.12.12 21:26:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012.12.12 21:26:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012.12.12 21:26:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012.12.12 21:26:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012.12.12 21:26:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012.12.12 21:26:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012.12.12 21:26:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012.12.12 21:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012.12.12 21:26:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012.12.12 21:26:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012.12.12 21:26:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012.12.12 21:26:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012.12.12 21:26:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012.12.12 21:26:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012.12.12 21:26:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012.12.12 21:25:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012.12.12 21:25:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012.12.12 21:25:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
    [2012.12.12 21:25:50 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
    [2012.12.08 14:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012.12.08 00:00:13 | 001,148,766 | ---- | C] (pendrivelinux.com) -- C:\Users\Uwe\Universal-USB-Installer-1.9.1.8.exe
    [2012.09.21 09:36:26 | 003,951,464 | ---- | C] (Martin Prikryl                                              ) -- C:\Users\Uwe\winscp439setup.exe
    [2012.09.17 18:50:19 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Users\Uwe\DOSBox0.74-win32-installer.exe
    [2012.09.17 10:50:06 | 008,697,544 | ---- | C] (Georgy Berdyshev) -- C:\Users\Uwe\CDex-win32-1.70-b4-2009.exe
    [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.12.30 14:47:24 | 000,002,310 | -H-- | M] () -- C:\Users\Uwe\Documents\Default.rdp
    [2012.12.30 14:45:59 | 000,030,005 | ---- | M] () -- C:\Users\Uwe\Desktop\anweisungen.png
    [2012.12.30 14:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.12.30 13:36:36 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.12.30 13:36:36 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.12.30 13:36:36 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.12.30 13:36:36 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.12.30 13:36:36 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.12.30 13:22:55 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Users\Uwe\Desktop\ccsetup326.exe
    [2012.12.30 12:35:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Uwe\Desktop\HijackThis.exe
    [2012.12.30 11:37:19 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.12.30 11:37:19 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.12.30 11:35:49 | 000,002,097 | ---- | M] () -- C:\Users\Uwe\Desktop\hjtscanlist.zip
    [2012.12.30 11:29:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.12.30 11:29:55 | 2960,461,824 | -HS- | M] () -- C:\hiberfil.sys
    [2012.12.30 10:51:55 | 001,410,192 | ---- | M] () -- C:\Users\Uwe\Desktop\sar_15_sfx.exe
    [2012.12.30 10:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
    [2012.12.30 01:48:49 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2012.12.30 01:48:45 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2012.12.30 01:48:45 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012.12.30 01:48:44 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
    [2012.12.30 01:48:44 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012.12.30 01:48:43 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2012.12.30 01:13:50 | 081,537,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Uwe\Desktop\msert.exe
    [2012.12.23 17:34:16 | 000,017,739 | ---- | M] () -- C:\Users\Uwe\AppData\Local\recently-used.xbel
    [2012.12.21 15:20:47 | 000,444,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012.12.12 22:00:10 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012.12.12 22:00:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012.12.09 18:27:57 | 000,002,923 | ---- | M] () -- C:\Users\Uwe\Documents\10141700_verschmolzen_v3.m_p
    [2012.12.09 18:25:04 | 000,005,851 | ---- | M] () -- C:\Users\Uwe\Documents\10141700.m_p
    [2012.12.09 18:21:37 | 000,001,812 | ---- | M] () -- C:\Users\Uwe\Documents\10141650_montage_v3.m_p
    [2012.12.09 18:21:07 | 000,001,806 | ---- | M] () -- C:\Users\Uwe\Documents\10141647_sub_v3.m_p
    [2012.12.09 18:19:32 | 000,001,806 | ---- | M] () -- C:\Users\Uwe\Documents\10141643_def_v3.m_p
    [2012.12.09 18:17:37 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141683_v3.m_p
    [2012.12.09 17:58:37 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141679_v3.m_p
    [2012.12.09 17:54:22 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141680_v3.m_p
    [2012.12.09 17:32:46 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141655_v3.m_p
    [2012.12.09 17:32:14 | 000,004,091 | ---- | M] () -- C:\Users\Uwe\Documents\std.out
    [2012.12.09 17:29:55 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141652_v3.m_p
    [2012.12.09 17:23:29 | 000,001,794 | ---- | M] () -- C:\Users\Uwe\Documents\10141673_v3.m_p
    [2012.12.08 17:36:28 | 000,001,799 | ---- | M] () -- C:\Users\Uwe\Documents\lager_ersatz_003.m_p
    [2012.12.08 17:35:22 | 000,001,781 | ---- | M] () -- C:\Users\Uwe\Documents\prt0003ddd.m_p
    [2012.12.08 17:32:09 | 000,001,782 | ---- | M] () -- C:\Users\Uwe\Documents\prt0001.m_p
    [2012.12.08 17:29:39 | 000,013,312 | ---- | M] () -- C:\Users\Uwe\Documents\70195000239_asm_verschmolzen_log.xml
    [2012.12.08 17:29:09 | 000,005,024 | ---- | M] () -- C:\Users\Uwe\Documents\lagerfeder_log.xml
    [2012.12.08 17:26:36 | 000,005,050 | ---- | M] () -- C:\Users\Uwe\Documents\lager_ersatz_001_log.xml
    [2012.12.08 17:16:42 | 000,001,776 | ---- | M] () -- C:\Users\Uwe\Documents\prt000123.m_p
    [2012.12.08 17:14:33 | 000,001,763 | ---- | M] () -- C:\Users\Uwe\Documents\2222.m_p
    [2012.12.08 16:48:01 | 000,001,775 | ---- | M] () -- C:\Users\Uwe\Documents\prt00012.m_p
    [2012.12.08 16:46:12 | 000,004,208 | ---- | M] () -- C:\Users\Uwe\Documents\70195000239.m_p
    [2012.12.08 16:45:08 | 000,001,799 | ---- | M] () -- C:\Users\Uwe\Documents\lager_ersatz_001.m_p
    [2012.12.08 13:08:59 | 000,257,861 | ---- | M] () -- C:\Users\Uwe\Rechnung 06.12.2012 Netzgruppe.pdf
    [2012.12.08 00:00:16 | 001,148,766 | ---- | M] (pendrivelinux.com) -- C:\Users\Uwe\Universal-USB-Installer-1.9.1.8.exe
    [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012.12.30 14:45:59 | 000,030,005 | ---- | C] () -- C:\Users\Uwe\Desktop\anweisungen.png
    [2012.12.30 11:35:49 | 000,002,097 | ---- | C] () -- C:\Users\Uwe\Desktop\hjtscanlist.zip
    [2012.12.30 10:51:53 | 001,410,192 | ---- | C] () -- C:\Users\Uwe\Desktop\sar_15_sfx.exe
    [2012.12.23 17:34:16 | 000,017,739 | ---- | C] () -- C:\Users\Uwe\AppData\Local\recently-used.xbel
    [2012.12.09 18:24:24 | 000,002,923 | ---- | C] () -- C:\Users\Uwe\Documents\10141700_verschmolzen_v3.m_p
    [2012.12.09 18:21:37 | 000,001,812 | ---- | C] () -- C:\Users\Uwe\Documents\10141650_montage_v3.m_p
    [2012.12.09 18:21:07 | 000,001,806 | ---- | C] () -- C:\Users\Uwe\Documents\10141647_sub_v3.m_p
    [2012.12.09 18:17:37 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141683_v3.m_p
    [2012.12.09 17:58:37 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141679_v3.m_p
    [2012.12.09 17:54:22 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141680_v3.m_p
    [2012.12.09 17:32:46 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141655_v3.m_p
    [2012.12.09 17:29:55 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141652_v3.m_p
    [2012.12.09 17:23:29 | 000,001,794 | ---- | C] () -- C:\Users\Uwe\Documents\10141673_v3.m_p
    [2012.12.09 16:02:13 | 000,001,806 | ---- | C] () -- C:\Users\Uwe\Documents\10141643_def_v3.m_p
    [2012.12.08 17:36:28 | 000,001,799 | ---- | C] () -- C:\Users\Uwe\Documents\lager_ersatz_003.m_p
    [2012.12.08 17:35:22 | 000,001,781 | ---- | C] () -- C:\Users\Uwe\Documents\prt0003ddd.m_p
    [2012.12.08 17:32:09 | 000,001,782 | ---- | C] () -- C:\Users\Uwe\Documents\prt0001.m_p
    [2012.12.08 17:29:39 | 000,013,312 | ---- | C] () -- C:\Users\Uwe\Documents\70195000239_asm_verschmolzen_log.xml
    [2012.12.08 17:29:09 | 000,005,024 | ---- | C] () -- C:\Users\Uwe\Documents\lagerfeder_log.xml
    [2012.12.08 17:26:36 | 000,005,050 | ---- | C] () -- C:\Users\Uwe\Documents\lager_ersatz_001_log.xml
    [2012.12.08 17:16:42 | 000,001,776 | ---- | C] () -- C:\Users\Uwe\Documents\prt000123.m_p
    [2012.12.08 17:14:33 | 000,001,763 | ---- | C] () -- C:\Users\Uwe\Documents\2222.m_p
    [2012.12.08 16:48:01 | 000,001,775 | ---- | C] () -- C:\Users\Uwe\Documents\prt00012.m_p
    [2012.12.08 16:36:08 | 000,004,208 | ---- | C] () -- C:\Users\Uwe\Documents\70195000239.m_p
    [2012.12.08 16:35:29 | 000,001,799 | ---- | C] () -- C:\Users\Uwe\Documents\lager_ersatz_001.m_p
    [2012.12.08 13:08:58 | 000,257,861 | ---- | C] () -- C:\Users\Uwe\Rechnung 06.12.2012 Netzgruppe.pdf
    [2012.11.28 15:54:33 | 009,791,479 | ---- | C] () -- C:\Users\Uwe\lehrstellenatlas-data.pdf
    [2012.11.28 12:09:07 | 003,732,542 | ---- | C] () -- C:\Users\Uwe\forum_werkstoffe_-_euromold2008.pdf
    [2012.11.28 11:59:41 | 007,403,161 | ---- | C] () -- C:\Users\Uwe\Simulation_in_zeitkritischen_Projekten.pdf
    [2012.11.25 11:58:01 | 000,258,478 | ---- | C] () -- C:\Users\Uwe\Rechnung 22.11.2012 Netzgruppe.pdf
    [2012.11.23 01:06:24 | 000,769,189 | ---- | C] () -- C:\Users\Uwe\animated-gifs-81-001.gif
    [2012.11.23 01:04:11 | 000,160,146 | ---- | C] () -- C:\Users\Uwe\animated-gifs-81-002.gif
    [2012.11.19 17:29:38 | 000,090,497 | ---- | C] () -- C:\Users\Uwe\old TV.gif
    [2012.11.19 14:42:14 | 007,909,786 | ---- | C] () -- C:\Users\Uwe\Hd-Ag-aktuell - Kopie.xcf
    [2012.11.19 14:31:51 | 000,752,441 | ---- | C] () -- C:\Users\Uwe\Philosoraptor.png
    [2012.11.19 14:01:30 | 001,410,147 | ---- | C] () -- C:\Users\Uwe\Hd-Ag-aktuell.jpg
    [2012.11.18 13:57:51 | 007,023,739 | ---- | C] () -- C:\Users\Uwe\2012-11 PPT Vorlage Seiteneinstieg RWTH Aachen.pdf
    [2012.11.16 22:38:58 | 017,904,640 | ---- | C] () -- C:\Users\Uwe\mumble-1.2.3a(1).msi
    [2012.11.16 21:53:36 | 000,000,600 | ---- | C] () -- C:\Users\Uwe\AppData\Local\PUTTY.RND
    [2012.11.16 14:36:06 | 000,993,201 | ---- | C] () -- C:\Users\Uwe\5838933_460s_v2.jpg
    [2012.11.11 22:45:22 | 000,025,740 | ---- | C] () -- C:\Users\Uwe\Lebenslauf.pdf
    [2012.11.01 18:18:24 | 012,458,536 | ---- | C] () -- C:\Users\Uwe\USB-AVCPTSetup_For_Win7.zip
    [2012.10.26 11:19:54 | 008,688,607 | ---- | C] () -- C:\Users\Uwe\The Survival Games 2.zip
    [2012.10.22 13:28:36 | 000,142,616 | ---- | C] () -- C:\Users\Uwe\Bereichsleiter_Industrial_Equipment.pdf
    [2012.10.22 13:28:23 | 000,050,494 | ---- | C] () -- C:\Users\Uwe\Job_Shadowing_Ford_Werke.pdf
    [2012.10.21 02:48:28 | 000,041,625 | ---- | C] () -- C:\Users\Uwe\picdump-12-10-20-058.jpg
    [2012.10.21 02:37:27 | 000,032,283 | ---- | C] () -- C:\Users\Uwe\hornoxe.com_picdump281_119.jpg
    [2012.10.21 02:32:47 | 000,044,720 | ---- | C] () -- C:\Users\Uwe\hornoxe.com_picdump281_075.jpg
    [2012.10.20 02:14:52 | 000,173,122 | ---- | C] () -- C:\Users\Uwe\jf5xQ.jpg
    [2012.10.18 23:48:09 | 000,346,259 | ---- | C] () -- C:\Users\Uwe\Abgeordnetenkorruption.pdf
    [2012.10.18 23:07:52 | 000,180,616 | ---- | C] () -- C:\Users\Uwe\NewImage123.png
    [2012.10.17 18:15:22 | 000,230,136 | ---- | C] () -- C:\Users\Uwe\Checkliste HD-AG.pdf
    [2012.10.16 13:14:12 | 000,019,982 | ---- | C] () -- C:\Users\Uwe\yahoo passwortwiederherstellung.htm
    [2012.10.15 14:09:45 | 000,021,403 | ---- | C] () -- C:\Users\Uwe\PB_Überweisung_KtoNr0806222608_15-10-2012_1509.pdf
    [2012.10.15 03:00:11 | 000,038,474 | ---- | C] () -- C:\Users\Uwe\601444_10151069143006304_914520234_n.jpg
    [2012.10.15 02:57:48 | 000,041,587 | ---- | C] () -- C:\Users\Uwe\523156_10151069143216304_248255900_n.jpg
    [2012.10.14 14:47:10 | 000,059,274 | ---- | C] () -- C:\Users\Uwe\Unbenannt.jpg
    [2012.10.12 19:50:31 | 000,007,655 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\.freeciv-client-rc-2.3
    [2012.10.11 02:25:34 | 000,089,060 | ---- | C] () -- C:\Users\Uwe\RZ - CATIA V5.mht
    [2012.10.11 02:24:40 | 005,038,749 | ---- | C] () -- C:\Users\Uwe\RZ Leistungskatalog Studi_DLP_2007_deutsch.pdf
    [2012.10.10 23:23:50 | 222,002,373 | ---- | C] () -- C:\Users\Uwe\Dark Heresy - Core Book Bookmarked.pdf
    [2012.10.10 15:00:12 | 043,623,559 | ---- | C] () -- C:\Users\Uwe\Bilder Uwe für Heike.zip
    [2012.10.08 07:24:31 | 000,779,189 | ---- | C] () -- C:\Users\Uwe\windows_creeper_wallpaper_by_andyd4-d45mj70.jpg
    [2012.10.03 02:36:39 | 000,001,785 | ---- | C] () -- C:\Users\Uwe\char.png
    [2012.10.03 01:45:20 | 000,664,455 | ---- | C] () -- C:\Users\Uwe\HWJC3.png
    [2012.10.03 01:40:20 | 000,697,674 | ---- | C] () -- C:\Users\Uwe\DjVi1.png
    [2012.10.03 01:37:49 | 000,197,039 | ---- | C] () -- C:\Users\Uwe\mAAkm.jpg
    [2012.10.03 01:35:40 | 000,161,301 | ---- | C] () -- C:\Users\Uwe\HMdhvh.jpg
    [2012.10.03 01:30:13 | 000,244,643 | ---- | C] () -- C:\Users\Uwe\MauFN.jpg
    [2012.10.03 01:18:02 | 000,329,054 | ---- | C] () -- C:\Users\Uwe\9ftoa.png
    [2012.10.03 01:06:19 | 000,127,962 | ---- | C] () -- C:\Users\Uwe\eNm7X.jpg
    [2012.09.27 16:05:08 | 490,110,442 | ---- | C] () -- C:\Users\Uwe\Hoeren.7z
    [2012.09.23 15:20:41 | 000,016,449 | ---- | C] () -- C:\Users\Uwe\z-1-3kl-kniffel_vorlage_fuer_protokoll-ID_18232.gif
    [2012.09.21 09:42:31 | 001,265,579 | ---- | C] () -- C:\Users\Uwe\File transfer - Unix-Cluster Documentation - Confluence.mht
    [2012.09.21 09:39:08 | 000,000,600 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\winscp.rnd
    [2012.09.19 19:51:59 | 000,047,818 | ---- | C] () -- C:\Users\Uwe\2-format152.jpg
    [2012.09.19 19:51:39 | 000,045,328 | ---- | C] () -- C:\Users\Uwe\2-format15.jpg
    [2012.09.17 18:44:50 | 000,107,266 | ---- | C] () -- C:\Users\Uwe\pckaiser.zip
    [2012.09.17 10:38:05 | 000,899,414 | ---- | C] () -- C:\Users\Uwe\SetupDVDDecrypter_3.5.4.0.exe
    [2012.09.10 13:40:25 | 000,004,712 | ---- | C] () -- C:\Users\Uwe\Ihre PIN und PUK zur DeutschlandSIM-Karte.eml
    [2012.09.06 16:57:05 | 000,013,720 | ---- | C] () -- C:\Users\Uwe\AMA PZ12 I.pdf
    [2012.09.03 15:28:03 | 000,255,747 | ---- | C] () -- C:\Users\Uwe\image2.jpg
    [2012.09.03 15:21:13 | 000,442,045 | ---- | C] () -- C:\Users\Uwe\image.jpg
    [2012.08.30 14:52:00 | 000,045,219 | ---- | C] () -- C:\Users\Uwe\5195045_460s.jpg
    [2012.08.29 12:06:55 | 000,705,724 | ---- | C] () -- C:\Users\Uwe\49.gif
    [2012.08.29 12:03:12 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012.08.29 12:03:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012.08.22 21:24:00 | 000,022,750 | ---- | C] () -- C:\Users\Uwe\eistee rezept.odt
    [2012.07.30 14:40:52 | 000,024,923 | ---- | C] () -- C:\Users\Uwe\PB_Überweisung_KtoNr0806222608_30-07-2012_1539.pdf
    [2012.07.30 10:46:17 | 733,479,111 | ---- | C] () -- C:\Users\Uwe\Simon Traditionsgrillen sortiert.zip
    [2012.07.23 13:07:20 | 000,002,468 | ---- | C] () -- C:\Users\Uwe\AppData\Roaming\.ptbt0
    [2012.07.16 10:36:08 | 002,018,348 | ---- | C] () -- C:\Users\Uwe\Erfolgreich_Briefe_schreiben.pdf
    [2012.07.16 10:36:08 | 001,552,462 | ---- | C] () -- C:\Users\Uwe\Bewerbungstraining_Irmato.pdf
    [2012.04.01 14:33:46 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012.01.15 14:40:52 | 000,007,607 | ---- | C] () -- C:\Users\Uwe\AppData\Local\resmon.resmoncfg
    [2012.01.15 11:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012.01.15 11:06:48 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2012.01.14 19:09:06 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2012.01.14 19:09:06 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2012.01.14 19:09:06 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2012.01.14 19:09:05 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2012.01.14 19:08:59 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2012.01.14 19:08:43 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
     
    ========== ZeroAccess Check ==========
     
    [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012.10.12 19:29:39 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\.freeciv
    [2012.11.11 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\.minecraft
    [2012.07.16 14:35:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\.purple
    [2012.12.14 10:55:00 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\APP_NAME_NON_STRING
    [2012.05.27 20:57:59 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Autodesk
    [2012.01.23 18:55:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\BluetoothDriverInstaller
    [2012.09.16 21:49:35 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\BSW
    [2012.01.20 00:21:52 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Command & Conquer 3 Kanes Rache
    [2012.12.30 13:30:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DAEMON Tools Lite
    [2012.11.12 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DassaultSystemes
    [2012.12.30 11:30:18 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Dropbox
    [2012.10.12 18:28:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Firefly Studios
    [2012.10.12 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\FreeOrion
    [2012.12.16 13:53:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\gtk-2.0
    [2012.05.13 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Leadertech
    [2012.01.28 13:57:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\LucasArts
    [2012.12.24 12:15:30 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\MediaMonkey
    [2012.01.15 12:13:05 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Miranda
    [2012.03.06 06:15:59 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Motorola
    [2012.11.20 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Mumble
    [2012.10.15 22:27:27 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\NetSpeedMonitor
    [2012.01.27 14:44:31 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\OpenOffice.org
    [2012.07.23 10:10:02 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Opera
    [2012.11.06 19:02:19 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Origin
    [2012.12.14 11:05:00 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PDF Architect
    [2012.12.14 10:54:40 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\pdfforge
    [2012.07.02 08:35:19 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PTC
    [2012.09.17 10:39:21 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\RipIt4Me
    [2012.01.15 11:44:34 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Thunderbird
    [2012.11.13 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Trillian
    [2012.12.30 13:30:41 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TS3Client
    [2012.03.06 16:48:20 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Vodafone
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 921 bytes -> C:\Users\Uwe\Ihre PIN und PUK zur DeutschlandSIM-Karte.eml:OECustomProperty
    
    < End of report >

    Extras
    Code:
    OTL Extras logfile created on: 30.12.2012 14:51:24 - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,68 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 59,76% Memory free
    7,35 Gb Paging File | 5,78 Gb Available in Paging File | 78,60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119,14 Gb Total Space | 29,49 Gb Free Space | 24,76% Space Free | Partition Type: NTFS
     
    Computer Name: RAUL | User Name: Uwe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    "" = 
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06CF2B52-1590-47BC-86A8-E0672DD069DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{211B84C8-595F-44FB-AA3A-B943CBDE81BB}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{233FC4AC-133B-4768-B522-BF27A0D0DBD1}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{2F88ECAB-59CC-4BFD-A4EF-11933A6B4F3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{37D177A4-76BF-4711-8154-FCFFBD8B90F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{45CC9498-A7B6-445B-98FB-206864090AC9}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{60462A8C-D941-4D50-90E0-6A3869AAA65E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{640FF713-394A-4C12-B0FC-EAB310A67931}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{673DEC1B-743D-4603-B524-88BEEE181E07}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{6B6B0C66-3258-4DCB-9C93-4BDA5F7FDA0A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{83CE1132-6AA6-49F0-8F66-1568BD25BCFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{8AC0883A-DD9D-49E0-9F47-AD40417354CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{8C2A6A10-47B7-4828-BB34-0C12777C3376}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{92ECA2BA-C3C3-4E44-BC6B-C2D9A18F6949}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{9AB4E92D-219A-407F-9132-CE91761E0E8B}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{B349E2B7-C244-4446-BC12-65F935650972}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{C2E0F4F9-7EF7-40CA-9889-605FBB38CD18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{C9660E2C-A1A3-442D-B8AF-980D3562C4F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{EC3C2024-69F2-4BE9-B04B-ED248932C68B}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{EE543CDD-75ED-4CA6-BDAF-6B3566E3D8E2}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{F9F4F255-B0BB-4138-A541-05870F6461A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07A715A2-92EF-4267-82F7-6577A32CCAA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{087F0F61-1BA1-40BD-B3AA-2DB25A594F21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
    "{1327EB15-B270-4275-B1F5-6E4B0897DAEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
    "{137FFFE7-942F-4928-804A-D42AFBFA770D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{147513AD-97E9-4DEF-B4FE-35F55151A585}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{1B5EA8B5-232F-4784-8C9B-F45F4BCACD48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{1C1BAECE-8E97-4ABC-B447-1B98CFB3C837}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{1CE86587-968F-4B53-877D-0D8F98CB90E4}" = protocol=6 | dir=in | app=c:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe | 
    "{28F94C0C-0633-48BC-BB8B-42B5EBAEB5B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{319BBD07-EE3D-4A45-A9A5-833EBA4A0B98}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{4505A3FB-CBF4-474F-9D98-91B517898BCD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | 
    "{56C80990-CFA8-4C0C-A0D8-C51B7D0CE3D6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | 
    "{58CBB2DE-40FA-48E1-AEAC-A67FA69DAFAA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{5DBB4BA8-C42C-40C4-9788-495AC01C2700}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
    "{6092E45C-5067-495F-AA18-7F98410B144E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{6A5BE62B-7624-4F29-A7F6-4A09ACA93A6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{6DF0CE02-9ED4-4596-AA46-5DB4436A9365}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{6F06A7B7-08C7-497F-B094-29535EB797FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{730984DB-0203-47E1-90A0-9ED75DEB39E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{7605DCBC-290C-4D43-881E-A44169FAFEE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
    "{7E635171-86C9-48BD-8D4C-4CD48AF6A205}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
    "{7FBDEC3F-0084-48DB-A975-08BC695A48CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
    "{8493EB7F-704B-4A24-8370-0915080027D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{85F18A46-1166-46B6-AE60-FB693E3436A8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{870A1594-0A0E-4701-ACDD-E958B94D77FD}" = protocol=17 | dir=in | app=c:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe | 
    "{9145FEC1-6E6C-4373-B277-3BC004F41396}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
    "{92E6CD14-7AC3-4594-874C-077C4851E393}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
    "{9C371F94-66F9-400D-9B2E-4E67889D7474}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{9DC8B75A-D7F9-4101-AB8C-B2C5FB9BCDCB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{A36C26B1-551C-4F7F-8D06-01E8CEF54267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{A6C3A7BB-D9D1-4C61-B403-730CD0C76CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe | 
    "{ADC88142-09C5-4343-98CE-3C97F6937F0D}" = protocol=6 | dir=out | app=system | 
    "{AF372C71-E1F0-447F-8608-046D783450E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{B918B730-FC58-4F6B-9EEB-C0FFDD6473C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{C573A299-B4C0-4AA6-97E5-5CF16CB4C1D8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{C6E84788-89EB-4992-8857-0E09EEDC5790}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{C8B5B347-4965-48D0-8188-E091AA05D636}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
    "{CDC799E6-3843-4515-9E11-A9EA57BE94DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
    "{D341CA22-2591-4F6D-9EDD-1DC50F674AF9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{DB236089-AC91-478C-8848-CC6281BB002B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{DBCFE21C-EFF0-4E4D-805F-ADAA8C576020}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{E0F7722D-C52B-4062-B3C2-A7B5B4E4C86F}" = protocol=17 | dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe | 
    "{E16FE53E-59A5-4DF9-9A55-08CAB87B0176}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{E5E3C93A-0AF6-48A9-B13F-AC1AFC6798BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "TCP Query User{01A3AA7E-35E5-4A36-A5E7-9029C2B7ED20}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
    "TCP Query User{254454E5-09D8-4697-A21C-22D81B786536}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
    "TCP Query User{2D06413C-4C84-4ABD-A501-62F29731158F}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
    "TCP Query User{577FB109-70E2-41CD-8551-C915F9E44DFC}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "TCP Query User{6AE502FA-7755-481C-BB6F-6F1E84BAEF5C}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
    "TCP Query User{6E3E4D09-328F-4664-BD99-18C5AE6F3519}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
    "TCP Query User{6E6244EE-5C68-475A-B693-DC208F443F3E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "TCP Query User{7831F516-FDC5-4954-9D36-3C667DF56F0B}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
    "TCP Query User{7BC48C1E-B2A9-49F9-A2AD-55DABB003A90}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe | 
    "TCP Query User{81317C93-5057-443A-A806-ECBA82F26A04}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "TCP Query User{AC523576-FC71-44D6-8FFD-F70326E04D72}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
    "TCP Query User{AE652FA4-6011-445E-A6FE-1C3B89729EF5}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
    "TCP Query User{BFF60903-730B-4F10-B247-6953A1C50BD2}C:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe | 
    "TCP Query User{F87A8506-6D3C-48F5-AB66-D93E2E073AE2}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
    "TCP Query User{FF0AB657-894C-43A6-B8DF-32C5CEC83E9A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "UDP Query User{0A1C74F2-ED6E-40AC-9EB5-227D89D1F608}C:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\uwe\appdata\roaming\dropbox\bin\dropbox.exe | 
    "UDP Query User{0A22BD6C-F16D-405E-846E-192C45B9715A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "UDP Query User{0B69FBD3-5A3C-4944-AFD5-5CB18F7B008A}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe | 
    "UDP Query User{18A9A074-CC52-464F-AAB6-98260A2BBEF2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
    "UDP Query User{2E4930E0-5717-4EEA-B622-8055DCF587AE}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
    "UDP Query User{434DCC27-74A6-49DE-95B4-BBEED8769020}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
    "UDP Query User{4ADC9CB0-33B4-4883-8E1D-B3D26BC00E44}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
    "UDP Query User{6EC84EB3-7946-4246-B671-D63B185CB72E}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
    "UDP Query User{87470DB9-4866-40D7-8C0B-036A19AE72FA}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "UDP Query User{89AA896D-A4DF-4DF2-B9D2-08662C182C34}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
    "UDP Query User{9E18A6D5-2493-4FFB-A5C4-9005D4356ABF}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
    "UDP Query User{AF0D5ED4-372B-4DED-9DB6-B63A9F2F2017}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
    "UDP Query User{D8E5D1DC-A957-4018-9D31-F5AB2609B15E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "UDP Query User{DBE777CC-2CFA-41F1-A74A-573216DF2AD5}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
    "UDP Query User{F57917C0-90A9-4E70-A3FA-849A83E4B4E4}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    "{1DA72689-5F3E-9B80-1E06-FBC2567EBF44}" = ATI Catalyst Install Manager
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) German Language Pack
    "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul Language Pack
    "{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul
    "{51BC086E-2946-442C-B01D-37587285E833}" = ProductView Express 9.1
    "{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012
    "{5960C9E4-D4B8-CB6A-54A7-796D82D93CB9}" = ccc-utility64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
    "{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
    "{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 Language Pack - Deutsch
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
    "{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
    "{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
    "{D25FF5C1-1664-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2012
    "{D44320DB-2B49-4EF7-BE7E-9EEFAF9CCF7B}" = Pro/ENGINEER Thumbnail Viewer 1.0
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
    "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
    "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
    "Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul" = Autodesk Inventor Fusion for Inventor 2012 Add-in
    "Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 Deutsch
    "CCleaner" = CCleaner
    "DWG TrueView 2012" = DWG TrueView 2012
    "GIMP-2_is1" = GIMP 2.8.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
    "Pro/ENGINEER Release Wildfire 5.0 Datecode M060" = Pro/ENGINEER Release Wildfire 5.0 Datecode M060
    "sp6" = Logitech SetPoint 6.32
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0237D5C3-B31E-088C-B19B-38083FDBE5AF}" = CCC Help Italian
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{137FDFDF-C5BF-C499-4A00-933D04AEA177}" = CCC Help Danish
    "{15251617-87E5-E307-E191-D23D994CE0FD}" = CCC Help Hungarian
    "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
    "{1A30E575-B4C9-EFBF-FB36-2BF5FB9EB173}" = CCC Help Norwegian
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
    "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
    "{30B2AB70-E678-3913-4727-F3167B878D6D}" = Catalyst Control Center Localization All
    "{316B0D68-0170-F6C5-D7C6-6021EEC52EB4}" = CCC Help French
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{4583C747-FB0B-40DA-750D-663717824278}" = ccc-core-static
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
    "{555A72BD-E280-4399-B91D-61DD68F2F222}" = CCC Help Japanese
    "{567E2E99-BF74-797C-7A3F-36A02007CFF7}" = CCC Help Finnish
    "{56C3467E-A509-D84E-1A46-0BC2D5C80FEF}" = CCC Help Chinese Traditional
    "{578995E9-9AA9-C86C-8859-A3D209F6BA11}" = CCC Help Turkish
    "{57CA189D-BAEB-49BC-AE75-CE70E9B775E1}" = Catalyst Control Center - Branding
    "{59B3215B-0604-E6E7-9916-CF8137A29628}" = CCC Help Polish
    "{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
    "{5FAFBE0F-F86B-0CD8-A573-B90591AA4A97}" = CCC Help Czech
    "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "{62939D22-F2E8-44BD-A655-0D1F41D5EBA2}" = Autodesk 123D Catch
    "{62E70245-1784-13CF-9131-781AC247F58F}" = CCC Help Spanish
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{6913ED40-2BCF-C84D-AE73-AD73A116DCF9}" = CCC Help Dutch
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{723BF0BF-1C39-AAEA-B5B3-7922A67DDFD4}" = Catalyst Control Center InstallProxy
    "{75AB5D01-6381-633C-910B-1E2F53801E94}" = Catalyst Control Center Graphics Previews Vista
    "{786F31EB-84E1-4C0C-B13E-1412C5E1C534}" = CCC Help German
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{862259F3-C998-2E23-49BB-EFD7F26ADCE7}" = CCC Help Russian
    "{88FF8A21-F198-43DF-A5D9-5F9E0EB620A8}" = Autodesk 123D Make 1.0
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9313C9B0-C33A-576D-93DC-1652DBAD69AF}" = CCC Help Korean
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
    "{9BAD13FC-855F-06DA-FD9C-86B7F751932C}" = PX Profile Update
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
    "{AC2F724E-83C9-F665-DCC3-66D742BC792C}" = CCC Help Portuguese
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
    "{B6F1F5CF-A550-7ED5-B578-33CA464B5713}" = CCC Help Chinese Standard
    "{B6F99B9C-D7A6-37F1-8019-0FFC98B1FF72}" = CCC Help English
    "{D1D21276-7B56-59A0-D35B-D089C24F5229}" = CCC Help Thai
    "{D9ED6557-6D68-3AA7-0354-6A75194608B6}" = CCC Help Greek
    "{DD87ADFB-CF5F-011F-6CE9-63EA5C9DAA94}" = CCC Help Swedish
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Autodesk Design Review 2012" = Autodesk Design Review 2012
    "Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
    "BrettspielWelt" = BrettspielWelt
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Hugin" = Hugin 2011.4.0
    "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "LManager" = Launch Manager
    "Miranda IM" = Miranda IM 0.10.9
    "MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
    "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
    "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Opera 12.12.1707" = Opera 12.12
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "Steam App 400" = Portal
    "Steam App 630" = Alien Swarm
    "VLC media player" = VLC media player 2.0.4
    "winscp3_is1" = WinSCP 4.3.9
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 22.10.2012 13:52:57 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: ALMon.exe, Version: 3.45.111.317,
     Zeitstempel: 0x4ff70377  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
     Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bc21  ID des fehlerhaften
     Prozesses: 0xcd8  Startzeit der fehlerhaften Anwendung: 0x01cdb077c761484a  Pfad der
     fehlerhaften Anwendung: C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe  Pfad 
    des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 4fa1f277-1c71-11e2-a7e1-206a8a142f19
     
    Error - 25.10.2012 19:06:45 | Computer Name = Raul | Source = Application Hang | ID = 1002
    Description = Programm miranda32.exe, Version 0.10.4.0 kann nicht mehr unter Windows
     ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
     um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 136c    Startzeit:
     01cdb2f6b6b85a87    Endzeit: 20    Anwendungspfad: C:\Program Files (x86)\Miranda IM\miranda32.exe
    
    Berichts-ID:
     a1d05c6a-1ef8-11e2-bebd-206a8a142f19  
     
    Error - 29.10.2012 10:22:59 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.1.0, Zeitstempel:
     0x4f63d546  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17932,
     Zeitstempel: 0x50327672  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00036f45  ID des fehlerhaften
     Prozesses: 0x13a8  Startzeit der fehlerhaften Anwendung: 0x01cdb5e0de6b4cb5  Pfad der
     fehlerhaften Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften
     Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 238f872f-21d4-11e2-8b90-206a8a142f19
     
    Error - 07.11.2012 12:40:24 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: ALMon.exe, Version: 3.46.113.326,
     Zeitstempel: 0x5058a6c4  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
     Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bc21  ID des fehlerhaften
     Prozesses: 0xbdc  Startzeit der fehlerhaften Anwendung: 0x01cdbcfc52dab14f  Pfad der
     fehlerhaften Anwendung: C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe  Pfad 
    des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: d34fc2f1-28f9-11e2-8fbd-5cac4c61185c
     
    Error - 08.11.2012 04:35:11 | Computer Name = Raul | Source = RasClient | ID = 20227
    Description = 
     
    Error - 08.11.2012 04:35:11 | Computer Name = Raul | Source = RasClient | ID = 20227
    Description = 
     
    Error - 11.11.2012 15:19:53 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.4.0, Zeitstempel:
     0x507c71cd  Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.4.0, Zeitstempel:
     0x507c71cd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001665  ID des fehlerhaften Prozesses:
     0x1678  Startzeit der fehlerhaften Anwendung: 0x01cdc03f673cbada  Pfad der fehlerhaften
     Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
     C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: c4aa7ae4-2c34-11e2-9395-206a8a142f19
     
    Error - 11.11.2012 15:40:39 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.4.0, Zeitstempel:
     0x507c71cd  Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.4.0, Zeitstempel:
     0x507c71cd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001665  ID des fehlerhaften Prozesses:
     0x2fc  Startzeit der fehlerhaften Anwendung: 0x01cdc0418dc0fd52  Pfad der fehlerhaften
     Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
     C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: ab439c17-2c37-11e2-9395-206a8a142f19
     
    Error - 14.11.2012 11:01:42 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1069,
     Zeitstempel: 0x4c892701  Name des fehlerhaften Moduls: atiadlxx.dll, Version: 6.14.10.1054,
     Zeitstempel: 0x4c891f0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001f468
    ID
     des fehlerhaften Prozesses: 0xae4  Startzeit der fehlerhaften Anwendung: 0x01cdc23ac7082792
    Pfad
     der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe  Pfad des fehlerhaften
     Moduls: C:\Windows\system32\atiadlxx.dll  Berichtskennung: 32c067fc-2e6c-11e2-95b5-d7b9a3adc751
     
    Error - 20.11.2012 11:08:24 | Computer Name = Raul | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1069,
     Zeitstempel: 0x4c892701  Name des fehlerhaften Moduls: atiadlxx.dll, Version: 6.14.10.1054,
     Zeitstempel: 0x4c891f0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001f468
    ID
     des fehlerhaften Prozesses: 0x45c  Startzeit der fehlerhaften Anwendung: 0x01cdc71c1d3e05df
    Pfad
     der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe  Pfad des fehlerhaften
     Moduls: C:\Windows\system32\atiadlxx.dll  Berichtskennung: 20d46f25-3324-11e2-82f5-206a8a142f19
     
    Error - 20.11.2012 14:31:38 | Computer Name = Raul | Source = RasClient | ID = 20227
    Description = 
     
    [ Cisco AnyConnect Secure Mobility Client Events ]
    Error - 15.01.2012 07:03:00 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 1847 ConnectMgr::processIfcData
     failed
     
    Error - 15.01.2012 07:03:00 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::initiateConnect File: .\ConnectMgr.cpp Line: 913
    Connection
     failed.
     
    Error - 15.01.2012 07:03:00 | Computer Name = Raul | Source = acvpnui | ID = 67108866
    Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 531 Invoked Function:
     ConnectMgr::initiateConnect Return Code: -29556727 (0xFE3D0009) Description: CONNECTMGR_ERROR_UNEXPECTED
    
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108866
    Description = Function: ConnectIfc::connect File: .\ConnectIfc.cpp Line: 312 Invoked
     Function: ConnectIfc::handleRedirects Return Code: -30015460 (0xFE36001C) Description:
     CONNECTIFC_ERROR_CAPTIVE_PORTAL_REDIRECT:An unknown redirect was received, possibly
     from a captive portal. 
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108866
    Description = Function: ConnectMgr::doConnectIfcConnect File: .\ConnectMgr.cpp Line:
     1792 Invoked Function: ConnectIfc::connect Return Code: -30015460 (0xFE36001C) Description:
     CONNECTIFC_ERROR_CAPTIVE_PORTAL_REDIRECT:An unknown redirect was received, possibly
     from a captive portal. 
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 2234
    Content
     type (unknown) received. Response type (failed) from www.rz.rwth-aachen.de: 
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 1847 ConnectMgr::processIfcData
     failed
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108865
    Description = Function: ConnectMgr::initiateConnect File: .\ConnectMgr.cpp Line: 913
    Connection
     failed.
     
    Error - 15.01.2012 07:03:09 | Computer Name = Raul | Source = acvpnui | ID = 67108866
    Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 531 Invoked Function:
     ConnectMgr::initiateConnect Return Code: -29556727 (0xFE3D0009) Description: CONNECTMGR_ERROR_UNEXPECTED
    
     
    Error - 15.01.2012 07:32:56 | Computer Name = Raul | Source = acvpnagent | ID = 67110873
    Description = Termination reason code 7: The agent has been stopped.
     
    [ System Events ]
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 15.12.2012 14:06:25 | Computer Name = Raul | Source = Ntfs | ID = 262199
    Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
    Führen
     Sie auf dem Volume "D:" den Befehl "chkdsk" aus.
     
    Error - 24.12.2012 05:07:25 | Computer Name = Raul | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
     
    Error - 30.12.2012 06:10:39 | Computer Name = Raul | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\CF7B.tmp
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 30.12.2012 06:10:39 | Computer Name = Raul | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%1275
     
    Error - 30.12.2012 06:13:04 | Computer Name = Raul | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\CF7B.tmp
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 30.12.2012 06:13:04 | Computer Name = Raul | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%1275
     
    Error - 30.12.2012 06:14:22 | Computer Name = Raul | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\34E2.tmp
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 30.12.2012 06:14:22 | Computer Name = Raul | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%1275
     
    Error - 30.12.2012 06:30:17 | Computer Name = Raul | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
       cdrom
     
     
    < End of report >

  9. #9
    Moderator Team-Mitglied Avatar von Eric Lee
    Registriert seit
    29.07.2012
    Beiträge
    2.397

    AW: Win32/Small.CA-Virus

    Hallo Freischneider,

    - Punkt 1 -
    Zuerst deinstallieren wir unnötige, veraltete, bei der Bereinigung hinderliche oder schädliche Programme. Entferne über Systemsteuerung > Programme die folgenden Einträge:
    • DAEMON Tools Lite
    • Adobe Reader X (10.1.4) - Deutsch

    Hinweis: Wenn du Adobe Reader benötigst deinstalliere das Programm trotzdem, lade dir aber die aktuellste Version von Adobe herunter.

    - Punkt 2 -
    Veraltete Java Installation:
    Java 7 Update 7 (64-bit)
    Java(TM) 6 Update 22
    Java(TM) 6 Update 37

    Leere zunächst bitte den kompletten Java Cache. Dazu über Start > Systemsteuerung > Java > Allgemein > Temporäre Internet-Dateien "Einstellungen" > Dateien löschen > Hake bei "Anwendungen und Applets" und "Verfolgungs- und Protokolldateien" an und bestätige mit Ok.

    Auf dem Computer befinden sich völlig veraltete Java Versionen. Dies ist einer der Hauptangriffpunkte für Schädlinge, welche über Sicherheitslücken in Java auf das System gelangen können. Die von DE Cleaner gemachten Funde sind z.B. solche sogenannten Exploits. Falls Java nicht benötigt wird rate ich dazu es komplett vom System zu entfernen. Wenn es doch benötigt wird und auf die Browser-Plugins verzichtet werden kann sollten zumindest diese deaktiviert werden, da auch in aktuellen Java Versionen immer wieder Sicherheitslücken gefunden werden. Wenn auf Java nicht verzichtet werden kann sollte unbedingt darauf geachtet werden das immer die aktuellste Version installiert ist.

    Deinstalliere bitte alle alten Java Versionen (überprüfe auch ob die Browser Plugins entfernt wurden) und lade dir hier die neusten Versionen herunter solltest du diese benötigen (falls eine Toolbar oä bei Installation angeboten wird bitte abwählen).

    - Punkt 3 -
    Typ: Virus/Spyware
    Name: Shh/Updater-B
    Details: C:\Programm Files (x86)\Sophos\AutoUpdate\ALsvc.exe

    Weil es im Sophos-Verzeichnis ist, habe ich ihn nicht gelöscht.
    Soll ich ihn löschen oder funktioniert dann Sophos nicht mehr korrekt?
    Das ist der Sophos Auto Updater, ohne diesen funktioniert dein Sophos nicht mehr richtig. Das war ein Fehler der einige Zeit Sophos unterlaufen ist, stelle die Datei am besten wieder her. Vergleiche auch:
    http://www.heise.de/security/meldung...e-1713175.html
    http://www.sophos.com/en-us/support/...se/118311.aspx

    - Punkt 4 -
    OTL Fix
    • Deaktiviere vorübergehend den OnAccess Scanner deines Antivirenprogramms und schließe alle weiteren Programme.
    • Starte OTL erneut (Vista/7 Nutzer über Rechtsklick > Als Administrator ausführen).
    • Kopiere folgendes Skript aus der Codebox in das Textfeld "Benutzerdefinierte Scans/Fixes":
      Code:
      :OTL
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
      O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.10.2)
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O32 - AutoRun File - [2012.05.27 20:54:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
      O33 - MountPoints2\{186a7043-606d-11e1-b9dc-00046180e89a}\Shell - "" = AutoRun
      O33 - MountPoints2\{186a7043-606d-11e1-b9dc-00046180e89a}\Shell\AutoRun\command - "" = D:\setup.exe -a
      O33 - MountPoints2\{a41fed06-aaf3-11e1-a401-206a8a142f19}\Shell - "" = AutoRun
      O33 - MountPoints2\{a41fed06-aaf3-11e1-a401-206a8a142f19}\Shell\AutoRun\command - "" = E:\Launcher.exe
      O33 - MountPoints2\{a41fed14-aaf3-11e1-a401-206a8a142f19}\Shell - "" = AutoRun
      O33 - MountPoints2\{a41fed14-aaf3-11e1-a401-206a8a142f19}\Shell\AutoRun\command - "" = D:\Launcher.exe
      O33 - MountPoints2\{e0e14c12-1828-11e2-953d-206a8a142f19}\Shell - "" = AutoRun
      O33 - MountPoints2\{e0e14c12-1828-11e2-953d-206a8a142f19}\Shell\AutoRun\command - "" = D:\ANNOfinder.exe
      :COMMANDS
      [emptytemp]
      [reboot]
      Achtung Mitleser: Dieses Skript ist nur für diesen Nutzer in dieser Situation gedacht. Nicht auf anderen Systemen durchführen, da dies schwere Systemfehler nach sich ziehen kann.
    • Klicke nun auf den Fix-Button. Der Computer muss einen Neustart durchlaufen.
    • Kopiere das Logfile nach dem Neustart hier ins Forum. Bitte benutze die #Code-Tags.


    - Punkt 5 -
    Hast du folgende Nameserver selbst eingetragen?
    Code:
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{125AFDE0-DBD4-45EB-8A2A-41EEBF183073}: DhcpNameServer = 139.7.30.126 139.7.30.125
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F1AC3C5-C15B-43BD-AF45-4EDC163CD647}: DhcpNameServer = 137.226.144.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6565B866-CD32-4B98-87B3-F721362CF473}: DhcpNameServer = 139.7.30.125 139.7.30.126
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DEC31E7-26C5-4329-B688-AFE5F2154B69}: DhcpNameServer = 137.226.144.1
    - Punkt 6 -
    SystemLook zur Suche nach spezifischen Einträgen der Schadsoftware:
    1)
    • Lade dir SystemLook von jpshortstuff herunter und speichere die Datei auf deinem Desktop.
    • Starte SystemLook (Vista/7 Nutzer über Rechtsklick > Als Administrator ausführen).
    • Kopiere den Text aus der Codebox in das Textfeld von SystemLook und klicke auf "Look".
      Code:
      :filefind
      svchost.exe
      :reg
      [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    • Warte bis SystemLook dir die Ergebnisse anzeigt und kopiere sie hier ins Forum. Bitte benutze die #Code-Tags.


    - Punkt 7 -
    ESET Online Scanner zum Überprüfen von Wechselmedien. Schließe alle Wechselmedien wie USB Sticks, Festplatten und ähnliches an den Computer an. Dann überprüfe diese (und deinen PC) mit dem ESET Online Scanner. Dies ist nötig da der Small Virus den Autorun von Wechselmedien infiziert.
    2)
    • Starte den Internet Explorer als Administrator und rufe dort http://www.eset.com/home/products/online-scanner/ auf.
    • Wähle "Run ESET Online Scanner", akzeptiere die Lizenz und drücke Start.
    • Lasse das ActiveX Steuerelement zu, wähle "Advanced Settings" und hake dort alle Einträge bis auf "Use custom proxy settings" an.
    • Starte den Scan, lasse die Anwendung zu und warte dann bis der Scan durchgelaufen ist.
    • Falls Funde gemacht wurden klicke auf "List found Threats" und wähle Copy to Clipboard oder Export to text file und poste das Ergebnis.


    Schönen Gruß,
    Eric Lee
    | Neu hier? Bitte abarbeiten. | Forenregeln | Feedback | Stellenausschreibung im Forum | OS X or BSD Malware? PM me. |
    | Danke 1uV829dYGPwKk8Q1khoH4o9MuEqWSgyXE (BTC) | Browser TLSv1.2? | Wie sicher ist dein Browser? | How unique are you? |

  10. #10
    Einsteiger
    Registriert seit
    30.12.2012
    Beiträge
    11

    AW: Win32/Small.CA-Virus

    Punkt O:
    Danke, ich habe so viel Engagement nicht erwartet!

    Punkt 1:
    Adobe Reader X deinstalliert
    Adobe Reader XI installiert.
    Deamon Tools hatte ich beim Lesen anderer Threads auch schon deinstalliert.

    Punkt 2:
    Temporäre Java-Dateien löschen:
    Die genannten Punkte existieren nicht mehr, ich habe also die wahrscheinlich gemeinten Dateien gelöscht.
    Haken bei:
    -Trace und Logdateien
    -Gecachte Anwendungen und Applets
    KEIN Haken bei:
    Installierte Anwendungen und Applets

    --> OK --> Veraltete JAVA-Installationen gelöscht? Check!


    Punkt 3:
    Beim Wiederherstellen "Verschieben" gedrückt. Das war anscheinend falsch, ich hätte "Aufheben" nehmen müssen. Deshalb den Autoupdater von Sophos deinstalliert, Sophos Antivirus auch. dann die Version savw_102_sa_sfx.exe neu installiert. (Bei deaktivierten Netzwerkadaptern) Dann diese Version mit dem neuesten Update versehen.

    Punkt 4:
    Wie verlangt:
    Code:
    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    File  not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186a7043-606d-11e1-b9dc-00046180e89a}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{186a7043-606d-11e1-b9dc-00046180e89a}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186a7043-606d-11e1-b9dc-00046180e89a}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{186a7043-606d-11e1-b9dc-00046180e89a}\ not found.
    File D:\setup.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a41fed06-aaf3-11e1-a401-206a8a142f19}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a41fed06-aaf3-11e1-a401-206a8a142f19}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a41fed06-aaf3-11e1-a401-206a8a142f19}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a41fed06-aaf3-11e1-a401-206a8a142f19}\ not found.
    File E:\Launcher.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a41fed14-aaf3-11e1-a401-206a8a142f19}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a41fed14-aaf3-11e1-a401-206a8a142f19}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a41fed14-aaf3-11e1-a401-206a8a142f19}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a41fed14-aaf3-11e1-a401-206a8a142f19}\ not found.
    File D:\Launcher.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0e14c12-1828-11e2-953d-206a8a142f19}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0e14c12-1828-11e2-953d-206a8a142f19}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0e14c12-1828-11e2-953d-206a8a142f19}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0e14c12-1828-11e2-953d-206a8a142f19}\ not found.
    File D:\ANNOfinder.exe not found.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Public
     
    User: Uwe
    ->Temp folder emptied: 15769420 bytes
    ->Temporary Internet Files folder emptied: 1033512 bytes
    ->Java cache emptied: 1 bytes
    ->FireFox cache emptied: 122134428 bytes
    ->Opera cache emptied: 4411966 bytes
    ->Flash cache emptied: 1069 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 3238240 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5330397 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 145,00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 12302012_182515
    
    Files\Folders moved on Reboot...
    C:\Users\Uwe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
    
    PendingFileRenameOperations files...
    
    Registry entries deleted on Reboot...
    Punkt 5:
    Diese Nameserver habe ich nicht selber eingetragen. Jemand, der vertrauenswürdig ist, und im Haus mit dem Netzwerk zu tun hat, sagt, die können weg. Die eine IP geht ja nach vodaphon*, da hatte ich letzten Winter einen UMTS-Stick. Die andere IP geht wohl ins Haus selbst, ist also auch unbedenklich, kann aber weg.

    Punkt 6:
    Code:
    SystemLook 30.07.11 by jpshortstuff
    Log created at 18:37 on 30/12/2012 by Uwe
    Administrator - Elevation successful
    
    ========== filefind ==========
    
    Searching for "svchost.exe"
    C:\Windows\System32\svchost.exe	--a---- 27136 bytes	[23:31 13/07/2009]	[01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
    C:\Windows\SysWOW64\svchost.exe	--a---- 20992 bytes	[23:19 13/07/2009]	[01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
    C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe	--a---- 27136 bytes	[23:31 13/07/2009]	[01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
    C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe	--a---- 20992 bytes	[23:19 13/07/2009]	[01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
    
    ========== reg ==========
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "ReportBootOk"="1"
    "Shell"="explorer.exe"
    "PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
    "Userinit"="C:\Windows\system32\userinit.exe,"
    "VMApplet"="SystemPropertiesPerformance.exe /pagefile"
    "AutoRestartShell"= 0x0000000001 (1)
    "Background"="0 0 0"
    "CachedLogonsCount"="10"
    "DebugServerCommand"="no"
    "ForceUnlockLogon"= 0x0000000000 (0)
    "LegalNoticeCaption"=""
    "LegalNoticeText"=""
    "PasswordExpiryWarning"= 0x0000000005 (5)
    "PowerdownAfterShutdown"="0"
    "ShutdownWithoutLogon"="0"
    "WinStationsDisabled"="0"
    "DisableCAD"= 0x0000000001 (1)
    "scremoveoption"="0"
    "ShutdownFlags"= 0x0000000027 (39)
    "AutoAdminLogon"="0"
    "DefaultUserName"="Uwe"
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]
    
    
    -= EOF =-

    Punkt 7:
    Ich habe Festplatten, die habe ich monatelang nicht mehr angeschlossen. Ich weiß also nicht, ob Sie infiziert sind, oder nicht. Ich habe Angst, dass wenn ich sie jetzt anschließe, dass Sie dann erst infiziert werden.
    Ich schließe erst einmal die an, die zuletzt am System hatte und meine beiden USB-Sticks.
    Sollte ich die anderen Platten auch noch anschließen? (Darauf sind alle Backups hauptsächlich Fotos, die erhaltenswert sind, aber schon mindestens 2 Monate nicht mehr aktualisiert wurden.)

    Die Ergebnisse kommen später heute abend, das dauert ja bestimmt länger.

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Win32 small.ca
    Von technikz im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 27.10.2012, 20:11
  2. Win32/Small.CA
    Von vogelbeen im Forum Archiv
    Antworten: 5
    Letzter Beitrag: 26.04.2012, 06:20
  3. Win32/Small.CA o,o
    Von Sephirothnova im Forum Archiv
    Antworten: 5
    Letzter Beitrag: 17.02.2012, 09:34
  4. Trojaner Win32:Small-TF +Win32:Zlob-BN
    Von thorphansen im Forum Archiv
    Antworten: 18
    Letzter Beitrag: 19.07.2006, 22:20
  5. win32.small.awc
    Von booka im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 26.05.2005, 23:02

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •