Seite 1 von 3 123 LetzteLetzte
Ergebnis 1 bis 10 von 28

Thema: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

  1. #1
    Einsteiger
    Registriert seit
    09.11.2013
    Beiträge
    13

    Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Guten Abend,

    seit 2 Tagen regiert mein System (Core2Duo 2x3,00Ghz, 4 Gb Ram, Radon 6850) bei allen Tastatureingaben verzögert, mal ein wenig schneller mal ein wenig langsamer. Software wurde zuvor keine neue installiert, Hardware wurde nicht geändert.
    Gearbeitet wurde mit MS Office, Gimp, Firefox, Musik mit Spotify

    MS Security Essential gescannt => kein Fund,
    Spybot S&D wurde installiert und gescannt => kein Fund,
    Malwarebytes installiert und gescannt => kein Fund

    --------

    Programme aus der "deinstallieren" Liste besitze ich keine, Toolbars ebenso nicht => habe ich überprüft.

    --------

    Windows Firewall ist aktiv

    --------

    Hier die OTL Logs

    Code:
    OTL logfile created on: 09.11.2013 18:29:05 - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Holzi\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,86% Memory free
    8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 241,15 Gb Total Space | 127,44 Gb Free Space | 52,85% Space Free | Partition Type: NTFS
    Drive D: | 224,51 Gb Total Space | 199,06 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
     
    Computer Name: HOLZI-P35-PS3L | User Name: Holzi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - File not found -- 
    PRC - [2013.11.09 16:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holzi\Downloads\OTL.exe
    PRC - [2013.10.31 13:53:34 | 002,349,392 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    PRC - [2013.10.30 16:01:15 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013.10.15 13:28:25 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Holzi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013.07.25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2013.02.22 12:32:59 | 007,862,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    PRC - [2013.02.22 12:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2013.02.22 12:24:58 | 000,106,848 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    PRC - [2012.07.06 06:07:54 | 001,573,496 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
    PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013.10.30 16:01:02 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2012.07.06 06:07:54 | 001,573,496 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
    MOD - [2012.04.23 11:14:48 | 002,013,184 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\sf.dll
    MOD - [2012.03.21 06:23:00 | 000,615,424 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\SAStyle.cjstyles
    MOD - [2012.03.21 06:22:58 | 000,683,520 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\SASkin.dll
    MOD - [2012.02.20 21:22:52 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll
    MOD - [2012.02.15 14:17:02 | 000,310,272 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\sslog.dll
    MOD - [2012.01.23 17:11:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012.06.28 08:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
    SRV - [2013.10.31 13:53:34 | 002,756,944 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2013.10.30 16:01:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013.10.11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2013.10.09 20:36:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013.08.12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013.08.12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013.03.29 20:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013.02.22 12:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.02.20 23:26:32 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2013.06.18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012.06.28 08:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
    DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012.02.15 14:16:48 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
    DRV:64bit: - [2011.11.22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
    DRV:64bit: - [2011.09.28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
    DRV:64bit: - [2011.04.11 16:33:56 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/deu/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 3C 97 8E 92 1C CD 01  [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2012.04.17 18:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holzi\AppData\Roaming\mozilla\Extensions
    [2013.10.10 20:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holzi\AppData\Roaming\mozilla\Firefox\Profiles\vmqgzd3a.default\extensions
    [2013.07.25 23:14:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Holzi\AppData\Roaming\mozilla\Firefox\Profiles\vmqgzd3a.default\extensions\ich@maltegoetz.de
    [2013.10.10 20:45:15 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Holzi\AppData\Roaming\mozilla\firefox\profiles\vmqgzd3a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013.11.09 13:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2013.10.30 16:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
    [2013.10.30 16:01:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Holzi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Holzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C51145-C5BA-4E6F-8170-6F12FF883303}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{26cdf390-490c-11e1-8039-001d7dd26752}\Shell - "" = AutoRun
    O33 - MountPoints2\{26cdf390-490c-11e1-8039-001d7dd26752}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013.11.09 16:15:03 | 000,000,000 | ---D | C] -- C:\Users\Holzi\AppData\Roaming\Malwarebytes
    [2013.11.09 16:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013.11.09 16:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013.11.09 16:14:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013.11.09 16:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013.11.09 14:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013.11.09 14:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013.11.09 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\Holzi\Documents\ProcAlyzer Dumps
    [2013.11.09 14:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013.11.09 14:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013.11.09 14:20:20 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013.11.09 14:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013.11.09 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Holzi\AppData\Local\Programs
    [2013.11.09 13:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013.11.09 13:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013.11.09 13:55:15 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013.11.09 13:55:09 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013.11.09 13:55:09 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013.11.09 13:55:09 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013.11.09 13:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    [2013.11.09 13:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013.11.09 13:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013.11.04 21:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2013.11.04 21:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2013.10.30 16:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013.10.10 21:29:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013.10.10 21:29:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013.10.10 21:29:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013.10.10 21:29:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013.10.10 21:29:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013.10.10 21:29:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013.10.10 21:29:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013.10.10 21:29:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013.10.10 21:29:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013.10.10 21:29:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013.10.10 21:29:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013.10.10 21:29:41 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013.10.10 21:29:40 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013.10.10 21:29:40 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013.10.10 21:29:40 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [1 C:\Users\Holzi\Documents\*.tmp files -> C:\Users\Holzi\Documents\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013.11.09 18:14:40 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.11.09 18:14:40 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.11.09 18:14:06 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013.11.09 18:14:06 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2013.11.09 18:14:06 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013.11.09 18:14:06 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2013.11.09 18:14:06 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013.11.09 18:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.11.09 18:07:04 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2013.11.09 16:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013.11.09 16:14:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.11.09 15:00:10 | 000,051,650 | ---- | M] () -- C:\Users\Holzi\Documents\cc_registery_08112013.reg
    [2013.11.09 14:50:13 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013.11.09 14:20:24 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013.11.09 13:55:01 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013.11.09 13:54:57 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013.11.09 13:54:57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013.11.09 13:54:57 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013.11.04 21:03:34 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
    [2013.11.03 21:52:33 | 000,212,415 | ---- | M] () -- C:\Users\Holzi\Desktop\bewerbungsfoto.jpg
    [2013.11.03 19:56:10 | 000,173,955 | ---- | M] () -- C:\Users\Holzi\Desktop\993442_469668023148073_1650089849_n.jpg
    [2013.11.02 17:50:52 | 000,089,886 | ---- | M] () -- C:\Users\Holzi\Desktop\stundenplan.jpg
    [2013.10.31 19:52:51 | 000,105,662 | ---- | M] () -- C:\Users\Holzi\Desktop\Bewerbungsschreiben.pdf
    [2013.10.31 19:51:58 | 000,037,670 | ---- | M] () -- C:\Users\Holzi\Desktop\unterschrift.jpg
    [2013.10.31 16:51:00 | 004,566,792 | ---- | M] () -- C:\Users\Holzi\Desktop\jahreszeugnis.jpg
    [2013.10.31 16:26:29 | 000,210,105 | ---- | M] () -- C:\Users\Holzi\Desktop\A13013 Dörner.pdf
    [2013.10.22 15:15:37 | 000,053,858 | ---- | M] () -- C:\Users\Holzi\Desktop\1378784_598441926887001_2033503337_n.jpg
    [2013.10.21 19:22:49 | 000,305,347 | ---- | M] () -- C:\Users\Holzi\Desktop\IMG_4156.JPG
    [2013.10.17 13:12:35 | 000,074,196 | ---- | M] () -- C:\Users\Holzi\Desktop\931305_580841275288823_458267984_n.jpg
    [2013.10.16 06:02:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013.10.14 18:19:45 | 000,892,028 | ---- | M] () -- C:\Users\Holzi\Desktop\Scan_20131014_191743.jpg
    [2013.10.11 04:54:28 | 000,378,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [1 C:\Users\Holzi\Documents\*.tmp files -> C:\Users\Holzi\Documents\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013.11.09 16:14:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.11.09 15:00:06 | 000,051,650 | ---- | C] () -- C:\Users\Holzi\Documents\cc_registery_08112013.reg
    [2013.11.09 14:50:13 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013.11.09 14:20:24 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013.11.09 14:20:24 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013.11.07 18:46:37 | 001,333,473 | ---- | C] () -- C:\Users\Holzi\Desktop\DSC00039.JPG
    [2013.11.03 19:55:52 | 000,173,955 | ---- | C] () -- C:\Users\Holzi\Desktop\993442_469668023148073_1650089849_n.jpg
    [2013.11.02 17:50:52 | 000,089,886 | ---- | C] () -- C:\Users\Holzi\Desktop\stundenplan.jpg
    [2013.10.31 19:52:51 | 000,105,662 | ---- | C] () -- C:\Users\Holzi\Desktop\Bewerbungsschreiben.pdf
    [2013.10.31 19:49:44 | 000,037,670 | ---- | C] () -- C:\Users\Holzi\Desktop\unterschrift.jpg
    [2013.10.31 16:50:59 | 004,566,792 | ---- | C] () -- C:\Users\Holzi\Desktop\jahreszeugnis.jpg
    [2013.10.31 16:49:18 | 000,212,415 | ---- | C] () -- C:\Users\Holzi\Desktop\bewerbungsfoto.jpg
    [2013.10.31 16:26:28 | 000,210,105 | ---- | C] () -- C:\Users\Holzi\Desktop\A13013 Dörner.pdf
    [2013.10.22 15:15:37 | 000,053,858 | ---- | C] () -- C:\Users\Holzi\Desktop\1378784_598441926887001_2033503337_n.jpg
    [2013.10.21 19:22:36 | 000,305,347 | ---- | C] () -- C:\Users\Holzi\Desktop\IMG_4156.JPG
    [2013.10.17 13:12:35 | 000,074,196 | ---- | C] () -- C:\Users\Holzi\Desktop\931305_580841275288823_458267984_n.jpg
    [2013.10.14 18:17:44 | 000,892,028 | ---- | C] () -- C:\Users\Holzi\Desktop\Scan_20131014_191743.jpg
    [2013.05.18 07:57:51 | 000,150,944 | ---- | C] () -- C:\Windows\Wiainst64.exe
    [2013.05.18 07:57:31 | 001,554,336 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
    [2012.11.28 22:21:24 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2012.09.04 16:13:46 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll
    [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012.04.16 19:20:06 | 000,006,144 | ---- | C] () -- C:\Users\Holzi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012.02.15 17:08:37 | 000,000,288 | ---- | C] () -- C:\Users\Holzi\AppData\Roaming\.backup.dm
    [2012.01.20 19:08:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012.01.20 18:29:19 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
     
    ========== ZeroAccess Check ==========
     
    [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012.09.14 13:58:22 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\.minecraft
    [2012.02.08 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Amazon
    [2013.01.20 10:06:48 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Bildverkleinerer
    [2012.04.23 20:00:12 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Blender Foundation
    [2013.05.15 19:03:45 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\DVDVideoSoft
    [2012.02.15 21:01:59 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012.12.06 19:40:07 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\DynaGeo
    [2013.11.07 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\gtk-2.0
    [2013.11.09 14:58:22 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\inkscape
    [2013.02.12 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\MAGIX
    [2012.01.23 17:22:45 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\OpenOffice.org
    [2012.02.27 22:00:45 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\pdfforge
    [2012.03.10 10:30:29 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\PopSoft
    [2013.06.10 16:32:46 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Publish Providers
    [2012.02.27 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\RhineLabs Rechnungssoftware Demo
    [2013.05.18 07:58:09 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Samsung
    [2013.06.11 16:00:14 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Sony
    [2013.01.05 16:15:35 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\SpinTires
    [2013.11.08 06:31:20 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Spotify
    [2012.10.16 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\TeamViewer
    [2012.07.11 22:06:00 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Tropico 4 Demo
    [2012.03.07 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Windows Live Writer
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    Code:
    OTL Extras logfile created on: 09.11.2013 18:29:05 - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Holzi\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,86% Memory free
    8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 241,15 Gb Total Space | 127,44 Gb Free Space | 52,85% Space Free | Partition Type: NTFS
    Drive D: | 224,51 Gb Total Space | 199,06 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
     
    Computer Name: HOLZI-P35-PS3L | User Name: Holzi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B574426-909F-449B-B598-EA7B69C2446B}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{0F7A1489-F975-48C6-AD50-6550C020ECC3}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{13116523-3DCF-4A7F-A108-F7FA3175ADC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{155EA80D-A3F1-4B74-BDBE-FBCF13DB21B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{19FEAE5B-3FA7-4DC9-ADD6-974B71CF43C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{1AE66B31-B93B-41B0-B522-74C8B3F5B9CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{1BB9E011-1954-452C-BCE2-47F744529606}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{2E2238A9-688B-4CB3-8A7F-79E931DA01D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{34553994-EC60-4394-85A4-9B5A680338AA}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{43B80BB6-3DAF-43AF-905B-5C6F29D61836}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{47EEFEB1-7D36-428D-B35A-046CDBB4ADEF}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{559DF9D1-C4DA-4B1B-94F4-6E22DA8189B9}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{587AFD08-5716-48FB-A1FE-1FA8053DEE87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{58BBD24F-13CA-4023-AEC4-D93C0D4CCFF8}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{8F4C865D-219F-4A5A-ADCA-5CDF1A0BEAEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{9D654623-F81B-4DC9-98CB-015542AAB848}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{A5EB54B6-2D49-4D15-BF94-10F78391101E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{AC1CB9FF-028A-4377-983E-0CA73F767A7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{B5FB16B8-D1C0-4C86-ADFC-677D3336C852}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{B8964445-9624-4FCD-83FD-377D56FC3AE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{C4B1380D-5E26-4336-B2C0-E15AC83C56CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{CC7E9A7B-EBFE-466C-8516-8C9FF16577B3}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{D91D6008-BDE3-4D34-AE3B-83B9E49BC6E4}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{DC35B7C3-793F-4CB0-BBA4-1563AF8CBF09}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{EEFCE5F1-1704-47F4-BDE7-DAE6205380C0}" = rport=139 | protocol=6 | dir=out | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A757E09-C954-4491-936E-C19D9565CC8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{0CEB2072-4129-462A-BCA7-8F7F71FCEA08}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
    "{11BBF88C-774A-4D54-A59C-F577EF38F4C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{1BE78D27-E40A-40B4-A5FE-C63DE6011C27}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
    "{2099BCDA-F8F8-4E2B-A56A-C82D35ECD4EB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | 
    "{2BAB4513-D03A-43EC-8F90-756F421E6388}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
    "{2C728CB5-3556-4B26-9BA6-D67C00F0649B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{2F1D5FF7-88DC-4A33-898C-DCF0BA4712CA}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
    "{3203746D-E555-4D37-BC1D-5588ECACB82C}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | 
    "{32FA186A-28BF-4AEE-9850-25458E07F01F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
    "{35BFD7ED-B630-4351-9492-53D024009ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
    "{37019091-E701-4C1F-A614-E67F037147D7}" = protocol=6 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe | 
    "{38692CCD-E4C4-41A0-A366-ADA18C4E9EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{3870EBA5-DBB0-4CC9-81FB-60646C900FAC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
    "{38D2E810-509B-4B34-9FB5-B5D25B4AA2E4}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
    "{3AB66B3D-011D-489C-ADBC-10D12DD74773}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{3C7349B9-6B25-44D7-AE38-501D9EB324BC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
    "{3ECA916F-7330-4D0E-845E-8034745C7416}" = protocol=58 | dir=in | app=system | 
    "{40AD4A08-247D-4ED3-8049-4EE312056880}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{41B243FB-99AE-4AB7-BF30-25B338A95201}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
    "{4A7EC8F5-C334-4415-BDB1-957B7065C39B}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | 
    "{4B298B76-B020-4094-ABE0-25F71C837C58}" = protocol=17 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe | 
    "{4BC3F4E5-A41F-4139-AA49-BC739C480A06}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{4C3E113B-1BBA-4E4B-93FF-75E588EAAAD1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
    "{4F500530-6335-48B7-B359-FE736D77F4C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{559A511D-B283-408B-AEFC-86473C08F415}" = protocol=17 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe | 
    "{5B140357-8865-4645-8D0C-1CDD6E5A5615}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
    "{5F7705FF-EC1B-4BF0-9743-D445C725EA27}" = protocol=6 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe | 
    "{5FA8FA74-A7AF-48BD-9D9A-277DB07B264B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
    "{601C1F0C-6E86-4F33-A077-827CCC302B09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{61D3078B-A818-482F-99E0-C7CA2560844F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
    "{636D7D90-D4B4-40E7-BEC8-6336D47A3EF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{637D951D-71C6-4E8B-B96D-F0717B9C7713}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{6D8B1725-E53D-4928-92A9-370008830198}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{7079551D-2C75-4E8D-A178-51F0F826B747}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3300\scnsearch\usdagent.exe | 
    "{721A68B6-862B-418B-812E-A7AC7C978AF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{75086074-BE8C-4056-8554-9E3F732CF34B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{7B762437-C8CF-49CD-821A-21D740F3359C}" = dir=in | app=c:\windows\system32\hasplms.exe | 
    "{88AD7CC0-0408-4518-BF1F-38571CB414B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{8C6AD7CB-DA06-43D9-99AD-E510183075B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4 - demo\tropico4-demo.exe | 
    "{97D7E8FF-00CD-424E-9777-075995DE5BA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{98F3A48C-01AA-407F-B9C3-8E7929C8EB2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{99041627-7C52-47CE-BC70-B2E8C7F57890}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
    "{9A294BF3-46AB-4B39-B382-590CC1B9CD22}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
    "{A1D99D2C-AE49-4804-9AF0-3F99A87A3B92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{A509E97A-1327-41C5-A2A0-44E88C913102}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
    "{AC823A9C-FE24-421B-BCFC-52BBE4A9F09E}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
    "{BA347556-D0C3-4A26-8D9D-B6FE558D6294}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | 
    "{BBEA8029-B1B7-412C-83AC-15F03E9F14B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{C10212A7-516B-4529-956D-AB9044688EE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{C8DE0001-B605-4636-9F95-5307C41E9181}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3300\scnsearch\usdagent.exe | 
    "{C9AA4791-D55B-4D36-91CB-39D7A1DB0D31}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
    "{D427F43F-8CA7-43FE-B0F1-A526E047970A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
    "{DA50BBFD-730F-42EC-9F15-F456D7AB8EC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{DEEF61F8-2934-4E1E-8D94-5C6C65203BE8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
    "{E774A6B0-BEC1-4862-B711-7486965963A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{F5E243D3-EC77-4A48-8EC8-E31578049E27}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{F72928E1-6F66-4A5E-A8DA-BE5C666F7D6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{F8B345A9-5253-48D2-B7CD-78DE0D6A558F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4 - demo\tropico4-demo.exe | 
    "{FD987E48-87A4-4D36-9B6D-9BDF2CCB729F}" = protocol=6 | dir=out | app=system | 
    "TCP Query User{0D190EF6-2515-41A4-9680-A804E464B8E4}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
    "TCP Query User{19109D02-336F-4CC7-9D74-BC6111CF908F}C:\users\holzi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\holzi\appdata\roaming\spotify\spotify.exe | 
    "TCP Query User{B6407519-21C6-449C-9F58-1CD761E5DBD6}C:\program files (x86)\dmxcontrol\dmxcontrol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol\dmxcontrol.exe | 
    "UDP Query User{18152D1E-0912-41CE-BCFF-9A98102907CE}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
    "UDP Query User{5D35E59D-BAAD-4B71-ABB0-93E95AC30B22}C:\users\holzi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\holzi\appdata\roaming\spotify\spotify.exe | 
    "UDP Query User{84A5FF8B-8E1D-4A6F-A35A-98168C336ED6}C:\program files (x86)\dmxcontrol\dmxcontrol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol\dmxcontrol.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64
    "{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
    "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
    "{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
    "{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5375FD61-C0E9-11E1-9297-F04DA23A5C58}" = Movie Studio Platinum 12.0 (64-bit)
    "{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
    "{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders
    "{D764B08F-C53E-11E1-A81B-F04DA23A5C58}" = MSVCRT Redists
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
    "{F29400C2-C498-47A2-815C-B8998E377DB6}" = MAGIX Web Designer MX
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Blender" = Blender
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft Security Client" = Microsoft Security Essentials
    "VLC media player" = VLC media player 2.0.2
    "WinRAR archiver" = WinRAR 4.10 (64-Bit)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English
    "{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = Catalyst Control Center
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish
    "{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
    "{4347F591-C451-11E1-BA36-F04DA23A5C58}" = DVD Architect Studio 5.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TL-WN851ND Driver
    "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
    "{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese
    "{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch
    "{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common
    "{645CF8E7-16ED-4827-BD89-94F2CE974396}" = LogMeIn Hamachi
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian
    "{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian
    "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
    "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
    "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
    "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
    "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
    "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
    "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
    "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
    "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
    "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
    "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy
    "{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
    "{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German
    "{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
    "{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E68081D3-BA4E-4C13-910B-ECDBBF92B373}" = MAGIX Website Maker 5
    "{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
    "{EA25A1D4-0CFB-4863-9B42-3E7EBD879644}" = Spin Tires
    "{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
    "Audiograbber" = Audiograbber 1.83 SE 
    "Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.02
    "DMXControl" = DMXControl 2.12
    "DynaGeo_is1" = DynaGeo 3.7
    "FormatFactory" = FormatFactory 3.0.1
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
    "Inkscape" = Inkscape 0.48.2
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "MAGIX_{F29400C2-C498-47A2-815C-B8998E377DB6}" = MAGIX Web Designer MX
    "MAGIX_MSI_Website_Maker_5" = MAGIX Website Maker 5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
    "Mozilla Firefox 25.0 (x86 de)" = Mozilla Firefox 25.0 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Origin" = Origin
    "Samsung CLX-3300 Series" = Samsung CLX-3300 Series
    "Samsung Easy Document Creator" = Samsung Easy Document Creator
    "Samsung Easy Printer Manager" = Samsung Easy Printer Manager
    "Samsung Printer Live Update" = Samsung Printer Live Update
    "Samsung Scan Process Machine" = Samsung Scan Process Machine
    "Steam App 57750" = Tropico 4 - Demo
    "TeamViewer 7" = TeamViewer 7
    "VLC media player" = VLC media player 1.1.11
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GeoGebra 4" = GeoGebra 4
    "RhineLabs Rechnungssoftware Demo" = RhineLabs Rechnungssoftware Demo
    "Spotify" = Spotify
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 01.02.2013 13:12:47 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 02.02.2013 07:11:43 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 03.02.2013 04:27:59 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 04.02.2013 12:52:06 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 04.02.2013 15:20:52 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 05.02.2013 14:04:55 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 06.02.2013 12:37:23 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 07.02.2013 01:35:15 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 08.02.2013 12:51:53 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 08.02.2013 14:55:43 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    [ System Events ]
    Error - 09.11.2013 08:12:32 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 09.11.2013 08:12:36 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 09.11.2013 08:44:47 | Computer Name = Holzi-P35-PS3L | Source = bowser | ID = 8003
    Description = 
     
    Error - 09.11.2013 10:06:13 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 09.11.2013 10:07:03 | Computer Name = Holzi-P35-PS3L | Source = Service Control Manager | ID = 7024
    Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
     Fehler beendet: %%-1073473535.
     
    Error - 09.11.2013 10:07:03 | Computer Name = Holzi-P35-PS3L | Source = Service Control Manager | ID = 7031
    Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
     1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
     Neustart des Diensts.
     
    Error - 09.11.2013 10:07:33 | Computer Name = Holzi-P35-PS3L | Source = Service Control Manager | ID = 7009
    Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
     Windows Search erreicht.
     
    Error - 09.11.2013 10:07:33 | Computer Name = Holzi-P35-PS3L | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
     gestartet:   %%1053
     
    Error - 09.11.2013 10:55:49 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 09.11.2013 13:07:19 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
     
    < End of report >
    Geändert von Eric Lee (09.11.2013 um 18:40 Uhr) Grund: Beiträge vereint.

  2. #2
    Moderator Team-Mitglied Avatar von Eric Lee
    Registriert seit
    29.07.2012
    Beiträge
    2.396

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Hallo Holzi1995,

    willkommen im Forum. Worauf musst du bei der Bereinigung achten? Einen kurzen Leitfaden findest du hier

    Hinweise zum Ablauf…
    • Nutzer bekommen von mir eine genau zugeschnittene, schrittweise Anleitung, welche in mehrere Punkte gegliedert ist. Arbeite diese Punkte bitte immer in der vorgegebenen Reihenfolge ab.
    • Bei Unklarheiten stoppe an dem betreffenden Punkt und frage dann einfach noch einmal nach, dann kann ich dir eine genauere Anweisung geben.
    • Die Auswertung ist am einfachsten wenn du alle erstellten Logfiles gesammelt in einem Rutsch postest.
    • Außerdem füge bitte alle erstellten Berichte, Logfiles und Nachrichten in den sogenannten #Code-Tags ein. Wenn du nicht weißt was genau es damit auf sich hat klicke "Neu hier?..." und schaue dort unter Punkt 7, dort findest du eine ausführliche Erklärung. Die #Code-Tags erleichtern die Auswertung auch erheblich.


    Rückmeldung über Zustandsänderungen…
    • Sollten auf deinem System plötzlich Probleme auftreten breche an der Stelle ab und gebe mir eine möglichst genaue Rückmeldung.
    • Ich sehe mit den verwendeten Tools immer nur einen Ausschnitt des Systems, andere Problembilder erfordern andere Tools. Da ich unter Umständen nicht sehe was auf deinem System los ist solltest du mir immer genaue Rückmeldung über Änderungen geben.
    • Das gleiche gilt natürlich auch für Änderungen in positiver Richtung.


    Damit keine unvorhergesehenen Dinge passieren…
    • Installiere oder deinstalliere während unserer Zusammenarbeit keine Software, es sei denn ich gebe dir dazu eine Anleitung.
    • Führe keine Skripte, Tools, Scanner oder Veränderungen am System auf eigene Faust durch. Dies kann sich mit meiner Anleitung überschneiden und dadurch können irreparable Schäden am System entstehen.
    • Aus dem gleichen Grund setze nie parallel mehr als eine Anleitung um, das heißt betreibe kein Crossposting. Falls du in mehreren Foren Hilfe ersucht hast informiere die Helfer darüber, am besten mit einem entsprechenden Link zum anderen Thema.


    Außerdem zu beachten…
    • Bitte breche die Bereinigung nicht einfach ab, sondern arbeite mit bis ich dich mit den Tipps zur Absicherung und Nachsorge "entlasse". Nur weil das System auf einmal wieder läuft heißt das nicht, dass dort keine Malware mehr vorhanden ist.
    • Bestimmte Infektionen oder Fehlertypen können sehr hartnäckig oder so tief im System stecken, dass wir sie entweder nicht zuverlässig bereinigen können oder nicht richtig finden. In dem Fall werde ich dir zur Neuinstallation raten, wann dies der Fall ist hängt immer speziell vom Befund ab.
    • Zu schwerwiegenden Fehlern und Malware werde ich dir immer eine kurze Einschätzung geben was genau für dich und das System zu beachten ist (z.B. bei Banking-Trojanern). Bei einfacheren Dingen werden wir einfach ein kurzes "Standard-Programm" ohne große Kommentare durchlaufen, solltest du allerdings Fragen oder Anmerkungen haben sind diese immer gern gesehen, in dem Fall poste sie in deinem Thema oder schicke mir eine PN.
    • Damit können wir starten: Alle verwendeten Tools bitte auf dem Desktop speichern wenn nicht anders angemerkt. Windows Vista/7 Benutzer bitte alle Tools über Rechtsklick > Als Administrator ausführen starten.


    Auf den ersten Blick sticht mir erstmal keine Malware ins Auge, die ich für so ein Verhalten verantwortlich machen würde, allerdings mir eine Zeile zu Anfang des OTL.txt Kopfzerbrechen, da müssen wir mal schauen was dabei herumkommt.

    ----- Punkt 1 -----
    Deinstallation

    Zuerst deinstallieren wir unnötige, veraltete, bei der Bereinigung hinderliche oder schädliche Programme. Entferne bitte über Systemsteuerung > Programme die folgenden Einträge:
    • multiple Java >> s.u.
    • Adobe Reader X (10.1.2) - Deutsch >> stark veraltete, falls benötigt bitte neuste Version installieren.
    • Spybot - Search & Destroy >> sollte mMn. aktuell nicht mehr als Antimalwarewerkzeug eingesetzt werden. Während es früher ein ausgezeichnetes Tool war, kann es mittlerweile nicht mehr mit aktuellen Bedrohungen mithalten und verursacht auf modernen Systemen ggf. Fehler.
    • Skype™ 5.10 >> stark veraltet. Falls benötigt neuste Version installieren.


    Anmerkung: Falls du eines der Programme nicht findest oder es sich nicht deinstallieren lässt informiere mich, arbeite die Anleitung aber trotzdem weiter ab. Bitte gehe dann selbst noch einmal die Liste der installierten Programme durch und entferne alte Programme welche du nicht mehr benötigst.

    Veraltete Java Installation
    Leere zunächst bitte den kompletten Java Cache. Dazu über Start > Systemsteuerung > Java > Allgemein > Temporäre Internet-Dateien "Einstellungen" > Dateien löschen > Hake bei "Anwendungen und Applets" und "Verfolgungs- und Protokolldateien" an und bestätige mit Ok.

    Auf dem Computer befinden sich völlig veraltete Java Versionen. Dies ist einer der Hauptangriffpunkte für Schädlinge, welche über Sicherheitslücken in Java auf das System gelangen können. Falls Java nicht benötigt wird rate ich dazu es komplett vom System zu entfernen. Wenn es doch benötigt wird und auf die Browser-Plugins verzichtet werden kann sollten zumindest diese deaktiviert werden, da auch in aktuellen Java Versionen immer wieder Sicherheitslücken gefunden werden. Wenn auf Java nicht verzichtet werden kann sollte unbedingt darauf geachtet werden das immer die aktuellste Version installiert ist.

    Deinstalliere bitte alle alten Java Versionen (überprüfe auch ob die Browser Plugins entfernt wurden) und lade dir hier und hier die neusten Versionen herunter solltest du diese benötigen (falls eine Toolbar oä bei Installation angeboten wird bitte abwählen).

    Vergleiche auch diesen Blogeintrag: http://blog.botfrei.de/2012/08/ist-d...lation-sicher/

    ----- Punkt 2 -----
    Hast du Software, für welche du einen Sentinel HASP Hardwareschlüssel besitzt oder welche über eine Sentinel HASP Lizenz laufen?

    ----- Punkt 3 -----
    OTL Systemscan
    • Lade dir OTL von OldTimer herunter und speichere es auf deinem Desktop.
    • Schließe alle anderen Programme.
    • Windows Vista/7 User: Starte das Programm via Rechtsklick > als Administrator ausführen.
    • Wähle bei allen Einstellungen "Benutze SafeList", außer Extra-Registry, dort wähle "All", hake "Alle Benutzer" und falls erforderlich "64Bit Scans" an. Aktiviere Standard Ausgabe sowie LOP und Purity Prüfung.
    • Starte den Scan.
    • Nach dem Scan werden zwei Logfiles (OTL.txt und Extras.txt) erstellt. Anonymisiere falls erforderlich Nutzernamen durch ***** und poste sie hier im Forum. Benutze bitte die #Code-Tags.


    ----- Punkt 4 -----
    Nur um sicherzugehen bitte auch ein GMER Logfile nach dieser Anleitung: http://www.hijackthis-forum.de/tipps...html#post91254

    Schönen Gruß,
    Eric
    Geändert von Eric Lee (10.11.2013 um 12:59 Uhr)
    | Neu hier? Bitte abarbeiten. | Forenregeln | Feedback | Stellenausschreibung im Forum | OS X or BSD Malware? PM me. |
    | Danke 1uV829dYGPwKk8Q1khoH4o9MuEqWSgyXE (BTC) | Browser TLSv1.2? | Wie sicher ist dein Browser? | How unique are you? |

  3. #3
    Moderator Team-Mitglied Avatar von Eric Lee
    Registriert seit
    29.07.2012
    Beiträge
    2.396

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    +48h "Bump" - Erinnerung

    Ich habe nun schon länger keine Rückmeldung mehr von Dir erhalten. Bestehen Probleme beim Abarbeiten der Anleitung? Falls ja lasse mich dies wissen. Falls ich in nächster Zeit nicht von Dir höre werde ich das Thema aus meinen Abonnements löschen und schließen, damit die Ressourcen für andere Hilfesuchende frei werden. Bitte beachte auch, dass ein verschwinden der Auffälligkeiten nicht heißt, das bei Dir keine Probleme mehr vorliegen.

    Schönen Gruß,
    Eric Lee
    | Neu hier? Bitte abarbeiten. | Forenregeln | Feedback | Stellenausschreibung im Forum | OS X or BSD Malware? PM me. |
    | Danke 1uV829dYGPwKk8Q1khoH4o9MuEqWSgyXE (BTC) | Browser TLSv1.2? | Wie sicher ist dein Browser? | How unique are you? |

  4. #4
    Einsteiger
    Registriert seit
    09.11.2013
    Beiträge
    13

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Hallo Eric,

    sorry ich habe zur Zeit mit Schule viel um die Ohren und habe erst jetzt alles fertig machen können.

    1. Java wurde komplett deinstalliert, wird nicht benötigt war nur mal für die Schule drauf
    2. Skype + Adobe Reader wurden aktualisiert
    3. habe nicht benötigte Programme deinstalliert


    Ich kann die Logs nichtt alle auf einmal posten, wenn ich das versuche wird nach der Ladezeit immer einafch eine leere Internetseite angezeigt.

    Code:
    OTL logfile created on: 13.11.2013 16:50:12 - Run 4
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Holzi\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,64% Memory free
    8,00 Gb Paging File | 6,45 Gb Available in Paging File | 80,70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 241,15 Gb Total Space | 131,03 Gb Free Space | 54,34% Space Free | Partition Type: NTFS
    Drive D: | 224,51 Gb Total Space | 199,06 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
    Drive K: | 465,65 Gb Total Space | 280,23 Gb Free Space | 60,18% Space Free | Partition Type: FAT32
     
    Computer Name: HOLZI-P35-PS3L | User Name: Holzi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - File not found -- 
    PRC - [2013.11.13 14:27:01 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Holzi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013.11.09 16:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holzi\Desktop\OTL.exe
    PRC - [2013.10.30 16:01:15 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013.09.03 14:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013.02.22 12:32:59 | 007,862,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    PRC - [2013.02.22 12:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2013.02.22 12:24:58 | 000,106,848 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013.10.30 16:01:02 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012.07.06 06:07:54 | 001,573,496 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
    MOD - [2012.04.23 11:14:48 | 002,013,184 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\sf.dll
    MOD - [2012.03.21 06:23:00 | 000,615,424 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\SAStyle.cjstyles
    MOD - [2012.03.21 06:22:58 | 000,683,520 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\SASkin.dll
    MOD - [2012.02.20 21:22:52 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll
    MOD - [2012.02.15 14:17:02 | 000,310,272 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\sslog.dll
    MOD - [2012.01.23 17:11:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012.06.28 08:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
    SRV - [2013.10.30 16:01:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013.10.09 20:36:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013.09.05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013.09.03 14:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013.08.12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013.08.12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013.02.22 12:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2013.06.18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012.06.28 08:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
    DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012.02.15 14:16:48 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
    DRV:64bit: - [2011.11.22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
    DRV:64bit: - [2011.09.28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
    DRV:64bit: - [2011.04.11 16:33:56 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
     
    IE - HKU\S-1-5-21-2757166711-2795243149-3929797495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/deu/
    IE - HKU\S-1-5-21-2757166711-2795243149-3929797495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2757166711-2795243149-3929797495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
    IE - HKU\S-1-5-21-2757166711-2795243149-3929797495-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 3C 97 8E 92 1C CD 01  [binary data]
    IE - HKU\S-1-5-21-2757166711-2795243149-3929797495-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2757166711-2795243149-3929797495-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-2757166711-2795243149-3929797495-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2012.04.17 18:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holzi\AppData\Roaming\mozilla\Extensions
    [2013.10.10 20:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holzi\AppData\Roaming\mozilla\Firefox\Profiles\vmqgzd3a.default\extensions
    [2013.07.25 23:14:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Holzi\AppData\Roaming\mozilla\Firefox\Profiles\vmqgzd3a.default\extensions\ich@maltegoetz.de
    [2013.10.10 20:45:15 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Holzi\AppData\Roaming\mozilla\firefox\profiles\vmqgzd3a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013.11.09 13:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2013.10.30 16:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
    [2013.10.30 16:01:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not found
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2757166711-2795243149-3929797495-1001..\Run: [Spotify Web Helper] C:\Users\Holzi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Holzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
    O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C51145-C5BA-4E6F-8170-6F12FF883303}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{26cdf390-490c-11e1-8039-001d7dd26752}\Shell - "" = AutoRun
    O33 - MountPoints2\{26cdf390-490c-11e1-8039-001d7dd26752}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013.11.10 20:55:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013.11.10 20:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013.11.10 20:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013.11.10 20:49:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2013.11.09 16:21:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holzi\Desktop\OTL.exe
    [2013.11.09 16:15:03 | 000,000,000 | ---D | C] -- C:\Users\Holzi\AppData\Roaming\Malwarebytes
    [2013.11.09 16:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013.11.09 16:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013.11.09 16:14:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013.11.09 16:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013.11.09 14:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013.11.09 14:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013.11.09 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\Holzi\Documents\ProcAlyzer Dumps
    [2013.11.09 14:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013.11.09 14:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013.11.09 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Holzi\AppData\Local\Programs
    [2013.11.09 13:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013.11.09 13:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    [2013.11.09 13:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013.10.30 16:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [1 C:\Users\Holzi\Documents\*.tmp files -> C:\Users\Holzi\Documents\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013.11.13 16:52:48 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.11.13 16:52:48 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.11.13 16:45:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.11.13 16:45:28 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2013.11.13 16:35:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013.11.11 17:29:26 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013.11.11 17:29:26 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2013.11.11 17:29:26 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013.11.11 17:29:26 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2013.11.11 17:29:26 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013.11.10 21:46:56 | 866,324,362 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013.11.10 21:12:18 | 000,377,856 | ---- | M] () -- C:\Users\Holzi\Desktop\gxopsys4.exe
    [2013.11.10 20:40:38 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
    [2013.11.09 16:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holzi\Desktop\OTL.exe
    [2013.11.09 16:14:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.11.09 15:00:10 | 000,051,650 | ---- | M] () -- C:\Users\Holzi\Documents\cc_registery_08112013.reg
    [2013.11.09 14:50:13 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013.11.03 21:52:33 | 000,212,415 | ---- | M] () -- C:\Users\Holzi\Desktop\bewerbungsfoto.jpg
    [2013.10.31 19:52:51 | 000,105,662 | ---- | M] () -- C:\Users\Holzi\Desktop\Bewerbungsschreiben.pdf
    [2013.10.31 19:51:58 | 000,037,670 | ---- | M] () -- C:\Users\Holzi\Desktop\unterschrift.jpg
    [2013.10.31 16:51:00 | 004,566,792 | ---- | M] () -- C:\Users\Holzi\Desktop\jahreszeugnis.jpg
    [2013.10.31 16:26:29 | 000,210,105 | ---- | M] () -- C:\Users\Holzi\Desktop\A13013 Dörner.pdf
    [2013.10.22 15:15:37 | 000,053,858 | ---- | M] () -- C:\Users\Holzi\Desktop\1378784_598441926887001_2033503337_n.jpg
    [2013.10.21 19:22:49 | 000,305,347 | ---- | M] () -- C:\Users\Holzi\Desktop\IMG_4156.JPG
    [2013.10.17 13:12:35 | 000,074,196 | ---- | M] () -- C:\Users\Holzi\Desktop\931305_580841275288823_458267984_n.jpg
    [2013.10.16 06:02:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
    [1 C:\Users\Holzi\Documents\*.tmp files -> C:\Users\Holzi\Documents\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013.11.10 21:46:56 | 866,324,362 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013.11.10 21:12:16 | 000,377,856 | ---- | C] () -- C:\Users\Holzi\Desktop\gxopsys4.exe
    [2013.11.10 20:40:34 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
    [2013.11.09 16:14:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.11.09 15:00:06 | 000,051,650 | ---- | C] () -- C:\Users\Holzi\Documents\cc_registery_08112013.reg
    [2013.11.09 14:50:13 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013.11.07 18:46:37 | 001,333,473 | ---- | C] () -- C:\Users\Holzi\Desktop\DSC00039.JPG
    [2013.10.31 19:52:51 | 000,105,662 | ---- | C] () -- C:\Users\Holzi\Desktop\Bewerbungsschreiben.pdf
    [2013.10.31 19:49:44 | 000,037,670 | ---- | C] () -- C:\Users\Holzi\Desktop\unterschrift.jpg
    [2013.10.31 16:50:59 | 004,566,792 | ---- | C] () -- C:\Users\Holzi\Desktop\jahreszeugnis.jpg
    [2013.10.31 16:49:18 | 000,212,415 | ---- | C] () -- C:\Users\Holzi\Desktop\bewerbungsfoto.jpg
    [2013.10.31 16:26:28 | 000,210,105 | ---- | C] () -- C:\Users\Holzi\Desktop\A13013 Dörner.pdf
    [2013.10.22 15:15:37 | 000,053,858 | ---- | C] () -- C:\Users\Holzi\Desktop\1378784_598441926887001_2033503337_n.jpg
    [2013.10.21 19:22:36 | 000,305,347 | ---- | C] () -- C:\Users\Holzi\Desktop\IMG_4156.JPG
    [2013.10.17 13:12:35 | 000,074,196 | ---- | C] () -- C:\Users\Holzi\Desktop\931305_580841275288823_458267984_n.jpg
    [2013.05.18 07:57:51 | 000,150,944 | ---- | C] () -- C:\Windows\Wiainst64.exe
    [2013.05.18 07:57:31 | 001,554,336 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
    [2012.11.28 22:21:24 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2012.09.04 16:13:46 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll
    [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012.04.16 19:20:06 | 000,006,144 | ---- | C] () -- C:\Users\Holzi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012.02.15 17:08:37 | 000,000,288 | ---- | C] () -- C:\Users\Holzi\AppData\Roaming\.backup.dm
    [2012.01.20 19:08:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012.01.20 18:29:19 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
     
    ========== ZeroAccess Check ==========
     
    [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012.09.14 13:58:22 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\.minecraft
    [2012.02.08 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Amazon
    [2013.01.20 10:06:48 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Bildverkleinerer
    [2012.04.23 20:00:12 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Blender Foundation
    [2013.11.10 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\DVDVideoSoft
    [2013.11.10 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\DynaGeo
    [2013.11.07 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\gtk-2.0
    [2013.11.09 14:58:22 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\inkscape
    [2013.02.12 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\MAGIX
    [2012.01.23 17:22:45 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\OpenOffice.org
    [2012.02.27 22:00:45 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\pdfforge
    [2012.03.10 10:30:29 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\PopSoft
    [2013.06.10 16:32:46 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Publish Providers
    [2013.05.18 07:58:09 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Samsung
    [2013.06.11 16:00:14 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Sony
    [2013.01.05 16:15:35 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\SpinTires
    [2013.11.13 14:47:10 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Spotify
    [2012.10.16 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\TeamViewer
    [2012.07.11 22:06:00 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Tropico 4 Demo
    [2012.03.07 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Holzi\AppData\Roaming\Windows Live Writer
     
    ========== Purity Check ==========
     
     
    
    < End of report >

  5. #5
    Einsteiger
    Registriert seit
    09.11.2013
    Beiträge
    13

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Code:
    OTL Extras logfile created on: 13.11.2013 16:50:12 - Run 4
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Holzi\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,64% Memory free
    8,00 Gb Paging File | 6,45 Gb Available in Paging File | 80,70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 241,15 Gb Total Space | 131,03 Gb Free Space | 54,34% Space Free | Partition Type: NTFS
    Drive D: | 224,51 Gb Total Space | 199,06 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
    Drive K: | 465,65 Gb Total Space | 280,23 Gb Free Space | 60,18% Space Free | Partition Type: FAT32
     
    Computer Name: HOLZI-P35-PS3L | User Name: Holzi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (All) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
     
    [HKEY_USERS\S-1-5-21-2757166711-2795243149-3929797495-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B574426-909F-449B-B598-EA7B69C2446B}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{0F7A1489-F975-48C6-AD50-6550C020ECC3}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{13116523-3DCF-4A7F-A108-F7FA3175ADC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{155EA80D-A3F1-4B74-BDBE-FBCF13DB21B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{19FEAE5B-3FA7-4DC9-ADD6-974B71CF43C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{1AE66B31-B93B-41B0-B522-74C8B3F5B9CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{1BB9E011-1954-452C-BCE2-47F744529606}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{2E2238A9-688B-4CB3-8A7F-79E931DA01D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{34553994-EC60-4394-85A4-9B5A680338AA}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{43B80BB6-3DAF-43AF-905B-5C6F29D61836}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{47EEFEB1-7D36-428D-B35A-046CDBB4ADEF}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{559DF9D1-C4DA-4B1B-94F4-6E22DA8189B9}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{587AFD08-5716-48FB-A1FE-1FA8053DEE87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{58BBD24F-13CA-4023-AEC4-D93C0D4CCFF8}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{8F4C865D-219F-4A5A-ADCA-5CDF1A0BEAEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{9D654623-F81B-4DC9-98CB-015542AAB848}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{A5EB54B6-2D49-4D15-BF94-10F78391101E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{AC1CB9FF-028A-4377-983E-0CA73F767A7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{B5FB16B8-D1C0-4C86-ADFC-677D3336C852}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{B8964445-9624-4FCD-83FD-377D56FC3AE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{C4B1380D-5E26-4336-B2C0-E15AC83C56CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{CC7E9A7B-EBFE-466C-8516-8C9FF16577B3}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{D91D6008-BDE3-4D34-AE3B-83B9E49BC6E4}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{DC35B7C3-793F-4CB0-BBA4-1563AF8CBF09}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{EEFCE5F1-1704-47F4-BDE7-DAE6205380C0}" = rport=139 | protocol=6 | dir=out | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A757E09-C954-4491-936E-C19D9565CC8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{0CEB2072-4129-462A-BCA7-8F7F71FCEA08}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
    "{11BBF88C-774A-4D54-A59C-F577EF38F4C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{1BE78D27-E40A-40B4-A5FE-C63DE6011C27}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
    "{2099BCDA-F8F8-4E2B-A56A-C82D35ECD4EB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | 
    "{2BAB4513-D03A-43EC-8F90-756F421E6388}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
    "{2C728CB5-3556-4B26-9BA6-D67C00F0649B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{2F1D5FF7-88DC-4A33-898C-DCF0BA4712CA}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
    "{3203746D-E555-4D37-BC1D-5588ECACB82C}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | 
    "{32FA186A-28BF-4AEE-9850-25458E07F01F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
    "{35BFD7ED-B630-4351-9492-53D024009ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
    "{37019091-E701-4C1F-A614-E67F037147D7}" = protocol=6 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe | 
    "{38692CCD-E4C4-41A0-A366-ADA18C4E9EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{38D2E810-509B-4B34-9FB5-B5D25B4AA2E4}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
    "{3AB66B3D-011D-489C-ADBC-10D12DD74773}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{3C7349B9-6B25-44D7-AE38-501D9EB324BC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
    "{40AD4A08-247D-4ED3-8049-4EE312056880}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{41B243FB-99AE-4AB7-BF30-25B338A95201}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
    "{4A7EC8F5-C334-4415-BDB1-957B7065C39B}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | 
    "{4B298B76-B020-4094-ABE0-25F71C837C58}" = protocol=17 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe | 
    "{4BC3F4E5-A41F-4139-AA49-BC739C480A06}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{4C3E113B-1BBA-4E4B-93FF-75E588EAAAD1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
    "{4F500530-6335-48B7-B359-FE736D77F4C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{559A511D-B283-408B-AEFC-86473C08F415}" = protocol=17 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe | 
    "{5B140357-8865-4645-8D0C-1CDD6E5A5615}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
    "{5F7705FF-EC1B-4BF0-9743-D445C725EA27}" = protocol=6 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe | 
    "{5FA8FA74-A7AF-48BD-9D9A-277DB07B264B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
    "{601C1F0C-6E86-4F33-A077-827CCC302B09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{61D3078B-A818-482F-99E0-C7CA2560844F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
    "{636D7D90-D4B4-40E7-BEC8-6336D47A3EF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{637D951D-71C6-4E8B-B96D-F0717B9C7713}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{6D8B1725-E53D-4928-92A9-370008830198}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{7079551D-2C75-4E8D-A178-51F0F826B747}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3300\scnsearch\usdagent.exe | 
    "{721A68B6-862B-418B-812E-A7AC7C978AF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
    "{75086074-BE8C-4056-8554-9E3F732CF34B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{7B762437-C8CF-49CD-821A-21D740F3359C}" = dir=in | app=c:\windows\system32\hasplms.exe | 
    "{88AD7CC0-0408-4518-BF1F-38571CB414B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{8C6AD7CB-DA06-43D9-99AD-E510183075B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4 - demo\tropico4-demo.exe | 
    "{97D7E8FF-00CD-424E-9777-075995DE5BA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{98F3A48C-01AA-407F-B9C3-8E7929C8EB2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{99041627-7C52-47CE-BC70-B2E8C7F57890}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
    "{9A294BF3-46AB-4B39-B382-590CC1B9CD22}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
    "{A1D99D2C-AE49-4804-9AF0-3F99A87A3B92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{A509E97A-1327-41C5-A2A0-44E88C913102}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
    "{AC823A9C-FE24-421B-BCFC-52BBE4A9F09E}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
    "{BA347556-D0C3-4A26-8D9D-B6FE558D6294}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | 
    "{BBEA8029-B1B7-412C-83AC-15F03E9F14B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{C10212A7-516B-4529-956D-AB9044688EE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{C8DE0001-B605-4636-9F95-5307C41E9181}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3300\scnsearch\usdagent.exe | 
    "{C9AA4791-D55B-4D36-91CB-39D7A1DB0D31}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
    "{D427F43F-8CA7-43FE-B0F1-A526E047970A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
    "{DA50BBFD-730F-42EC-9F15-F456D7AB8EC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{DEEF61F8-2934-4E1E-8D94-5C6C65203BE8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
    "{E774A6B0-BEC1-4862-B711-7486965963A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{F5E243D3-EC77-4A48-8EC8-E31578049E27}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{F72928E1-6F66-4A5E-A8DA-BE5C666F7D6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{F8B345A9-5253-48D2-B7CD-78DE0D6A558F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4 - demo\tropico4-demo.exe | 
    "{FD987E48-87A4-4D36-9B6D-9BDF2CCB729F}" = protocol=6 | dir=out | app=system | 
    "TCP Query User{0D190EF6-2515-41A4-9680-A804E464B8E4}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
    "TCP Query User{19109D02-336F-4CC7-9D74-BC6111CF908F}C:\users\holzi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\holzi\appdata\roaming\spotify\spotify.exe | 
    "TCP Query User{B6407519-21C6-449C-9F58-1CD761E5DBD6}C:\program files (x86)\dmxcontrol\dmxcontrol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol\dmxcontrol.exe | 
    "UDP Query User{18152D1E-0912-41CE-BCFF-9A98102907CE}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
    "UDP Query User{5D35E59D-BAAD-4B71-ABB0-93E95AC30B22}C:\users\holzi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\holzi\appdata\roaming\spotify\spotify.exe | 
    "UDP Query User{84A5FF8B-8E1D-4A6F-A35A-98168C336ED6}C:\program files (x86)\dmxcontrol\dmxcontrol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol\dmxcontrol.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64
    "{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
    "{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5375FD61-C0E9-11E1-9297-F04DA23A5C58}" = Movie Studio Platinum 12.0 (64-bit)
    "{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders
    "{D764B08F-C53E-11E1-A81B-F04DA23A5C58}" = MSVCRT Redists
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft Security Client" = Microsoft Security Essentials
    "VLC media player" = VLC media player 2.0.2
    "WinRAR archiver" = WinRAR 4.10 (64-Bit)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English
    "{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = Catalyst Control Center
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish
    "{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
    "{4347F591-C451-11E1-BA36-F04DA23A5C58}" = DVD Architect Studio 5.0
    "{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TL-WN851ND Driver
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
    "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
    "{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese
    "{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch
    "{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian
    "{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian
    "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
    "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
    "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
    "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
    "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
    "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
    "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
    "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
    "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
    "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
    "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy
    "{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
    "{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German
    "{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian
    "{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
    "{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
    "{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
    "Audiograbber" = Audiograbber 1.83 SE 
    "DMXControl" = DMXControl 2.12
    "FormatFactory" = FormatFactory 3.0.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
    "Mozilla Firefox 25.0 (x86 de)" = Mozilla Firefox 25.0 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Samsung CLX-3300 Series" = Samsung CLX-3300 Series
    "Samsung Easy Document Creator" = Samsung Easy Document Creator
    "Samsung Easy Printer Manager" = Samsung Easy Printer Manager
    "Samsung Printer Live Update" = Samsung Printer Live Update
    "Samsung Scan Process Machine" = Samsung Scan Process Machine
    "TeamViewer 7" = TeamViewer 7
    "VLC media player" = VLC media player 1.1.11
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_USERS Uninstall List ==========
     
    [HKEY_USERS\S-1-5-21-2757166711-2795243149-3929797495-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Spotify" = Spotify
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 05.02.2013 14:04:55 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 06.02.2013 12:37:23 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 07.02.2013 01:35:15 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 08.02.2013 12:51:53 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 08.02.2013 14:55:43 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 11.02.2013 03:53:05 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 12.02.2013 05:10:11 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 12.02.2013 13:58:51 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 13.02.2013 11:34:33 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    Error - 14.02.2013 04:17:14 | Computer Name = Holzi-P35-PS3L | Source = Customer Experience Improvement Program | ID = 1008
    Description = 
     
    [ System Events ]
    Error - 11.11.2013 16:21:52 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 12.11.2013 01:19:38 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 12.11.2013 09:00:00 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 12.11.2013 09:00:03 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 12.11.2013 10:27:46 | Computer Name = Holzi-P35-PS3L | Source = Microsoft-Windows-HAL | ID = 12
    Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
    der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
     Firmware verfügbar ist.
     
    Error - 13.11.2013 08:53:35 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 13.11.2013 11:03:34 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 13.11.2013 11:03:38 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 13.11.2013 11:45:39 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
    Error - 13.11.2013 11:45:42 | Computer Name = Holzi-P35-PS3L | Source = hasplms | ID = 458755
    Description = ERROR: Sentinel LDK License Manager failed to start in a promptly 
    manner! 
     
     
    < End of report >
    und noch der GMER LOG

    Code:
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-11-13 16:42:02
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKS-00UU3A0 rev.01.03B01 465,76GB
    Running: gxopsys4.exe; Driver: C:\Users\Holzi\AppData\Local\Temp\kgloruog.sys
    
    
    ---- User code sections - GMER 2.1 ----
    
    .text  C:\Windows\system32\hasplms.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000076021465 2 bytes [02, 76]
    .text  C:\Windows\system32\hasplms.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000760214bb 2 bytes [02, 76]
    .text  ...                                                                                                                         * 2
    .text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076021465 2 bytes [02, 76]
    .text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000760214bb 2 bytes [02, 76]
    .text  ...                                                                                                                         * 2
    
    ---- EOF - GMER 2.1 ----

  6. #6
    Moderator Team-Mitglied Avatar von Eric Lee
    Registriert seit
    29.07.2012
    Beiträge
    2.396

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Hallo Holzi1995,

    kein Problem. Wenn ich weiß, dass du weniger Zeit hast gebe ich deinem Thema etwas länger. Punkt 2 fehlt noch, das ist sehr wichtig, auch weil es nun im GMER Logfile wieder auftaucht und irgendetwas mit einer Lizenzierung da ganz falsch zu laufen scheint auf dem System.

    Hast du noch andere Programme mit spezieller Lizenzierung?

    Schönen Gruß,
    Eric
    | Neu hier? Bitte abarbeiten. | Forenregeln | Feedback | Stellenausschreibung im Forum | OS X or BSD Malware? PM me. |
    | Danke 1uV829dYGPwKk8Q1khoH4o9MuEqWSgyXE (BTC) | Browser TLSv1.2? | Wie sicher ist dein Browser? | How unique are you? |

  7. #7
    Einsteiger
    Registriert seit
    09.11.2013
    Beiträge
    13

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Hallo,

    oh sorry das ahbe ich vergessen zu tippen...

    Also icha hab das mal gegoogelt weil der Begriff mir nicht ganz klar war, so wie ich das verstanden habe geht es hierbei z.b. um so "USB Dongles" mit der man Software die z.b. im Internet zum Download steht sozusagen als Vollversion freischalten kann, alles legal gekauft dieses Dongle dann natürlich. liege ich da richtig ?

    Solche Software besitze ich nicht, bzw. habe ich noch nie genutzt. Ich habe mit vor langer Zeit mal ein Lichtsteuerungsprogramm heruntergeladen zum testen das diese Funktion hat, habe es aber nicht mehr auf diesem Rechner installiert.

    MFG Lukas

  8. #8
    Moderator Team-Mitglied Avatar von Eric Lee
    Registriert seit
    29.07.2012
    Beiträge
    2.396

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Hallo Lukas,

    ----- Punkt 1 -----
    Genau um so ein Teil handelt es sich. Ich weiß nicht wie es bei dir installiert wurde, ich sehe auch keine passend zugehörige Software. Eventuell ist bei dir etwas installiert was ich nicht kenne und gerade übersehe, aber da gehe ich erstmal nicht von aus. Dann müssen wir nun zuerst das Problem mit der Setinel Lizenz lösen, denn selbst wenn es nicht dadurch begründet ist sehe ich kein anderes Problem, da die Fehler in Bezug auf Lizenzen das komplette Eventlog vollmüllen und so alles andere unterdrückt wird.

    SystemLook
    • Lade dir SystemLook von jpshortstuff herunter und speichere die Datei auf deinem Desktop.
    • Starte SystemLook (Vista/7 Nutzer über Rechtsklick > Als Administrator ausführen).
    • Kopiere den Text aus der Codebox in das Textfeld von SystemLook und klicke auf "Look".
      Code:
      :folderfind
      SafeNe*
      Sentinel
      :regfind
      SafeNet
      Sentinel
    • Warte bis SystemLook dir die Ergebnisse anzeigt und kopiere sie hier ins Forum. Bitte benutze die #Code-Tags.


    Schönen Gruß,
    Eric
    | Neu hier? Bitte abarbeiten. | Forenregeln | Feedback | Stellenausschreibung im Forum | OS X or BSD Malware? PM me. |
    | Danke 1uV829dYGPwKk8Q1khoH4o9MuEqWSgyXE (BTC) | Browser TLSv1.2? | Wie sicher ist dein Browser? | How unique are you? |

  9. #9
    Einsteiger
    Registriert seit
    09.11.2013
    Beiträge
    13

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Hallo Eric,

    hier der Log:

    Code:
    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:06 on 14/11/2013 by Holzi
    Administrator - Elevation successful
    
    ========== folderfind ==========
    
    Searching for "SafeNe*"
    C:\ProgramData\SafeNet Sentinel	d------	[12:29 22/09/2012]
    C:\Users\All Users\SafeNet Sentinel	d------	[12:29 22/09/2012]
    C:\Users\Holzi\AppData\Local\SafeNet Sentinel	d------	[12:29 22/09/2012]
    
    Searching for "Sentinel"
    C:\Users\Holzi\AppData\Local\Microsoft\Windows Live Mail\Sentinel	d------	[17:36 14/04/2012]
    
    ========== regfind ==========
    
    Searching for "SafeNet"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aksfridge]
    "Description"="SafeNet Inc. Sentinel HASP Ancillary Function Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hasplms]
    "Description"="Manages licenses secured by Safenet Inc. Sentinel HASP."
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\aksfridge]
    "Description"="SafeNet Inc. Sentinel HASP Ancillary Function Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\hasplms]
    "Description"="Manages licenses secured by Safenet Inc. Sentinel HASP."
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\aksfridge]
    "Description"="SafeNet Inc. Sentinel HASP Ancillary Function Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hasplms]
    "Description"="Manages licenses secured by Safenet Inc. Sentinel HASP."
    
    Searching for "Sentinel"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_netfx35wpf-sentinel.v3.5client_31bf3856ad364e35_none_0c9e3029455b3ba3]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\msil_sentinel.v3.5client_b03f5f7f11d50a3a_none_0c86ede09d18fa5d]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_netfx35wpf-sentinel.v3.5client_31bf3856ad364e35_none_b07f94a58cfdca6d]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\References\Sentinel.v3.5Client, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aksfridge]
    "Description"="SafeNet Inc. Sentinel HASP Ancillary Function Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hasplms]
    "DisplayName"="Sentinel Local License Manager"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hasplms]
    "Description"="Manages licenses secured by Safenet Inc. Sentinel HASP."
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7B762437-C8CF-49CD-821A-21D740F3359C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\hasplms.exe|Name=Sentinel License Manager|Desc=Sentinel License Manager|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\aksfridge]
    "Description"="SafeNet Inc. Sentinel HASP Ancillary Function Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\hasplms]
    "DisplayName"="Sentinel Local License Manager"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\hasplms]
    "Description"="Manages licenses secured by Safenet Inc. Sentinel HASP."
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7B762437-C8CF-49CD-821A-21D740F3359C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\hasplms.exe|Name=Sentinel License Manager|Desc=Sentinel License Manager|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\aksfridge]
    "Description"="SafeNet Inc. Sentinel HASP Ancillary Function Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hasplms]
    "DisplayName"="Sentinel Local License Manager"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hasplms]
    "Description"="Manages licenses secured by Safenet Inc. Sentinel HASP."
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7B762437-C8CF-49CD-821A-21D740F3359C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\hasplms.exe|Name=Sentinel License Manager|Desc=Sentinel License Manager|"
    
    -= EOF =-

  10. #10
    Moderator Team-Mitglied Avatar von Eric Lee
    Registriert seit
    29.07.2012
    Beiträge
    2.396

    AW: Verdacht auf Malware / Tastatur reagiert zeitverzögert / WIN 7

    Hallo Lukas,

    ----- Punkt 1 -----
    Bitte folge dieser Anleitung: http://www.hijackthis-forum.de/tipps...t-sichern.html

    ----- Punkt 2 -----
    OTL Fix
    • Deaktiviere vorübergehend den OnAccess Scanner deines Antivirenprogramms und schließe alle weiteren Programme.
    • Starte OTL erneut (Vista/7 Nutzer über Rechtsklick > Als Administrator ausführen).
    • Kopiere folgendes Skript aus der Codebox in das Textfeld "Benutzerdefinierte Scans/Fixes":
      Code:
      :PROCESSES
      killallprocesses
      
      :OTL
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not found
      FF - user.js - File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
      O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
      O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: Free YouTube Download - C:\Users\Holzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
      O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
      O33 - MountPoints2\{26cdf390-490c-11e1-8039-001d7dd26752}\Shell - "" = AutoRun
      O33 - MountPoints2\{26cdf390-490c-11e1-8039-001d7dd26752}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
      :Services
      hasplms
      aksfridge
      aksdf
      hardlock
      :REG
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{7B762437-C8CF-49CD-821A-21D740F3359C}"=-
      :FILES
      C:\Windows\SysNative\hasplms.exe
      C:\Windows\SysNative\drivers\aksfridge.sys
      C:\Windows\SysNative\drivers\aksdf.sys
      C:\Windows\SysNative\drivers\hardlock.sys
      C:\ProgramData\Spybot - Search & Destroy
      C:\Program Files (x86)\Spybot - Search & Destroy 2
      C:\ProgramData\SafeNet Sentinel
      C:\Users\All Users\SafeNet Sentinel
      C:\Users\Holzi\AppData\Local\SafeNet Sentinel
      :COMMANDS
      [emptytemp]
      [reboot]
      Achtung Mitleser: Dieses Skript ist nur für diesen Nutzer in dieser Situation gedacht. Nicht auf anderen Systemen durchführen, da dies schwere Systemfehler nach sich ziehen kann.
    • Klicke nun auf den Fix-Button. Der Computer muss einen Neustart durchlaufen.
    • Kopiere das Logfile nach dem Neustart hier ins Forum. Bitte benutze die #Code-Tags.


    ----- Punkt 3 -----
    Nach dem Neustart bitte ein weiteres Mal neustarten, danach ein frisches OTL Logfile.

    Schönen Gruß,
    Eric
    | Neu hier? Bitte abarbeiten. | Forenregeln | Feedback | Stellenausschreibung im Forum | OS X or BSD Malware? PM me. |
    | Danke 1uV829dYGPwKk8Q1khoH4o9MuEqWSgyXE (BTC) | Browser TLSv1.2? | Wie sicher ist dein Browser? | How unique are you? |

Seite 1 von 3 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Verdacht auf Malware
    Von n1234n im Forum Archiv
    Antworten: 6
    Letzter Beitrag: 19.01.2012, 13:48
  2. Malware-Verdacht
    Von -kg- im Forum Archiv
    Antworten: 51
    Letzter Beitrag: 28.05.2011, 00:16
  3. Malware Verdacht
    Von CamilliaChe im Forum Archiv
    Antworten: 6
    Letzter Beitrag: 15.07.2010, 19:27
  4. Malware-Verdacht
    Von gorch im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 13.07.2010, 19:22
  5. Verdacht auf Malware
    Von -gb- im Forum Archiv
    Antworten: 14
    Letzter Beitrag: 12.06.2010, 09:32

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •