Wieder mal: Popup rechts unten im Browser

matzespens · 15.06.2012, 13:00

So, bisher habe ich meistens meine Probleme selber in den Griff bekommen. Leider komme ich diesmal nicht mehr weiter. Seit einigen Tagen habe ich eine total nervige PopUp Meldung mit unterschiedlicher Werbung rechts unten im Browser Fenster (anscheinend aber nur bei Firfox). Gelegntlich habe ich auch Probleme mit dem verfolgen von Links. Ich werde dann auch andere Seiten umgeleitet.

Ich habe auch schon im Internet gesucht und einiges an Reinigungstools ausprobiert (Kaspersky Malwarescan, AVG, G-Data und ein Security Scan von Symantec). Alle zeigen mir an, dass das System in Ordnung ist. Das einzige Tool das etwas gefunden hat war der TDDS-Killer. Das Problem besteht aber weiterhin. In Firefox habe ich auch schon mal die zusätzlich installieren AddOns deaktiviert. Hat aber auch nichts gebracht.

Hier mal meine OTL.txt:

Zitat:

OTL logfile created on: 15.06.2012 13:26:14 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\#####\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

12,00 Gb Total Physical Memory | 9,66 Gb Available Physical Memory | 80,51% Memory free
24,00 Gb Paging File | 21,64 Gb Available in Paging File | 90,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,74 Gb Total Space | 11,77 Gb Free Space | 14,05% Space Free | Partition Type: NTFS
Drive D: | 83,84 Gb Total Space | 69,57 Gb Free Space | 82,98% Space Free | Partition Type: NTFS
Drive F: | 1373,72 Gb Total Space | 520,77 Gb Free Space | 37,91% Space Free | Partition Type: NTFS
Drive G: | 1373,72 Gb Total Space | 520,77 Gb Free Space | 37,91% Space Free | Partition Type: NTFS

Computer Name: PC-10-WIN7 | User Name: M.##### | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012.06.15 13:25:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\#####\Downloads\OTL.exe
PRC - [2012.06.12 07:52:40 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012.05.16 17:52:58 | 011,921,064 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\#####\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.04.26 07:49:12 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- D:\Programme (X86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.07.01 09:51:49 | 003,520,000 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
PRC - [2011.06.06 21:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.04.19 09:41:31 | 000,820,416 | ---- | M] (ActFax Communication) -- D:\Programme (X86)\ActiveFax\Client\ActFaxClient.exe
PRC - [2011.04.19 09:41:31 | 000,410,816 | ---- | M] (ActFax Communication) -- D:\Programme (X86)\ActiveFax\Terminal\TSClientB.exe
PRC - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.06.23 14:51:32 | 001,539,656 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe
PRC - [2010.06.23 14:51:32 | 001,539,656 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\AVKClient\AvkCl.exe
PRC - [2010.05.25 18:35:44 | 001,073,224 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
PRC - [2010.04.22 14:59:36 | 000,339,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2009.05.27 00:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- D:\Programme (X86)\VirtualCloneDrive\VCDDaemon.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.15 07:37:33 | 000,571,392 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\pysqlite2._sqlite.pyd
MOD - [2012.06.15 07:37:33 | 000,263,168 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\win32com.shell.shell.pyd
MOD - [2012.06.15 07:37:33 | 000,096,256 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\win32api.pyd
MOD - [2012.06.15 07:37:33 | 000,086,016 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\_elementtree.pyd
MOD - [2012.06.15 07:37:33 | 000,070,656 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\wx._html2.pyd
MOD - [2012.06.15 07:37:33 | 000,040,448 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\_socket.pyd
MOD - [2012.06.15 07:37:33 | 000,011,776 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\win32crypt.pyd
MOD - [2012.06.15 07:37:32 | 001,169,408 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\wx._core_.pyd
MOD - [2012.06.15 07:37:32 | 001,056,256 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\wx._controls_.pyd
MOD - [2012.06.15 07:37:32 | 001,018,368 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\_cacheinvalidation.pyd
MOD - [2012.06.15 07:37:32 | 000,807,424 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\wx._windows_.pyd
MOD - [2012.06.15 07:37:32 | 000,792,576 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\wx._gdi_.pyd
MOD - [2012.06.15 07:37:32 | 000,731,136 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\wx._misc_.pyd
MOD - [2012.06.15 07:37:32 | 000,645,120 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\_ssl.pyd
MOD - [2012.06.15 07:37:32 | 000,585,728 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\unicodedata.pyd
MOD - [2012.06.15 07:37:32 | 000,354,304 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\pythoncom26.dll
MOD - [2012.06.15 07:37:32 | 000,311,808 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\_hashlib.pyd
MOD - [2012.06.15 07:37:32 | 000,153,088 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\pyexpat.pyd
MOD - [2012.06.15 07:37:32 | 000,121,856 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\wx._wizard.pyd
MOD - [2012.06.15 07:37:32 | 000,111,104 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\win32file.pyd
MOD - [2012.06.15 07:37:32 | 000,110,592 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\pywintypes26.dll
MOD - [2012.06.15 07:37:32 | 000,073,728 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\_ctypes.pyd
MOD - [2012.06.15 07:37:32 | 000,039,424 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\win32inet.pyd
MOD - [2012.06.15 07:37:32 | 000,036,352 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\win32process.pyd
MOD - [2012.06.15 07:37:32 | 000,022,528 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\win32pdh.pyd
MOD - [2012.06.15 07:37:32 | 000,017,920 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\win32event.pyd
MOD - [2012.06.15 07:37:32 | 000,011,776 | ---- | M] () -- C:\Users\#####\AppData\Local\Temp\_MEI32522\select.pyd
MOD - [2012.06.12 07:52:40 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012.04.26 07:49:12 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.07.01 09:49:14 | 002,920,960 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2011.06.06 21:55:40 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
MOD - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.09.30 10:14:19 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_03.dll
MOD - [2010.04.21 11:00:35 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV:64bit: - [2011.12.02 10:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.12 07:52:40 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.26 07:49:12 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- D:\Programme (X86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.18 00:11:03 | 001,673,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2011.07.25 13:16:07 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.06.12 11:43:28 | 051,740,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.06.23 14:51:32 | 001,539,656 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\AVKClient\AvkCl.exe -- (AntiVirusKit Client)
SRV - [2010.05.25 18:35:44 | 001,073,224 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010.04.22 14:59:36 | 000,339,016 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 12:23:40 | 001,778,336 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\AVKClient\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 09:58:44 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011.11.24 09:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.10.07 09:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2011.08.19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011.08.09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2011.08.05 14:59:12 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.05 14:47:04 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2)
DRV:64bit: - [2011.08.05 14:47:04 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2)
DRV:64bit: - [2011.08.05 14:47:04 | 000,032,544 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2011.08.05 14:47:04 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2011.08.05 14:47:04 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2011.05.02 10:17:08 | 000,084,936 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2011.05.02 10:17:02 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.27 16:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010.09.22 13:39:25 | 000,153,912 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vcdc.sys -- (vcdc)
DRV:64bit: - [2010.09.22 13:31:34 | 000,154,680 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbcdc.sys -- (usbcdc)
DRV:64bit: - [2010.09.22 13:25:33 | 000,263,224 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\isdnusb.sys -- (isdnusb)
DRV:64bit: - [2010.09.08 02:38:56 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.22 15:08:14 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.30 11:00:16 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2012.06.15 07:32:40 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.04.18 15:49:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 C7 2F 01 8E 06 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {D7DB7DA6-16BD-4270-BEB7-758EEED2E3C5}
IE - HKCU\..\SearchScopes\{D7DB7DA6-16BD-4270-BEB7-758EEED2E3C5}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A2938615334&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A2938615334&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.kicktipp.de/#####/profil/login"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.06.27 08:49:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.26 07:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.04 13:29:52 | 000,000,000 | ---D | M]

[2011.09.08 11:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\#####\AppData\Roaming\mozilla\Extensions
[2012.06.15 12:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\#####\AppData\Roaming\mozilla\Firefox\Profiles\cv311k3r.default\extensions
[2012.01.10 09:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.26 07:49:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 15:01:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 15:01:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.15 15:01:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 15:01:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 15:01:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 15:01:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.03.06 13:54:55 | 000,001,404 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.119.151.111 www.google-analytics.com.
O1 - Hosts: 188.119.151.111 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.111 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - D:\Programme (X86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] D:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ActiveFax Client] d:\programme (x86)\ActiveFax\Client\ActFaxClient.exe (ActFax Communication)
O4 - HKLM..\Run: [ActiveFax Terminal Server] d:\Programme (X86)\ActiveFax\Terminal\TSClientB.exe (ActFax Communication)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVK Client] C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe (G Data Software AG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Programme (X86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\#####\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - Startup: C:\Users\#####\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.lnk = D:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://matzespens.dyndns.org:81/codebase/IPCam902.cab (DVM_IPCam2 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ###.ffm.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CE93E5-06D0-4991-8587-BF39A6E2CFF4}: DhcpNameServer = 192.168.0.2
O18:64bit: - Protocol\Handler\dialux - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - D:\Programme (X86)\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.03 17:20:13 | 000,000,000 | ---D | M] - F:\AutoCad 2011 -- [ NTFS ]
O32 - AutoRun File - [2011.11.07 10:26:19 | 000,000,000 | ---D | M] - F:\AutoCAD Updates -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.15 13:16:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.15 12:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.15 12:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.06.15 11:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.06.15 11:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.06.15 11:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.06.15 11:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.06.14 14:18:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.14 10:33:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.06.14 09:58:33 | 000,000,000 | ---D | C] -- C:\Users\#####\AppData\Roaming\GlarySoft
[2012.06.12 07:53:16 | 000,000,000 | ---D | C] -- C:\Users\#####\AppData\Local\Macromedia
[2012.06.06 11:36:26 | 000,000,000 | ---D | C] -- C:\Users\#####\AppData\Local\VDE Anwendung
[2012.06.04 10:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AmpereSoft
[2012.06.04 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABB
[2012.06.04 10:26:02 | 000,000,000 | ---D | C] -- C:\EDSPowerCon
[2012.06.04 10:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABB
[2012.06.04 09:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StriePlan
[2012.06.04 09:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABB Striebel & John
[20 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.15 13:25:37 | 000,000,000 | ---- | M] () -- C:\Users\#####\defogger_reenable
[2012.06.15 13:19:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 12:58:39 | 000,005,192 | ---- | M] () -- C:\Users\#####\Documents\cc_20120615_125836.reg
[2012.06.15 12:48:10 | 000,002,006 | -H-- | M] () -- C:\Users\#####\Documents\Default.rdp
[2012.06.15 12:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.15 09:02:40 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.15 09:02:40 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.15 09:02:40 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.15 09:02:40 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.15 09:02:40 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.15 08:18:59 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 07:39:42 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 07:39:42 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 07:32:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.15 07:32:32 | 1072,504,830 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 11:29:56 | 000,001,870 | ---- | M] () -- C:\Users\#####\Documents\cc_20120614_112952.reg
[2012.06.14 11:29:42 | 000,060,902 | ---- | M] () -- C:\Users\#####\Documents\cc_20120614_112938.reg
[2012.06.14 10:10:40 | 000,000,073 | ---- | M] () -- C:\ECIPC.DAT
[2012.06.14 07:50:57 | 000,498,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 15:49:20 | 001,048,576 | ---- | M] () -- C:\Users\#####\Documents\Database5.accdb
[2012.06.13 15:19:42 | 000,704,512 | ---- | M] () -- C:\Users\#####\Documents\Database4.accdb
[2012.06.13 14:54:05 | 000,737,280 | ---- | M] () -- C:\Users\#####\Documents\Database3.accdb
[2012.06.13 14:41:41 | 001,146,880 | ---- | M] () -- C:\Users\#####\Documents\Schüler.accdb
[2012.06.13 14:40:50 | 001,650,688 | ---- | M] () -- C:\Users\#####\Documents\Kontakte-Webdatenbank.accdb
[2012.06.13 14:21:25 | 000,663,552 | ---- | M] () -- C:\Users\#####\Documents\Database2.accdb
[2012.06.13 14:05:05 | 000,524,288 | ---- | M] () -- C:\Users\#####\Documents\Database1.accdb
[2012.06.13 13:30:33 | 000,008,319 | ---- | M] () -- C:\Users\#####\Documents\wirtheim_klein.jpg
[2012.06.13 13:29:56 | 000,034,325 | ---- | M] () -- C:\Users\#####\Documents\wirtheim.jpg
[2012.06.12 09:21:55 | 012,336,264 | ---- | M] () -- C:\Users\#####\Desktop\5.AR.pdf
[2012.06.11 11:41:56 | 000,149,710 | ---- | M] () -- C:\Users\#####\Desktop\Massenermittlung.pdf
[2012.06.04 10:39:35 | 000,001,989 | ---- | M] () -- C:\Users\#####\AppData\Local\Licence_EDSPowerCon_TriLinePM.xml
[2012.06.04 10:26:08 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\EDS PowerCon.lnk
[2012.06.04 09:35:48 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\StriePlan.lnk
[2012.05.16 15:01:57 | 000,000,132 | ---- | M] () -- C:\Users\#####\AppData\Roaming\Adobe PNG Format CS5 Prefs
[20 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.15 13:25:37 | 000,000,000 | ---- | C] () -- C:\Users\#####\defogger_reenable
[2012.06.15 12:58:37 | 000,005,192 | ---- | C] () -- C:\Users\#####\Documents\cc_20120615_125836.reg
[2012.06.14 11:29:54 | 000,001,870 | ---- | C] () -- C:\Users\#####\Documents\cc_20120614_112952.reg
[2012.06.14 11:29:40 | 000,060,902 | ---- | C] () -- C:\Users\#####\Documents\cc_20120614_112938.reg
[2012.06.14 10:10:40 | 000,000,073 | ---- | C] () -- C:\ECIPC.DAT
[2012.06.13 15:38:19 | 001,048,576 | ---- | C] () -- C:\Users\#####\Documents\Database5.accdb
[2012.06.13 15:11:52 | 000,704,512 | ---- | C] () -- C:\Users\#####\Documents\Database4.accdb
[2012.06.13 14:41:41 | 000,737,280 | ---- | C] () -- C:\Users\#####\Documents\Database3.accdb
[2012.06.13 14:40:50 | 001,146,880 | ---- | C] () -- C:\Users\#####\Documents\Schüler.accdb
[2012.06.13 14:40:15 | 001,650,688 | ---- | C] () -- C:\Users\#####\Documents\Kontakte-Webdatenbank.accdb
[2012.06.13 14:05:05 | 000,663,552 | ---- | C] () -- C:\Users\#####\Documents\Database2.accdb
[2012.06.13 14:01:47 | 000,524,288 | ---- | C] () -- C:\Users\#####\Documents\Database1.accdb
[2012.06.13 13:30:12 | 000,008,319 | ---- | C] () -- C:\Users\#####\Documents\wirtheim_klein.jpg
[2012.06.13 13:29:56 | 000,034,325 | ---- | C] () -- C:\Users\#####\Documents\wirtheim.jpg
[2012.06.12 09:21:55 | 012,336,264 | ---- | C] () -- C:\Users\#####\Desktop\5.AR.pdf
[2012.06.11 11:41:56 | 000,149,710 | ---- | C] () -- C:\Users\#####\Desktop\Massenermittlung.pdf
[2012.06.04 10:39:35 | 000,001,989 | ---- | C] () -- C:\Users\#####\AppData\Local\Licence_EDSPowerCon_TriLinePM.xml
[2012.06.04 10:26:08 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\EDS PowerCon.lnk
[2012.06.04 09:35:48 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\StriePlan.lnk
[2012.04.04 13:29:33 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.30 11:05:49 | 000,000,132 | ---- | C] () -- C:\Users\#####\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.11.18 10:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\test.ini
[2011.11.11 02:45:44 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.11.03 13:30:26 | 000,000,044 | ---- | C] () -- C:\Users\#####\AppData\Local\Images.fl
[2011.09.08 11:03:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.25 13:13:24 | 001,598,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.19 11:15:13 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.04.19 11:09:13 | 000,000,428 | ---- | C] () -- C:\Windows\docuware.ini
[2011.04.19 10:44:34 | 000,002,521 | R--- | C] () -- C:\Windows\_qsosd.INI
[2011.04.19 10:44:34 | 000,002,521 | R--- | C] () -- C:\Windows\_caefcad.INI
[2011.04.19 10:38:15 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2011.04.19 09:51:53 | 000,000,136 | ---- | C] () -- C:\Windows\Dialux.ini
[2011.04.19 08:56:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011.04.19 08:56:05 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.04.19 08:55:18 | 000,001,134 | ---- | C] () -- C:\Windows\HASOFT.INI
[2011.04.19 08:55:17 | 000,000,704 | R--- | C] () -- C:\Windows\eslm.ini
[2011.04.19 08:55:17 | 000,000,101 | ---- | C] () -- C:\Windows\qs.ini
[2011.04.19 08:24:18 | 000,000,055 | ---- | C] () -- C:\Windows\RRW.INI
[2011.04.19 08:18:39 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.04.18 15:07:08 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.04.18 15:01:46 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2011.04.18 14:55:13 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.09.27 12:52:52 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config

========== LOP Check ==========

[2011.09.08 10:06:16 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\.oit
[2011.11.30 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\Artisteer
[2012.01.13 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\Ashampoo
[2012.04.24 10:45:37 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\Autodesk
[2011.09.20 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\Autodesk Navisworks Freedom 2010
[2011.11.07 12:15:07 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\BeSpotted
[2012.01.09 10:45:07 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\calibre
[2012.06.14 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\FileZilla
[2011.11.22 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\G&W Software Entwicklung
[2012.06.14 09:58:33 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\GlarySoft
[2012.03.01 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\Notepad++
[2012.03.01 12:37:06 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\ObviousIdea
[2012.06.14 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\OLXTeamOutlook
[2011.10.17 09:35:55 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\STRATO
[2012.06.14 11:28:37 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\STRATO AG
[2011.09.09 11:17:02 | 000,000,000 | ---D | M] -- C:\Users\#####\AppData\Roaming\TeamViewer
[2012.03.23 08:54:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Und hier noch die extra.txt:

Zitat:

OTL Extras logfile created on: 15.06.2012 13:26:14 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\######\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

12,00 Gb Total Physical Memory | 9,66 Gb Available Physical Memory | 80,51% Memory free
24,00 Gb Paging File | 21,64 Gb Available in Paging File | 90,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,74 Gb Total Space | 11,77 Gb Free Space | 14,05% Space Free | Partition Type: NTFS
Drive D: | 83,84 Gb Total Space | 69,57 Gb Free Space | 82,98% Space Free | Partition Type: NTFS
Drive F: | 1373,72 Gb Total Space | 520,77 Gb Free Space | 37,91% Space Free | Partition Type: NTFS
Drive G: | 1373,72 Gb Total Space | 520,77 Gb Free Space | 37,91% Space Free | Partition Type: NTFS

Computer Name: PC-10-WIN7 | User Name: M.###### | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme (X86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme (X86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme (X86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme (X86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EAA544-8841-4F2C-9492-22224531A19B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{08CF2FCD-B0DB-4EBE-A458-9EF889C2A9F6}" = lport=1061 | protocol=6 | dir=in | name=akamai netsession interface |
"{0B1D3A26-19B5-4B36-B2C5-B22899603828}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1EF544D8-7F7C-4955-B5FE-2E23B3636C85}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{23D73FFE-4186-456B-8796-95B76B003EEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28131793-5B69-425B-AF81-A26E19C815F6}" = lport=445 | protocol=6 | dir=in | app=system |
"{31C349CA-1549-4849-B774-15B39BE1DFDE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{47883BE5-2BB6-47B5-820F-8F17E66532D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C9CFE49-CD65-42F0-951C-74AAA740AC2B}" = lport=1050 | protocol=6 | dir=in | name=akamai netsession interface |
"{89601687-FCDE-4C3C-8BA5-3EC049A89F03}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8B0384E2-444A-4D2B-AF2B-1AF3DF277528}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95C17DBB-7842-4332-98B6-2E6D40F74235}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAA85EA9-9800-42C8-A2B2-AFF598573F5B}" = lport=rpc | protocol=6 | dir=in | svc=* | app=%systemroot%\system32\svchost.exe |
"{B2500314-A89D-4E48-9754-32DD2BB266DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C823CE96-D441-4B96-83B7-155359BCEB1F}" = lport=6004 | protocol=17 | dir=in | app=d:\programme\microsoft office\office14\outlook.exe |
"{C97B90BF-2CE6-418B-9732-E20BBEE07DB0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E2A67EE7-C002-4E10-BB4D-36EDF86FD45D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F65DBC04-F210-43C8-B7E0-D63E1539F2D5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F8987DD8-10AB-4431-A0E4-2F344F86760C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049DC7E2-0F4E-4D2D-A513-B55562AC8495}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office14\onenote.exe |
"{109435F3-D18F-492C-B475-2CF2BF8BB843}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{16AEF853-235B-4B21-B219-CD7CA8D5D42B}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{216416A8-9713-41A4-AA1D-7E8B7543274B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{2CDB5205-41A6-4072-9704-0C57EAA033B5}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office14\groove.exe |
"{3B78565F-E0CC-487E-B822-53CEC4EA1789}" = protocol=17 | dir=in | app=c:\program files (x86)\g data\avkclient\avkcl.exe |
"{415B466E-963F-4C03-9251-4AB85E621944}" = dir=out | app=%programfiles% (x86)\artisteer 3 (2)\bin\artisteer.exe |
"{471A0ED9-1D01-4047-BF3A-EDC8F77052B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4767151E-D964-43C3-8916-70FFC164B66A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{4BF311F2-9813-46F0-B025-A9191E373FF8}" = protocol=17 | dir=in | app=c:\users\######\appdata\local\akamai\netsession_win.exe |
"{56F985F2-2FFA-498B-AE0E-FF733AAE431E}" = protocol=6 | dir=in | app=c:\program files (x86)\g data\avkclient\avkcl.exe |
"{64E83468-D117-45AC-97AB-4B9A5194493E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{ACEC2BED-FCEF-4E13-AE2B-CFBF6379DD8F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{BF43A1AE-124E-4F0E-863F-05B2BE6F72F6}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office14\onenote.exe |
"{CCDE51B2-4FF6-4AC0-A9AC-7AF6F0143D4C}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office14\groove.exe |
"{D835A513-F81D-451D-BA43-82F90450E7C1}" = protocol=6 | dir=in | app=c:\users\######\appdata\local\akamai\netsession_win.exe |
"{F79ED132-C000-48C6-99D9-17F63C343C84}" = dir=out | app=%programfiles% (x86)\artisteer 3\bin\artisteer.exe |
"TCP Query User{3369FD14-29AC-4AA4-B653-3A0D78421F4A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{5E1BF04D-6DA2-4AE5-9BE9-F149137C2AAC}C:\program files (x86)\g data\avkclient\avkcl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g data\avkclient\avkcl.exe |
"TCP Query User{86039E64-B7FF-4C97-A0BD-4D700212C71E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{9FE15737-3326-4841-9B27-F70957B55D70}\\server\programme\jana2\janad.exe" = protocol=6 | dir=in | app=\\server\programme\jana2\janad.exe |
"TCP Query User{DE9C4735-3A2B-4FFB-9818-D306090B2E03}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{E7937C62-9B70-4564-9566-A1FF2E17869D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E95C66F2-2463-4C3A-8B82-71A444757D97}D:\programme (x86)\activefax\client\actfaxclient.exe" = protocol=6 | dir=in | app=d:\programme (x86)\activefax\client\actfaxclient.exe |
"TCP Query User{FAF101F4-30DB-49A1-B101-FA17C67DE5F6}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{43258774-321A-4C6A-9387-690B5E609374}D:\programme (x86)\activefax\client\actfaxclient.exe" = protocol=17 | dir=in | app=d:\programme (x86)\activefax\client\actfaxclient.exe |
"UDP Query User{45C9AF9D-B568-48C3-B9E6-0639675E664F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{4DA2BC1B-9DEF-47AB-B54E-BFF1B914B72C}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{97EB6597-072E-4CE8-BB30-9F5D86DFC21C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9EF65701-F82B-4CFA-94A9-56F39DB46D13}\\server\programme\jana2\janad.exe" = protocol=17 | dir=in | app=\\server\programme\jana2\janad.exe |
"UDP Query User{AC09EC09-F928-4CD8-BC77-85BD7B873F21}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{AD6DAB7D-AEA1-4810-87CF-A07627C73F3B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{FE8C147D-1E12-4A41-9F5A-2E6D9E8A5765}C:\program files (x86)\g data\avkclient\avkcl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g data\avkclient\avkcl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F9DA620-7664-4E37-8F79-6D24A9E61609}" = CallBridge Collection
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EFD4045-76AF-4A78-A189-EB85E8166D06}" = OLXTeamOutlook
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0407-0102-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5783F2D7-A001-0407-0102-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch
"{5783F2D7-A001-0407-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62E685A3-1E4F-4A12-B77C-9949DE9E7DFB}" = FRITZ!Fernzugang
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PRJPRO_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPRO_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPRO_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PRJPRO_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PRJPRO_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPRO_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPRO_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PRJPRO_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PRJPRO_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-1000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-1000-0000000FF1CE}_Office14.PRJPRO_{8388E8B0-3DC3-4A7B-9EE0-FCBB1C3363F6}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9CD6D175-052D-4D70-9467-C2F209012E7F}" = Siemens USB Driver V2 R1.2.0
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C416DB00-C6C1-0000-9EAB-5B6BF9B23A8F}" = Autodesk Navisworks Freedom 2010 (64 bit)
"{C416DB00-C6C1-0407-9EAB-5B6BF9B23A8F}" = Autodesk Navisworks Freedom 2010 (64 Bit) Language Pack (Deutsch)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AutoCAD 2011 - Deutsch Version 2.1" = AutoCAD 2011 - Deutsch Version 2.1
"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch
"AutoCAD 2012 - Deutsch SP1" = AutoCAD 2012 - Deutsch SP1
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Autodesk Navisworks Freedom 2010 (64 bit)" = Autodesk Navisworks Freedom 2010 (64 bit)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{11111C9F-7B73-428E-A789-E10002000000}" = SIMARIS project 2.0
"{1E6E0087-E717-4541-97E4-8BE297CA589F}" = StriePlan
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2281AB85-0000-4C6C-B4B8-D9ABB29B720B}" = Handy Safe Desktop Professional 2.03
"{2D405CC9-21BF-45AB-BD0A-A7FF853D6383}" = DocuWare 5 Client
"{354D9157-E127-4933-A718-9B8151590EB5}" = DocuWare Power Tools
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0422.2
"{3E3370FF-CC8C-42C6-852B-F3D385D76407}" = 2011.2
"{3F6C568A-9E46-4EA4-A125-6C8B1E3A765D}" = EDS PowerCon
"{4337BA09-3208-4DBB-84B7-47939003C0C9}" = Norka Katalog 07 / 2007
"{4A09332C-B03B-49E9-AEE5-7901FDA47FA5}" = DocuWare OCR Toolkit
"{4F6F5C1E-F109-4A58-8F43-9A1039CDAFC9}" = Zumtobel - Product Explorer
"{5542B6FC-191D-4D38-A4AF-BED6451A038B}" = Google Drive
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73D301BB-4E2C-432F-BFD8-8D444AC2CAD0}" = Glamox
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{920CA805-CC84-4960-8430-66ED12EF2F55}" = Setup Dongle-Treiber
"{9462CDC2-23BF-4E2C-955E-6362D64E6560}" = DocuWareInit
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{965436D4-A7FE-4FA5-B240-5B0912E12195}" = Wila Katalog 03 / 2011
"{98715F1F-EB23-4064-A2E4-7222778D719E}" = DocuWare 5 Client - German Language Pack
"{9BBE9CD0-670A-4F15-AE17-5B1494D12A9E}" = CLR-Typen des SQL Server-Systems
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957B17F-3791-45A6-B365-525D4F230F2A}" = HTML.Browser.Framework 4.0.0 (x86)
"{ABC07C37-794D-403D-A224-A4DDCC73D40A}" = California.pro - Arbeitsplatz V2.2.01
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B1E01764-6537-4BD6-BC37-1E914F78FFD6}" = DocuWare VCET Toolkit
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B3BE41FC-FDA0-44D2-A336-D5695012AD83}" = DocuWare Administration Tool
"{B484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Report 2008 Runtime SP3
"{B6525939-7E88-4BCA-A167-B742D1507126}" = DocuWare Upload Service
"{BD3727EE-87EB-41AA-B1EB-24112728D3E9}" = Siteco Lighting Tool
"{C2386342-27D6-4550-AA66-058E36F2D4B8}" = ERCO Light Scout DIALux PlugIn 01 / 2010
"{C36AC107-7B84-4BA3-9334-380B567124F5}" = TRILUX Daten-Plugin für DIALux 06/2011
"{D2B4A115-4803-45A4-8D8C-1424EC6DD072}" = ERCO Light Scout DIALux PlugIn
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DA16D5F3-36C5-40E0-B2DE-E7EB294FCE8F}" = Microsoft SQL Server 2008 Management Objects
"{DAD2B9D2-385F-4E80-8A12-2901F3F75392}" = DocuWare 5 Client
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DB891B4D-D0FC-4D41-A3FA-D51C914B9307}" = DocuWare Administration Tool
"{E3B13F91-FB8A-4363-A11E-F3CF0EDA9745}" = Philips Leuchten Planungstool
"{EA2B0FB0-7588-40D6-96C1-3515FB644343}" = Hess AG Form + Licht PlugIn 10.09
"{EAB8FB39-E751-421D-8E36-E78BDC8E7459}" = BEGA Katalog 12 / 2010
"{EE0D65D8-A2F2-4C03-9F34-E51CC7E6BE90}" = StriePlan
"{EFEE945C-E5BB-4185-A950-F9347883EEF8}" = DocuWare Upload Service Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E1BFBC-97AC-4867-827F-57B97177B430}" = Waldmann Katalog 04 / 2010
"{F741408F-B0FC-4177-9ACB-98869CE245C8}" = DocuWare 5.1c SP2
"ActiveFax" = ActiveFax
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Artisteer 3" = Artisteer 3
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"DIALux" = DIALux 4.10
"Elcom 5.1" = Hager - Tehalit 5.1
"FileZilla Client" = FileZilla Client 3.5.2
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"InstallShield_{3F6C568A-9E46-4EA4-A125-6C8B1E3A765D}" = EDS PowerCon
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E3B13F91-FB8A-4363-A11E-F3CF0EDA9745}" = Philips Leuchten Planungstool
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.0
"Product Information Tool" = Product Information Tool V3.0
"SIMARIS curves 2.1" = SIMARIS curves 2.1
"SIMARIS curves localisation de_DE 1.0" = Technik Paket - Germany
"SIMARIS design 6.0" = SIMARIS design 6.0
"SIMARIS design localisation de_DE 1.0" = Technik Paket - Germany
"TeamViewer 7" = TeamViewer 7
"VirtualCloneDrive" = VirtualCloneDrive
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"STANLY Track" = STANLY Track

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.06.2012 05:30:36 | Computer Name = PC-10-WIN7.###.###.de | Source = MsiInstaller | ID = 11402
Description =

Error - 14.06.2012 05:30:58 | Computer Name = PC-10-WIN7.###.###.de | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
DocuWare 5 Update service since QueryServiceConfig API failed System Error: Das System
kann die angegebene Datei nicht finden. .

Error - 14.06.2012 05:34:16 | Computer Name = PC-10-WIN7.###.###.de | Source = WinMgmt | ID = 10
Description =

Error - 14.06.2012 08:21:10 | Computer Name = PC-10-WIN7.###.###.de | Source = WinMgmt | ID = 10
Description =

Error - 15.06.2012 01:34:24 | Computer Name = PC-10-WIN7.###.###.de | Source = WinMgmt | ID = 10
Description =

Error - 15.06.2012 04:36:35 | Computer Name = PC-10-WIN7.###.###.de | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f9207d9 Name des fehlerhaften Moduls: mozglue.dll, Version: 12.0.0.4493,
Zeitstempel: 0x4f91f34c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000374b ID des fehlerhaften
Prozesses: 0xbc4 Startzeit der fehlerhaften Anwendung: 0x01cd4ad1d44e4201 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Berichtskennung:
36c8fb11-b6c5-11e1-a379-00116758da1e

Error - 15.06.2012 06:42:48 | Computer Name = PC-10-WIN7.###.###.de | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 01.aswMBR.exe, Version: 0.9.9.1665,
Zeitstempel: 0x4f5f9c86 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0xb9c Startzeit der fehlerhaften Anwendung: 0x01cd4ae28b76bfe0 Pfad der
fehlerhaften Anwendung: C:\Users\######\Google Drive\Antivirus und Trojaner\01.aswMBR.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d8cb7b98-b6d6-11e1-a379-00116758da1e

Error - 15.06.2012 06:44:38 | Computer Name = PC-10-WIN7.###.###.de | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 01.aswMBR.exe, Version: 0.9.9.1665,
Zeitstempel: 0x4f5f9c86 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0xe0c Startzeit der fehlerhaften Anwendung: 0x01cd4ae3a409524e Pfad der
fehlerhaften Anwendung: C:\Users\######\Google Drive\Antivirus und Trojaner\01.aswMBR.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 1a63d573-b6d7-11e1-a379-00116758da1e

Error - 15.06.2012 06:48:28 | Computer Name = PC-10-WIN7.###.###.de | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 01.aswMBR.exe, Version: 0.9.9.1665,
Zeitstempel: 0x4f5f9c86 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0x124c Startzeit der fehlerhaften Anwendung: 0x01cd4ae439ee716c Pfad der
fehlerhaften Anwendung: C:\Users\######\Google Drive\Antivirus und Trojaner\01.aswMBR.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a36cc4a4-b6d7-11e1-a379-00116758da1e

Error - 15.06.2012 06:57:21 | Computer Name = PC-10-WIN7.###.###.de | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Symantec Eraser Control driver. System Error: Das System kann die angegebene Datei
nicht finden. .

Error - 15.06.2012 06:59:40 | Computer Name = PC-10-WIN7.###.###.de | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Symantec Eraser Control driver. System Error: Das System kann die angegebene Datei
nicht finden. .

[ System Events ]
Error - 16.01.2012 05:03:03 | Computer Name = PC-10-WIN7.###.###.de | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne MIB aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error - 16.01.2012 05:03:05 | Computer Name = PC-10-WIN7.###.###.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error - 17.01.2012 03:00:48 | Computer Name = PC-10-WIN7.###.###.de | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne MIB aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error - 17.01.2012 03:00:48 | Computer Name = PC-10-WIN7.###.###.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error - 17.01.2012 11:12:35 | Computer Name = PC-10-WIN7.###.###.de | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 17.01.2012 11:12:35 | Computer Name = PC-10-WIN7.###.###.de | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 17.01.2012 11:12:36 | Computer Name = PC-10-WIN7.###.###.de | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 17.01.2012 11:12:37 | Computer Name = PC-10-WIN7.###.###.de | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 18.01.2012 05:28:25 | Computer Name = PC-10-WIN7.###.###.de | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne MIB aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error - 18.01.2012 05:28:27 | Computer Name = PC-10-WIN7.###.###.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

< End of report >

Ich hoffe mir kann geholfen werden...

cosinus · 18.06.2012, 12:12

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

matzespens · 19.06.2012, 06:54

Ok, das habe ich nun alles gemacht. Hier mal die Logdatei von Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
M.Schmidt :: PC-10-WIN7 [Administrator]

18.06.2012 14:02:59
mbam-log-2012-06-18 (14-02-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 525549
Laufzeit: 31 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und hier noch die Logdatei von ESET:

Code:

ATTFilter

C:\Users\Schmidt\Downloads\backup phone\Appmonsterbackup\Decimal to Hexadecimal 1.3.apk	a variant of Android/Adware.AirPush.A application
C:\Users\Schmidt\Downloads\backup phone\Appmonsterbackup\Hexadecimal to Decimal 1.2.apk	a variant of Android/Adware.AirPush.A application
C:\Users\Schmidt\Downloads\backup phone\Appmonsterbackup\Smart Weight Tracker 1.43.apk	Android/Adware.AirPush.A application

Leider hat er mir nach dem Scannen keine automatische Log Datei erzeugt. Ich habe aber vor dem Schließen des Programmes noch auf "als externe Datei speichern" geklickt.

Aber irgendwie sehe ich in den Logfiles bisher nichts dramatisches oder täusche ich mich da?

cosinus · 19.06.2012, 07:51

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

matzespens · 19.06.2012, 08:26

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
M.Schmidt :: PC-10-WIN7 [Administrator]

14.06.2012 14:27:28
mbam-log-2012-06-14 (14-27-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231862
Laufzeit: 1 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und noch eine:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
M.Schmidt :: PC-10-WIN7 [Administrator]

14.06.2012 14:36:51
mbam-log-2012-06-14 (14-36-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 524944
Laufzeit: 32 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 19.06.2012, 08:48

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

matzespens · 19.06.2012, 09:46

Windows läuft ganz normal. Ich habe auch keine Problem mit irgendwelchen Abstürzen etc. nur die bei uns hier im Büro typischen Problem mit einer speziellen Software (was aber definitiv an der Software selber liegt).

Leere Ordner habe ich auch nicht in der Startleiste.

Es ist einfach nur etwas nervig im Browser immer diese Popups zu haben. Außerdem muss ich manchmal einen Link zweimal anklicken weil ich beim ersten Mal auf eine andere Seite umgeleitet werde. Das nervt halt auch ohne Ende.

cosinus · 19.06.2012, 12:26

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

matzespens · 19.06.2012, 13:09

Code:

ATTFilter

OTL logfile created on: 19.06.2012 13:56:23 - Run 2
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\######\Google Drive\Antivirus und Trojaner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 9,22 Gb Available Physical Memory | 76,81% Memory free
24,00 Gb Paging File | 20,93 Gb Available in Paging File | 87,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,74 Gb Total Space | 11,51 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
Drive D: | 83,84 Gb Total Space | 71,99 Gb Free Space | 85,87% Space Free | Partition Type: NTFS
Drive F: | 1373,72 Gb Total Space | 514,47 Gb Free Space | 37,45% Space Free | Partition Type: NTFS
Drive G: | 1373,72 Gb Total Space | 514,47 Gb Free Space | 37,45% Space Free | Partition Type: NTFS
 
Computer Name: PC-10-WIN7 | User Name: M.###### | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.06.19 13:54:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\######\Google Drive\Antivirus und Trojaner\OTL.exe
PRC - [2012.05.16 17:52:58 | 011,921,064 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012.05.10 16:29:50 | 003,349,488 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.05.10 16:29:02 | 000,838,136 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.05.10 16:28:58 | 001,122,296 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\######\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.03.22 10:55:02 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.06.06 21:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.04.19 09:41:31 | 000,820,416 | ---- | M] (ActFax Communication) -- D:\Programme (X86)\ActiveFax\Client\ActFaxClient.exe
PRC - [2011.04.19 09:41:31 | 000,410,816 | ---- | M] (ActFax Communication) -- D:\Programme (X86)\ActiveFax\Terminal\TSClientB.exe
PRC - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.06.23 14:51:32 | 001,539,656 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe
PRC - [2010.06.23 14:51:32 | 001,539,656 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\AVKClient\AvkCl.exe
PRC - [2010.05.25 18:35:44 | 001,073,224 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
PRC - [2010.04.22 14:59:36 | 000,339,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2009.05.27 00:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- D:\Programme (X86)\VirtualCloneDrive\VCDDaemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.18 12:40:06 | 001,169,408 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\wx._core_.pyd
MOD - [2012.06.18 12:40:06 | 001,056,256 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\wx._controls_.pyd
MOD - [2012.06.18 12:40:06 | 001,018,368 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\_cacheinvalidation.pyd
MOD - [2012.06.18 12:40:06 | 000,807,424 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\wx._windows_.pyd
MOD - [2012.06.18 12:40:06 | 000,792,576 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\wx._gdi_.pyd
MOD - [2012.06.18 12:40:06 | 000,731,136 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\wx._misc_.pyd
MOD - [2012.06.18 12:40:06 | 000,645,120 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\_ssl.pyd
MOD - [2012.06.18 12:40:06 | 000,585,728 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\unicodedata.pyd
MOD - [2012.06.18 12:40:06 | 000,571,392 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\pysqlite2._sqlite.pyd
MOD - [2012.06.18 12:40:06 | 000,354,304 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\pythoncom26.dll
MOD - [2012.06.18 12:40:06 | 000,311,808 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\_hashlib.pyd
MOD - [2012.06.18 12:40:06 | 000,263,168 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\win32com.shell.shell.pyd
MOD - [2012.06.18 12:40:06 | 000,153,088 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\pyexpat.pyd
MOD - [2012.06.18 12:40:06 | 000,121,856 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\wx._wizard.pyd
MOD - [2012.06.18 12:40:06 | 000,111,104 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\win32file.pyd
MOD - [2012.06.18 12:40:06 | 000,110,592 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\pywintypes26.dll
MOD - [2012.06.18 12:40:06 | 000,096,256 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\win32api.pyd
MOD - [2012.06.18 12:40:06 | 000,086,016 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\_elementtree.pyd
MOD - [2012.06.18 12:40:06 | 000,073,728 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\_ctypes.pyd
MOD - [2012.06.18 12:40:06 | 000,070,656 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\wx._html2.pyd
MOD - [2012.06.18 12:40:06 | 000,040,448 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\_socket.pyd
MOD - [2012.06.18 12:40:06 | 000,039,424 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\win32inet.pyd
MOD - [2012.06.18 12:40:06 | 000,036,352 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\win32process.pyd
MOD - [2012.06.18 12:40:06 | 000,022,528 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\win32pdh.pyd
MOD - [2012.06.18 12:40:06 | 000,017,920 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\win32event.pyd
MOD - [2012.06.18 12:40:06 | 000,011,776 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\win32crypt.pyd
MOD - [2012.06.18 12:40:06 | 000,011,776 | ---- | M] () -- C:\Users\######\AppData\Local\Temp\_MEI34962\select.pyd
MOD - [2012.05.10 16:28:12 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.05.10 16:28:10 | 000,517,632 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.05.10 16:28:10 | 000,410,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.06.06 21:55:40 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
MOD - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV:64bit: - [2011.12.02 10:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.12 07:52:40 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.18 00:11:03 | 001,673,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2011.07.25 13:16:07 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.06.12 11:43:28 | 051,740,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.06.23 14:51:32 | 001,539,656 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\AVKClient\AvkCl.exe -- (AntiVirusKit Client)
SRV - [2010.05.25 18:35:44 | 001,073,224 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010.04.22 14:59:36 | 000,339,016 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 12:23:40 | 001,778,336 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\AVKClient\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 09:58:44 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011.11.24 09:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.10.07 09:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2011.08.19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011.08.09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2011.08.05 14:59:12 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.05 14:47:04 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2)
DRV:64bit: - [2011.08.05 14:47:04 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2)
DRV:64bit: - [2011.08.05 14:47:04 | 000,032,544 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2011.08.05 14:47:04 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2011.08.05 14:47:04 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2011.05.02 10:17:08 | 000,084,936 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2011.05.02 10:17:02 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.27 16:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010.09.22 13:39:25 | 000,153,912 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vcdc.sys -- (vcdc)
DRV:64bit: - [2010.09.22 13:31:34 | 000,154,680 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbcdc.sys -- (usbcdc)
DRV:64bit: - [2010.09.22 13:25:33 | 000,263,224 | ---- | M] (Siemens Enterprise Communications GmbH & Co. KG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\isdnusb.sys -- (isdnusb)
DRV:64bit: - [2010.09.08 02:38:56 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.22 15:08:14 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.30 11:00:16 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2012.06.18 12:40:00 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.04.18 15:49:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 C7 2F 01 8E 06 CD 01  [binary data]
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\..\SearchScopes,DefaultScope = {D7DB7DA6-16BD-4270-BEB7-758EEED2E3C5}
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\..\SearchScopes\{D7DB7DA6-16BD-4270-BEB7-758EEED2E3C5}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A2938615334&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A2938615334&q={searchTerms}
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\######\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\######\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.06.27 08:49:28 | 000,000,000 | ---D | M]
 
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\######\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\######\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\######\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\######\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\######\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\######\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.03.06 13:54:55 | 000,001,404 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 188.119.151.111 www.google-analytics.com.
O1 - Hosts: 188.119.151.111 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.111 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - D:\Programme (X86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] D:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ActiveFax Client] d:\programme (x86)\ActiveFax\Client\ActFaxClient.exe (ActFax Communication)
O4 - HKLM..\Run: [ActiveFax Terminal Server] d:\Programme (X86)\ActiveFax\Terminal\TSClientB.exe (ActFax Communication)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVK Client] C:\Program Files (x86)\G DATA\AVKClient\AVKCl.exe (G Data Software AG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Programme (X86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1119409783-1235520740-703473261-1000..\Run: [Akamai NetSession Interface] C:\Users\######\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1119409783-1235520740-703473261-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1119409783-1235520740-703473261-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\######\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.lnk = D:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O7 - HKU\S-1-5-21-1119409783-1235520740-703473261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In DIALux-Projekt einfügen - D:\Programme (X86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In DIALux-Projekt einfügen - D:\Programme (X86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://matzespens.dyndns.org:81/codebase/IPCam902.cab (DVM_IPCam2 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ###.ffm.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CE93E5-06D0-4991-8587-BF39A6E2CFF4}: DhcpNameServer = 192.168.0.2
O18:64bit: - Protocol\Handler\dialux - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - D:\Programme (X86)\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.03 17:20:13 | 000,000,000 | ---D | M] - F:\AutoCad 2011 -- [ NTFS ]
O32 - AutoRun File - [2011.11.07 10:26:19 | 000,000,000 | ---D | M] - F:\AutoCAD Updates -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK - C:\PROGRA~2\Hardcopy\hardcopy.exe - (sw4you, Siegfried Weckmann)
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - D:\Programme (X86)\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - D:\Programme (X86)\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - D:\Programme (X86)\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: 17388057.sys - Driver
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 17388057.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 17388057.sys - Driver
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 17388057.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {07841D3D-88A6-CCD3-EEAE-F31804EB4012} - Microsoft Windows Media Player
ActiveX:64bit: {1E2F257D-0D80-C784-8D7A-8DD6112A26DF} - Microsoft Windows Media Player
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {241D3FF3-0B37-7C26-3E78-47D4D87DDB04} - Themes Setup
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {424FA11A-5DA4-245D-58B9-003570D697A2} - Themes Setup
ActiveX:64bit: {42A9E2A8-CB0D-3A0F-562D-CBFD8CC005E8} - Microsoft Windows Media Player
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5F119B0A-8BA4-AAD1-8A57-C481C7E1C1B5} - Themes Setup
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B9E55ED9-6638-3AC3-B5DB-7E78E228072D} - Themes Setup
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7AB9AD16-D95C-9BFD-FF13-36D4C161ADC6} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.19 13:16:14 | 000,000,000 | ---D | C] -- C:\Users\######\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.06.19 09:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.19 09:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.06.19 09:45:28 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012.06.19 09:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.06.18 14:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.18 14:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 14:01:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.18 14:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.18 12:33:27 | 000,000,000 | ---D | C] -- C:\Users\######\AppData\Roaming\Help
[2012.06.18 12:33:27 | 000,000,000 | ---D | C] -- C:\Users\######\AppData\Local\Help
[2012.06.15 13:16:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.15 12:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.15 12:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.06.15 11:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.06.15 11:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.06.15 11:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.06.14 14:18:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.14 10:33:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.06.14 09:58:33 | 000,000,000 | ---D | C] -- C:\Users\######\AppData\Roaming\GlarySoft
[2012.06.12 07:53:16 | 000,000,000 | ---D | C] -- C:\Users\######\AppData\Local\Macromedia
[2012.06.06 11:36:26 | 000,000,000 | ---D | C] -- C:\Users\######\AppData\Local\VDE Anwendung
[2012.06.04 10:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AmpereSoft
[2012.06.04 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABB
[2012.06.04 10:26:02 | 000,000,000 | ---D | C] -- C:\EDSPowerCon
[2012.06.04 10:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABB
[2012.06.04 09:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StriePlan
[2012.06.04 09:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABB Striebel & John
[20 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.19 13:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.19 13:24:14 | 000,007,092 | ---- | M] () -- C:\Users\######\Documents\cc_20120619_132412.reg
[2012.06.19 13:19:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.19 13:18:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119409783-1235520740-703473261-1000UA.job
[2012.06.19 13:18:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119409783-1235520740-703473261-1000Core.job
[2012.06.19 13:16:15 | 000,002,284 | ---- | M] () -- C:\Users\######\Desktop\Google Chrome.lnk
[2012.06.19 09:45:30 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.06.19 08:19:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.19 04:37:57 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 04:37:57 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 14:34:40 | 000,000,136 | ---- | M] () -- C:\Windows\Dialux.ini
[2012.06.18 14:01:15 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.18 12:46:58 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.18 12:46:58 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 12:46:58 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 12:46:58 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 12:46:58 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 12:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 12:39:52 | 1072,504,830 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.15 13:25:37 | 000,000,000 | ---- | M] () -- C:\Users\######\defogger_reenable
[2012.06.15 12:58:39 | 000,005,192 | ---- | M] () -- C:\Users\######\Documents\cc_20120615_125836.reg
[2012.06.15 12:48:10 | 000,002,006 | -H-- | M] () -- C:\Users\######\Documents\Default.rdp
[2012.06.14 11:29:56 | 000,001,870 | ---- | M] () -- C:\Users\######\Documents\cc_20120614_112952.reg
[2012.06.14 11:29:42 | 000,060,902 | ---- | M] () -- C:\Users\######\Documents\cc_20120614_112938.reg
[2012.06.14 10:10:40 | 000,000,073 | ---- | M] () -- C:\ECIPC.DAT
[2012.06.14 07:50:57 | 000,498,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 15:49:20 | 001,048,576 | ---- | M] () -- C:\Users\######\Documents\Database5.accdb
[2012.06.13 15:19:42 | 000,704,512 | ---- | M] () -- C:\Users\######\Documents\Database4.accdb
[2012.06.13 14:54:05 | 000,737,280 | ---- | M] () -- C:\Users\######\Documents\Database3.accdb
[2012.06.13 14:41:41 | 001,146,880 | ---- | M] () -- C:\Users\######\Documents\Schüler.accdb
[2012.06.13 14:40:50 | 001,650,688 | ---- | M] () -- C:\Users\######\Documents\Kontakte-Webdatenbank.accdb
[2012.06.13 14:21:25 | 000,663,552 | ---- | M] () -- C:\Users\######\Documents\Database2.accdb
[2012.06.13 14:05:05 | 000,524,288 | ---- | M] () -- C:\Users\######\Documents\Database1.accdb
[2012.06.13 13:30:33 | 000,008,319 | ---- | M] () -- C:\Users\######\Documents\wirtheim_klein.jpg
[2012.06.13 13:29:56 | 000,034,325 | ---- | M] () -- C:\Users\######\Documents\wirtheim.jpg
[2012.06.12 09:21:55 | 012,336,264 | ---- | M] () -- C:\Users\######\Desktop\5.AR.pdf
[2012.06.11 11:41:56 | 000,149,710 | ---- | M] () -- C:\Users\######\Desktop\Massenermittlung.pdf
[2012.06.04 10:39:35 | 000,001,989 | ---- | M] () -- C:\Users\######\AppData\Local\Licence_EDSPowerCon_TriLinePM.xml
[2012.06.04 10:26:08 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\EDS PowerCon.lnk
[2012.06.04 09:35:48 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\StriePlan.lnk
[20 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.19 13:24:13 | 000,007,092 | ---- | C] () -- C:\Users\######\Documents\cc_20120619_132412.reg
[2012.06.19 13:16:15 | 000,002,284 | ---- | C] () -- C:\Users\######\Desktop\Google Chrome.lnk
[2012.06.19 13:13:51 | 000,001,132 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119409783-1235520740-703473261-1000UA.job
[2012.06.19 13:13:51 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1119409783-1235520740-703473261-1000Core.job
[2012.06.19 09:45:30 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.06.19 09:45:30 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.06.18 14:01:15 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.15 13:25:37 | 000,000,000 | ---- | C] () -- C:\Users\######\defogger_reenable
[2012.06.15 12:58:37 | 000,005,192 | ---- | C] () -- C:\Users\######\Documents\cc_20120615_125836.reg
[2012.06.14 11:29:54 | 000,001,870 | ---- | C] () -- C:\Users\######\Documents\cc_20120614_112952.reg
[2012.06.14 11:29:40 | 000,060,902 | ---- | C] () -- C:\Users\######\Documents\cc_20120614_112938.reg
[2012.06.14 10:10:40 | 000,000,073 | ---- | C] () -- C:\ECIPC.DAT
[2012.06.13 15:38:19 | 001,048,576 | ---- | C] () -- C:\Users\######\Documents\Database5.accdb
[2012.06.13 15:11:52 | 000,704,512 | ---- | C] () -- C:\Users\######\Documents\Database4.accdb
[2012.06.13 14:41:41 | 000,737,280 | ---- | C] () -- C:\Users\######\Documents\Database3.accdb
[2012.06.13 14:40:50 | 001,146,880 | ---- | C] () -- C:\Users\######\Documents\Schüler.accdb
[2012.06.13 14:40:15 | 001,650,688 | ---- | C] () -- C:\Users\######\Documents\Kontakte-Webdatenbank.accdb
[2012.06.13 14:05:05 | 000,663,552 | ---- | C] () -- C:\Users\######\Documents\Database2.accdb
[2012.06.13 14:01:47 | 000,524,288 | ---- | C] () -- C:\Users\######\Documents\Database1.accdb
[2012.06.13 13:30:12 | 000,008,319 | ---- | C] () -- C:\Users\######\Documents\wirtheim_klein.jpg
[2012.06.13 13:29:56 | 000,034,325 | ---- | C] () -- C:\Users\######\Documents\wirtheim.jpg
[2012.06.12 09:21:55 | 012,336,264 | ---- | C] () -- C:\Users\######\Desktop\5.AR.pdf
[2012.06.11 11:41:56 | 000,149,710 | ---- | C] () -- C:\Users\######\Desktop\Massenermittlung.pdf
[2012.06.04 10:39:35 | 000,001,989 | ---- | C] () -- C:\Users\######\AppData\Local\Licence_EDSPowerCon_TriLinePM.xml
[2012.06.04 10:26:08 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\EDS PowerCon.lnk
[2012.06.04 09:35:48 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\StriePlan.lnk
[2012.04.04 13:29:33 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.30 11:05:49 | 000,000,132 | ---- | C] () -- C:\Users\######\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.11.18 10:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\test.ini
[2011.11.11 02:45:44 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.11.03 13:30:26 | 000,000,044 | ---- | C] () -- C:\Users\######\AppData\Local\Images.fl
[2011.09.08 11:03:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.25 13:13:24 | 001,598,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.19 11:15:13 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.04.19 11:09:13 | 000,000,428 | ---- | C] () -- C:\Windows\docuware.ini
[2011.04.19 10:44:34 | 000,002,521 | R--- | C] () -- C:\Windows\_qsosd.INI
[2011.04.19 10:44:34 | 000,002,521 | R--- | C] () -- C:\Windows\_caefcad.INI
[2011.04.19 10:38:15 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2011.04.19 09:51:53 | 000,000,136 | ---- | C] () -- C:\Windows\Dialux.ini
[2011.04.19 08:56:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011.04.19 08:56:05 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.04.19 08:55:18 | 000,001,134 | ---- | C] () -- C:\Windows\HASOFT.INI
[2011.04.19 08:55:17 | 000,000,704 | R--- | C] () -- C:\Windows\eslm.ini
[2011.04.19 08:55:17 | 000,000,101 | ---- | C] () -- C:\Windows\qs.ini
[2011.04.19 08:24:18 | 000,000,055 | ---- | C] () -- C:\Windows\RRW.INI
[2011.04.19 08:18:39 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.04.18 15:07:08 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.04.18 15:01:46 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2011.04.18 14:55:13 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.09.27 12:52:52 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config
 
========== LOP Check ==========
 
[2011.04.19 15:37:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ashampoo
[2011.04.19 10:04:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2011.04.19 11:09:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ISIS Drivers
[2011.04.21 14:11:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OLXTeamOutlook
[2011.09.08 10:06:16 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\.oit
[2011.11.30 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Artisteer
[2012.01.13 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Ashampoo
[2012.04.24 10:45:37 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Autodesk
[2011.09.20 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Autodesk Navisworks Freedom 2010
[2011.11.07 12:15:07 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\BeSpotted
[2012.01.09 10:45:07 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\calibre
[2012.06.14 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\FileZilla
[2011.11.22 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\G&W Software Entwicklung
[2012.06.14 09:58:33 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\GlarySoft
[2012.03.01 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Notepad++
[2012.03.01 12:37:06 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\ObviousIdea
[2012.06.14 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\OLXTeamOutlook
[2011.10.17 09:35:55 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\STRATO
[2012.06.14 11:28:37 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\STRATO AG
[2011.09.09 11:17:02 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\TeamViewer
[2012.03.23 08:54:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.08 10:06:16 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\.oit
[2011.09.22 10:21:16 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Adobe
[2011.11.30 14:47:50 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Apple Computer
[2011.11.30 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Artisteer
[2012.01.13 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Ashampoo
[2012.04.24 10:45:37 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Autodesk
[2011.09.20 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Autodesk Navisworks Freedom 2010
[2011.11.07 12:15:07 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\BeSpotted
[2012.01.09 10:45:07 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\calibre
[2012.06.14 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\FileZilla
[2011.11.22 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\G&W Software Entwicklung
[2012.06.14 09:58:33 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\GlarySoft
[2012.06.18 12:33:27 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Help
[2011.04.18 14:43:31 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Identities
[2011.09.08 09:29:36 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Macromedia
[2012.05.07 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Media Center Programs
[2012.06.13 14:03:17 | 000,000,000 | --SD | M] -- C:\Users\######\AppData\Roaming\Microsoft
[2012.06.19 13:21:23 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Mozilla
[2012.03.01 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\Notepad++
[2012.03.01 12:37:06 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\ObviousIdea
[2012.06.14 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\OLXTeamOutlook
[2011.10.17 09:35:55 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\STRATO
[2012.06.14 11:28:37 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\STRATO AG
[2011.09.09 11:17:02 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\TeamViewer
[2012.01.18 14:13:18 | 000,000,000 | ---D | M] -- C:\Users\######\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
[2006.11.01 13:05:58 | 000,154,424 | ---- | M] () -- C:\ChVID.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 19.06.2012, 14:16

Code:

ATTFilter

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ###.ffm.de

Wieso fällt mir das mit dem Büro erst jetzt auf?

Firmenrechner? Werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

matzespens · 21.06.2012, 11:51

Ok, das wusste ich nicht. Schade, ich bin bei uns für die Rechner zuständig und komme eben nicht weiter.

Dann werde ich es einfach weiter versuchen. Ansonsten muss ich eben in den sauren Apfel beißen und den Rechner neu installieren.

Danke trotzdem für die bisherige Unterstützung.

Grüße

Matze

19.06.2012, 07:51	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Wieder mal: Popup rechts unten im Browser Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

19.06.2012, 08:48	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Wieder mal: Popup rechts unten im Browser Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> Wieder mal: Popup rechts unten im Browser

Wieder mal: Popup rechts unten im Browser

Plagegeister aller Art und deren Bekämpfung: Wieder mal: Popup rechts unten im Browser