Hallo, liebe Spezialisten!
Maleware fand heute 107 PUP.Blabers-Dateien. Wie werde ich die sicher wieder los?
An Problemen fiel mir lediglich auf, dass die Eingaben der Tastatur manchmal verzögert oder/oder unvollständig im PC ankamen.
Welche Gefahr geht von der Datei aus?

Vorab schon einmal vielen Dank für Eure Hilfe


Anbei die Log-Datei:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ********* [Administrator]

Schutz: Aktiviert

16.03.2013 19:14:35
mbam-log-2013-03-16 (19-14-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268125
Laufzeit: 3 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\******\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 110
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\old_witmain.cpp.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\old_witmain.pp.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\2f69b14b68c25849cfb7abc31c5355f8 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\2f69b14b68c25849cfb7abc31c5355f8_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\3ee6bbef623a0ac7077352d3a4953dd7 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\3ee6bbef623a0ac7077352d3a4953dd7_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\409dc4ca65bcc01439d855c7dd3360ea (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\409dc4ca65bcc01439d855c7dd3360ea_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\5930f140e002738247bac09ab0a21807 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\5930f140e002738247bac09ab0a21807_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\6743608aee413e70e2ad47ea5756227e (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\6743608aee413e70e2ad47ea5756227e_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\6a71d198c34d8645e40187c42e572259 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\6a71d198c34d8645e40187c42e572259_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\7450632d5c36fbc4e56713cf63a7ad3c (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\7450632d5c36fbc4e56713cf63a7ad3c_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\7acafe2d3e4c14a116bde4e028813ba7 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\7afc04f75c99af49b833d06743e69768 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\7afc04f75c99af49b833d06743e69768_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\87b21290866cab00a1fea6ecf40c1918 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\87b21290866cab00a1fea6ecf40c1918_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\905da6432b374359c5f9f9ba2b8cea0d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\905da6432b374359c5f9f9ba2b8cea0d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\9477bc333ae8bcfe14707b070434e59f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\9477bc333ae8bcfe14707b070434e59f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\9e955ec456f86b7d2225b490c36a440e (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\9e955ec456f86b7d2225b490c36a440e_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\a3305b130a0ed11cd68c58b262aa95b3 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\a3305b130a0ed11cd68c58b262aa95b3_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\a35ec2adf572a908b47081c94acefc6d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\a35ec2adf572a908b47081c94acefc6d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\b1c96482f4e3bf552c62cd322f8d5ef6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\b1c96482f4e3bf552c62cd322f8d5ef6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\b590e59d04fbf1a2e539ed0365d8391a (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\b590e59d04fbf1a2e539ed0365d8391a_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\b98ec85a6f6b5dca57a81c971a2ec1f5 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\b98ec85a6f6b5dca57a81c971a2ec1f5_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\bb5488ddebe29ca3a204a36285c4ee3a (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\bb5488ddebe29ca3a204a36285c4ee3a_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\bd75b259da6df295d57bcf03a94e1ba6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\c1c44ca1d695da7ece0f59471a8950a1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\c1c44ca1d695da7ece0f59471a8950a1_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\c4a4e7d52f3f8044d9a639a16862ea54 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\c4a4e7d52f3f8044d9a639a16862ea54_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\c87cfc42b2367aae14e402d2dcf42595 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\c87cfc42b2367aae14e402d2dcf42595_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\cc3d5dd68f5e484f97c06051047efb47 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\cc3d5dd68f5e484f97c06051047efb47_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\d6867a63f98943c5d45ac3e1e96e45bb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\d6867a63f98943c5d45ac3e1e96e45bb_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e47e95573a60db468cc4b2c5030df0a1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e47e95573a60db468cc4b2c5030df0a1_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\ec72c707346e29d325cdf6e1503ed59e (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\ec72c707346e29d325cdf6e1503ed59e_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\ef7b33f6a532640a1c82c7aefb7373f0 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\ef7b33f6a532640a1c82c7aefb7373f0_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\f4413a9bbae019aa976b741cc45b7e75 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\f4413a9bbae019aa976b741cc45b7e75_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\fb2a2d37c3a5abdb2d5c51d90fdaebc4 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\fb2a2d37c3a5abdb2d5c51d90fdaebc4_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

danach:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

• Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Wähle Scanne Alle Benuzer
• Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
• Unter Extra Registrierung, wähle bitte Benutze SafeList
• Klicke nun auf Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Hallo vielen Dank für die Unterstützung!

vorab die AdwCleaner[S1].txt:AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.115 - Datei am 18/03/2013 um 12:27:36 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - HP-DUOCORE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : \user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Internet\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\****\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\****\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\****\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\****\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=beaa77d600000000000090e6ba3d6a39&tlver=1.4.19.19&affID=17159 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [3817 octets] - [18/03/2013 12:26:51]
AdwCleaner[S1].txt - [3790 octets] - [18/03/2013 12:27:36]

########## EOF - \AdwCleaner[S1].txt - [3850 octets] ##########
         

--- --- ---


Hallo t'john,

anbei das OTL-Logfile OTL.TxtOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 18.03.2013 13:03:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,38 Gb Available Physical Memory | 67,24% Memory free
16,00 Gb Paging File | 13,29 Gb Available in Paging File | 83,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 487,47 Gb Total Space | 194,58 Gb Free Space | 39,92% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 137,87 Gb Free Space | 70,59% Space Free | Partition Type: NTFS
Drive E: | 234,37 Gb Total Space | 41,52 Gb Free Space | 17,72% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 45,24 Gb Free Space | 9,71% Space Free | Partition Type: NTFS
Drive Q: | 14,26 Gb Total Space | 2,50 Gb Free Space | 17,54% Space Free | Partition Type: NTFS
 
Computer Name: HP-DUOCORE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\******\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\******\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Users\******\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
PRC - D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\SHARP\Printer Status Monitor\Smon.exe ()
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\SHARP\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
PRC - C:\Program Files (x86)\SHARP\Sharpdesk\FTPServer.exe (SHARP CORPORATION)
PRC - C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe (SHARP CORPORATION)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\MagicTune Premium\GammaTray.exe ()
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
PRC - C:\Windows\SysWOW64\bgsmsnd.exe (Broadgun Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\******\AppData\Local\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\******\AppData\Local\Apps\Evernote\Evernote\libxml2.dll ()
MOD - C:\Users\******\AppData\Local\Apps\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\PROGRA~2\MICROS~2\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\PROGRA~2\MICROS~2\Office12\OUTLCTL.DLL ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Smon.exe ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Adapters\Sh4.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Adapters\Sh3.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Adapters\ShDevice.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Adapters\T651.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Adapters\C2x.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\SOAPAccs.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\smonpdb.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Adapters\Ar507.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\MIBaccs.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Adapters\Ar200.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\CMSnmpWrapper.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Resources\ResSh4DEU.DLL ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Resources\ResSh3DEU.DLL ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Resources\ResT651DEU.DLL ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Resources\ResC2xDEU.DLL ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\resources\resSMON2DEU.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Resources\ResShDeviceDEU.DLL ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Resources\ResAr507DEU.DLL ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\Resources\ResAr200DEU.DLL ()
MOD - C:\Programme\MagicTune Premium\GammaTray.exe ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\PROGRA~2\MICROS~2\Office12\ADDINS\COLLEA~1.DLL ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\SMONIPRV.dll ()
MOD - C:\Program Files (x86)\SHARP\Printer Status Monitor\CMSNMP2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DatevPrintService) -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (HPSLPSVC) -- C:\Users\******\AppData\Local\Temp\7zS2904\hpslpsvc64.dll (Hewlett-Packard Co.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (DATEV Update-Service) -- D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NasPmService) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (GigasetGenericUSB_x64) -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys (Siemens Home and Office Communication Devices GmbH & Co. KG)
DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)
DRV:64bit: - (Ser2pl64) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{24C8EDFC-727D-4DEB-889E-4942A2DC69AB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{CFF00F81-FEE2-4489-A905-F8932FA992D6}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{E8D34EB6-53B5-4DCD-A8EA-125AED713E66}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{24C8EDFC-727D-4DEB-889E-4942A2DC69AB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{CFF00F81-FEE2-4489-A905-F8932FA992D6}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{E8D34EB6-53B5-4DCD-A8EA-125AED713E66}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\..\SearchScopes\{24C8EDFC-727D-4DEB-889E-4942A2DC69AB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\..\SearchScopes\{CFF00F81-FEE2-4489-A905-F8932FA992D6}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\..\SearchScopes\{E8D34EB6-53B5-4DCD-A8EA-125AED713E66}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - No CLSID value found
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\..\SearchScopes\{F27B6D89-1AA4-4AD3-BD7C-3139E4B1DD6D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.1.*;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013.03.17 09:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012.11.30 15:46:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Users\******\AppData\Local\Mozilla Firefox\components [2013.03.08 05:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Users\******\AppData\Local\Mozilla Firefox\plugins [2013.03.08 05:13:30 | 000,000,000 | ---D | M]
 
[2012.09.11 16:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 10:55:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2006.10.26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2011.09.27 19:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll (Broadgun Software)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll (Broadgun Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll (Broadgun Software)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll (Broadgun Software)
O3 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll (Broadgun Software)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SN02IPRW] C:\Windows\SysWOW64\SN02SELC.EXE (SHARP CORPORATION)
O4:64bit: - HKLM..\Run: [SN0XRCV] C:\Windows\SysNative\spool\drivers\x64\3\SN0XRCV.exe (SHARP CORPORATION)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bgsmsnd.exe] C:\Windows\SysWOW64\bgsmsnd.exe (Broadgun Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexTray.exe] C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SharpTray.exe] C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe (AVAST Software)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-LRU68.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk = C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk =  File not found
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2453373081-2254680472-1085111696-1001\..Trusted Domains: wpc.exe ([]file in Lokales Intranet)
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://ghsweissbrodt.dyndns.org/DVRemoteAx.cab (DVRemoteControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C794654-A961-4845-9E3F-DB57AD955BCB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D404144F-1462-41D8-B0F0-2C2F2CB9F0B8}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\sds - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - "" File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - "" File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 23:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Turbo Lister Backup
[2013.03.17 08:48:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Neuer Ordner (2)
[2013.03.17 08:48:08 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Neuer Ordner
[2013.03.17 07:33:33 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.03.17 07:33:33 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.03.17 07:33:33 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.03.17 07:33:16 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.03.17 07:33:16 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.03.17 07:33:16 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.03.17 07:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.15 10:51:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.03.14 03:03:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 03:02:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.14 03:02:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 03:02:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 03:02:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 03:02:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 03:02:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.14 03:02:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.14 03:02:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 03:02:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.14 03:02:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.14 03:02:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 03:02:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 03:02:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.14 03:02:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 03:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 03:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 03:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.13 13:38:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Trillian
[2013.03.13 13:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2013.03.11 17:12:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Turbo Lister
[2013.03.11 16:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2013.03.11 16:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBay
[2013.03.05 11:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2013.03.03 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2013.03.03 19:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1-Faktura
[2013.03.03 01:48:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.03.03 01:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.03 01:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.03.03 01:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.03.02 21:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Process Explorer
[2013.02.28 12:58:41 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe
[2013.02.28 03:01:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.28 03:01:00 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 03:01:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.28 03:01:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.28 03:00:54 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.28 03:00:54 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.28 03:00:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 03:00:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 03:00:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 03:00:40 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.28 03:00:40 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 03:00:40 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 03:00:40 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 03:00:40 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 03:00:40 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 03:00:39 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.28 03:00:39 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.28 03:00:38 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 03:00:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 03:00:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 03:00:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 03:00:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 03:00:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 03:00:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 03:00:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 03:00:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 03:00:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 03:00:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 03:00:36 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.28 03:00:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.28 03:00:36 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.28 03:00:36 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.28 03:00:36 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.28 03:00:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.28 03:00:35 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.28 03:00:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.28 03:00:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.28 03:00:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.28 03:00:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.28 03:00:34 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.28 03:00:34 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.26 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.02.26 19:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013.02.24 13:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.18 12:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.18 12:39:18 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 12:39:18 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 12:29:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.18 12:29:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.18 12:29:03 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.18 12:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.17 09:01:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.03.17 08:52:14 | 000,000,512 | ---- | M] () -- C:\Users\***\Documents\MBR.dat
[2013.03.17 08:48:45 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.03.17 07:33:01 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.03.17 07:32:58 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.03.17 07:32:58 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.03.17 07:32:57 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.03.17 07:32:56 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.03.17 07:32:56 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.03.16 19:13:33 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.14 19:02:40 | 000,004,968 | ---- | M] () -- C:\Users\***\Documents\cc_20130314_190237.reg
[2013.03.14 19:01:24 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.13 17:13:19 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 17:13:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 13:38:30 | 000,001,085 | ---- | M] () -- C:\Users\***\Desktop\Trillian.lnk
[2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.03.07 00:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.03.07 00:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.03.07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.03.07 00:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.03.03 19:29:48 | 000,000,541 | ---- | M] () -- C:\Users\***\Desktop\A1-Faktura.lnk
[2013.02.28 12:59:28 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.02.28 10:07:41 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013.02.26 19:10:46 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.02.26 19:10:46 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.02.23 23:40:05 | 000,000,668 | ---- | M] () -- C:\Windows\SysWow64\iCMS.dat
 
========== Files Created - No Company Name ==========
 
[2013.03.17 09:01:28 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.17 09:01:28 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.17 08:48:45 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.03.17 08:44:52 | 000,000,512 | ---- | C] () -- C:\Users\***\Documents\MBR.dat
[2013.03.14 19:02:38 | 000,004,968 | ---- | C] () -- C:\Users\***\Documents\cc_20130314_190237.reg
[2013.03.13 13:38:30 | 000,001,115 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2013.03.13 13:38:30 | 000,001,085 | ---- | C] () -- C:\Users\***\Desktop\Trillian.lnk
[2013.03.03 19:29:48 | 000,000,541 | ---- | C] () -- C:\Users\***\Desktop\A1-Faktura.lnk
[2013.02.28 12:58:41 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.02.28 12:58:41 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.02.26 19:10:46 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.02.26 19:10:46 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.02.13 08:47:15 | 000,705,536 | ---- | C] () -- C:\Windows\is-LRU68.exe
[2013.02.08 16:14:14 | 000,000,668 | ---- | C] () -- C:\Windows\SysWow64\iCMS.dat
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.11.30 13:55:53 | 000,000,016 | ---- | C] () -- C:\Users\***\persistent_state
[2012.11.26 19:36:26 | 012,898,304 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.mdb
[2012.11.09 11:25:23 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.06.22 10:42:18 | 000,000,499 | ---- | C] () -- C:\Windows\HP-DUOCORE.jrf.init
[2012.06.22 10:30:10 | 000,000,122 | ---- | C] () -- C:\Windows\KurusDeinstall.INI
[2012.06.14 16:37:59 | 000,794,624 | ---- | C] ( ) -- C:\Windows\SysWow64\SN02SCIF.dll
[2012.06.14 16:37:55 | 000,811,008 | ---- | C] () -- C:\Windows\SysWow64\SN02DISC.DLL
[2012.06.14 16:37:55 | 000,001,835 | ---- | C] () -- C:\Windows\SysWow64\SN02DISC.DAT
[2012.06.14 16:37:55 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\SN02GJPG.dat
[2012.06.14 16:37:52 | 000,002,536 | ---- | C] () -- C:\Windows\SysWow64\SN02MDL.dat
[2012.06.14 16:37:52 | 000,002,345 | ---- | C] () -- C:\Windows\SysWow64\SN02PROF.dat
[2012.06.14 16:37:52 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\SN02VER1.dat
[2012.06.14 16:37:52 | 000,000,015 | ---- | C] () -- C:\Windows\SysWow64\SN02VER2.dat
[2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.11.07 09:45:21 | 001,837,828 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.07 09:34:24 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.11.07 09:31:48 | 000,000,106 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.11.07 09:28:06 | 000,000,107 | ---- | C] () -- C:\Windows\Startup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.30 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.11.29 07:53:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2013.01.31 18:18:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2012.12.14 07:51:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProfiCAD
[2013.02.05 18:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.11.15 18:22:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software4u
[2013.03.13 13:38:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian
[2011.01.18 10:46:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs
[2012.06.14 18:03:12 | 000,000,000 | ---D | M] -- C:\Users\++++++\AppData\Roaming\Nokia
[2012.06.14 18:02:31 | 000,000,000 | ---D | M] -- C:\Users\++++++\AppData\Roaming\PC Suite
[2013.01.02 18:59:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\APP_NAME_NON_STRING
[2011.07.25 13:42:47 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canneverbe Limited
[2011.01.20 18:32:17 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canon
[2011.07.25 12:56:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\CD-LabelPrint
[2012.06.22 12:14:36 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DATEV
[2012.04.10 22:20:44 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft
[2013.03.12 10:08:35 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FileZilla
[2012.11.30 13:30:53 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FreeCommander
[2012.04.12 11:48:44 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Garmin
[2012.07.15 17:18:35 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GetRightToGo
[2012.09.10 15:16:24 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\gtk-2.0
[2012.09.16 15:29:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\innoplus
[2012.12.22 23:29:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\IrfanView
[2013.03.16 19:54:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\KeePass
[2011.01.19 08:29:11 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Leadertech
[2012.11.30 07:18:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Lexware
[2011.06.05 15:25:59 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MAGIX
[2011.01.19 20:31:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\NASNaviator2
[2012.01.16 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia
[2012.01.16 18:14:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Ovi Suite
[2012.07.15 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nuance
[2012.11.19 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\OpenOffice.org
[2011.12.31 15:58:25 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite
[2013.02.26 18:47:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PDF Architect
[2012.12.14 07:53:17 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProfiCAD
[2012.02.16 11:03:34 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Q-Dir
[2013.02.28 12:55:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Samsung
[2011.05.23 14:00:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\schueco
[2012.06.14 16:49:34 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Sharp
[2011.11.03 12:48:34 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Sharpdesk
[2011.12.15 23:36:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\SmartTools
[2012.09.05 07:38:27 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Spyware Terminator
[2011.10.31 06:51:36 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer
[2012.07.01 10:50:25 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Temp
[2012.11.19 18:22:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Template
[2011.11.19 19:14:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TIPP10
[2011.07.29 07:39:37 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TomTom
[2013.03.07 18:35:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Tracker Software
[2013.03.13 14:24:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Trillian
[2011.03.16 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TrueCrypt
[2012.09.16 15:04:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity
[2011.01.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\WinBatch
[2011.03.25 09:07:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Wireshark
[2012.09.12 06:52:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C9633DEB

< End of report >
         

--- --- ---

OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 18.03.2013 13:03:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,38 Gb Available Physical Memory | 67,24% Memory free
16,00 Gb Paging File | 13,29 Gb Available in Paging File | 83,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 487,47 Gb Total Space | 194,58 Gb Free Space | 39,92% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 137,87 Gb Free Space | 70,59% Space Free | Partition Type: NTFS
Drive E: | 234,37 Gb Total Space | 41,52 Gb Free Space | 17,72% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 45,24 Gb Free Space | 9,71% Space Free | Partition Type: NTFS
Drive Q: | 14,26 Gb Total Space | 2,50 Gb Free Space | 17,54% Space Free | Partition Type: NTFS
 
Computer Name: HP-DUOCORE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2453373081-2254680472-1085111696-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\******\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\DATEV\PROGRAMM\Numzus\NumZus.exe" = D:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\Mandant\Mandant.exe" = D:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"D:\DATEV\SYSTEM\DvpExe.exe" = D:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"D:\DATEV\SYSTEM\DcomSrv.exe" = D:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = D:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"D:\DATEV\PROGRAMM\Numzus\NumZus.exe" = D:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\Mandant\Mandant.exe" = D:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"D:\DATEV\SYSTEM\DvpExe.exe" = D:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"D:\DATEV\SYSTEM\DcomSrv.exe" = D:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = D:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\DATEV\PROGRAMM\Numzus\NumZus.exe" = D:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\Mandant\Mandant.exe" = D:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"D:\DATEV\SYSTEM\DvpExe.exe" = D:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"D:\DATEV\SYSTEM\DcomSrv.exe" = D:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = D:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"D:\DATEV\PROGRAMM\Numzus\NumZus.exe" = D:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\Mandant\Mandant.exe" = D:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"D:\DATEV\SYSTEM\DvpExe.exe" = D:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"D:\DATEV\SYSTEM\DcomSrv.exe" = D:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = D:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C1F50CD-701B-436B-95E8-3410DD448ACD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1C37A981-5E28-4813-BF55-1BAE4A1BCD91}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2B47F262-8839-486F-A439-C2D9185D5C9E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2C409E1D-C007-4C41-BCB0-899C2701B9AB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{35325CB6-2CDB-4133-8915-6CDEE41EC5C0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{451C9060-3AC9-44A0-BA7D-0C55D04113A7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{48A8ADCB-7DEB-4141-8C2C-B72F8A808B58}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{504CF081-FE01-4486-ADC0-A6DDD6722C22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5927BB9D-77B4-4687-96B7-12A3C66F1485}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5E6406AC-DC84-456F-9BC4-AF434D6C6030}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6ED4E5F1-9B39-4723-9B52-44FE32660B45}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{70111C0B-BDA0-47FD-BD62-9156ABA4B195}" = lport=138 | protocol=17 | dir=in | app=system | 
"{77BD042E-5682-41FA-BD43-20386219D1AC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{7F5A86D8-68B8-479C-8F93-93B930A4881B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{86C0A793-DEB2-4434-B867-A1BB9984F122}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{8778AE5E-BDBF-47DC-9F4F-324B5FED5E9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{8B3B17C4-F1BA-4CAB-9298-78CC1FCD180C}" = lport=58432 | protocol=6 | dir=in | app=d:\datev\programm\sws\limaservice.exe | 
"{8C18C2D5-161C-4736-9039-73244D9EBAD6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8C439743-1AD9-4A48-8571-8F0CB9F4FDAD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{90739B79-00B9-44FD-BD05-1616058509E6}" = lport=80 | protocol=6 | dir=in | name=no-ip | 
"{911E6CB7-03D1-467F-B39D-40BD532CA0EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{912C0CF5-265E-4F8C-850F-A153C2D56FF1}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{B13ECF4E-1A0C-4DA4-9AD8-636EDBCCD794}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{C62FD8E2-9B68-4A10-B501-14CF0DD57772}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CC5A2AB2-F853-4E7A-BF58-B79856D4053C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{CED905A4-E45D-44A4-B896-80BE1F127143}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DE7818BB-125B-41A1-B872-53D231FD1213}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F21FEEB5-5E44-4B7E-9187-617E9B7B8E60}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C3DBCD-0494-4324-85B7-C42C859D45A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0C1B8C4D-7FF0-4298-A9B0-96F5C0D97FB1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{22D72836-CE05-4723-8EC2-3009E0C08ACB}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{24570199-8F6A-4EB8-8487-9C6354C6F08F}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"{2E22E45F-CB06-4B2D-8FCB-0C036F2DE72C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2FB2A597-CF02-4973-A02D-2D5A5841F05C}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"{43AD7A5B-F6CE-4BC2-AE13-C346EFBC3DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4750705A-6766-4693-A6A8-8E5F28A7288E}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{58542B31-4C35-46D2-959D-EAD76D063042}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5CCFEBB8-74F2-4AD7-BB5B-1BD51921DEC5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5FF9C0F2-676E-4B53-958B-63EDA3B91848}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{651E6262-E173-485A-966A-FC8AD3EDB4DB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{69FAEEA9-442C-486F-B288-FF6267A0EF2B}" = protocol=17 | dir=in | app=c:\program files (x86)\sharp\sharpdesk\sharpdesk.exe | 
"{7BB8D8F4-8EA3-4B7A-86DE-F5DBF18BE3B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8360B641-08D6-4F36-8521-CBCD833E6841}" = protocol=6 | dir=in | app=d:\datev\programm\rwapplic\datev.irw.managed.serviceprovider.exe | 
"{940F3B9F-1496-4367-8313-B11F3A2E3DD5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{977C19F3-427E-438E-AFCF-6A5B166ACBD0}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9A6DE66F-B638-4292-B09E-EB96F4A1BDC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{9BB91932-05CB-4A85-B26B-8039E5A84F8D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{9C78EF0B-C444-4610-ADB1-FA54922FA9B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A45FF005-7249-4A27-86CC-352C75F81162}" = protocol=6 | dir=in | app=d:\datev\programm\k0005000\arbeitsplatz.exe | 
"{ABA4BCAF-E142-4E98-B891-8D66971E5418}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{B17C9CAC-843E-4046-95C7-8FC4DF8FEC34}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{B6CA85F5-867F-43D2-A6B0-2C9440A9CF56}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B9EDF389-2EEF-4FD6-953B-87AD5903EC79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BE148A9E-0411-4684-AD35-A632D13A553C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BF2F3231-34D1-4848-8CBE-16DD0BD4F8D0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C5554A0D-DCF3-4743-B6DC-FBCAD2E68D27}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C6084D83-9329-4567-A910-2BD5F1B48EC4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{CE5C4F1C-B799-4F8D-9399-1556B888E45E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E1208F06-8C6B-43D9-B00A-52867D60BEDB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{ED81B762-3EC9-413B-B2E1-EF1157A84459}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F1C80842-1259-451D-99D1-C346C79D8F63}" = protocol=6 | dir=in | app=c:\program files (x86)\sharp\sharpdesk\sharpdesk.exe | 
"{F2900445-0EA1-4099-9846-FCE5E16A8EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{F69D6725-D742-4536-ABCB-B853556EAF6F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{F75136DB-3430-43F3-8A07-936EE5F1FE7B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{FB4B4CD0-663C-4EF6-AE6E-204D1F8A9952}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{1898E23E-1C71-4A29-A1CF-1C6DBEF45CB9}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"TCP Query User{2079AA65-87BE-4917-9A4E-CC85D4299620}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"TCP Query User{266C7C61-6941-4F68-A909-E9038ABBA219}C:\program files (x86)\sharp\printer status monitor\smon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sharp\printer status monitor\smon.exe | 
"TCP Query User{5260EA77-7329-49DC-8199-CDD2C8D0F0E0}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"TCP Query User{5DB3437C-AF6F-4C70-B134-0BD869836FBD}C:\program files (x86)\sharp\sharpdesk\ftpserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sharp\sharpdesk\ftpserver.exe | 
"TCP Query User{620596A3-4FDE-4E55-8538-E36433B8F026}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{65FC0E36-2848-4F15-A262-936F1A30C0C2}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe | 
"TCP Query User{92EADF78-9E79-44C4-B491-7BD376B75257}C:\windows\system32\spool\drivers\x64\3\sn0xnjr.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sn0xnjr.exe | 
"TCP Query User{B411A500-979B-4CC0-BB53-1D266A2696B3}C:\program files (x86)\sharp\sharpdesk\ftpserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sharp\sharpdesk\ftpserver.exe | 
"TCP Query User{D8C06725-5F32-4FEA-BE33-6302A5470D85}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{DF04A46D-062B-43A5-B2A4-F9DD62B30E4F}C:\program files (x86)\sharp\printer status monitor\smon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sharp\printer status monitor\smon.exe | 
"TCP Query User{EA26AF9A-412B-40D2-86E5-D54691500AC5}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{EA5EEB98-A9F5-4D95-A806-7D9588FBC29A}C:\program files (x86)\appigo sync\appigo sync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\appigo sync\appigo sync.exe | 
"TCP Query User{EEB32727-5978-4516-91B5-018F2F1049DF}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"UDP Query User{12E46576-1168-490B-8DC3-10A3EC1CD9ED}C:\program files (x86)\sharp\sharpdesk\ftpserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sharp\sharpdesk\ftpserver.exe | 
"UDP Query User{196ED7F4-8EEB-413C-A90C-1211D9C1B5EB}C:\program files (x86)\sharp\printer status monitor\smon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sharp\printer status monitor\smon.exe | 
"UDP Query User{5B3E4604-565B-4C12-9F21-07695A347F79}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"UDP Query User{746E9B68-6C18-4405-B338-9DD566961B85}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"UDP Query User{761AAD9D-2A67-4CDA-BD39-DC78E9EA609D}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"UDP Query User{7B70F658-BA41-4D5E-8C3E-2EE8B680D45A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{7D331FAC-57DB-4637-8761-235AA16607B4}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{85A526C6-EE37-4540-A172-641B5DF40228}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe | 
"UDP Query User{8B448CD8-9F3A-48D4-A141-80E7121ECA96}C:\program files (x86)\appigo sync\appigo sync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\appigo sync\appigo sync.exe | 
"UDP Query User{9ABA4831-A687-40C0-AF1C-CA8FF44941C9}C:\program files (x86)\sharp\sharpdesk\ftpserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sharp\sharpdesk\ftpserver.exe | 
"UDP Query User{A5819081-04A6-4897-ABD6-F235EA63177B}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
"UDP Query User{AAC684E1-78F0-45D0-9885-6BF76AB8603C}C:\program files (x86)\sharp\printer status monitor\smon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sharp\printer status monitor\smon.exe | 
"UDP Query User{D85E7432-2532-4474-A65F-B66072E5F89F}C:\windows\system32\spool\drivers\x64\3\sn0xnjr.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sn0xnjr.exe | 
"UDP Query User{DDE3815B-5C38-4B14-B3F1-EC152967C399}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2710505A-D198-4906-8767-F869909D9FA6}" = Attack Surface Analyzer
"{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}" = Gigaset QuickSync
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{E601CC5B-6D8F-11DE-4E95-3FE0187790C9}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F4934901-B3C8-9918-F018-2D68F94B380E}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PC-Doctor for Windows" = Hardwarediagnosetools
"Pen Tablet Driver" = Bamboo
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.51
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0304767D-5AF0-A6EF-5774-6E0D7A42687A}" = CCC Help Polish
"{04E7BAD6-4E65-428D-AB70-DD73978BEEA5}" = DWGExport
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF4F0C7-8074-4D37-9650-DBB893670B9A}" = CCC Help English
"{0C747AF8-6910-ED23-4E6B-A198FC5A592B}" = CCC Help Thai
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BD84D49-F8D4-C48B-44C3-454B886B996F}" = CCC Help Swedish
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{230C2422-DEBC-3592-9543-70A3929FBACC}" = CCC Help Danish
"{253CCE09-2876-4F7A-9179-D04BF16F38F3}" = ArCon Eleco +2007
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2B929487-3B32-7115-8CDB-B2209464B6A9}" = CCC Help Norwegian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{31DBA23B-55DA-48F5-B5B4-A031B722F648}" = MagicRotation
"{32B08666-1587-435D-988C-7958A04B218A}_is1" = OMSI Addon Manager Version 1.2.3
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9E9C5D-F013-4CB7-9CA9-EB481501DBB4}" = Brother P-touch Update Software
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{54625876-FFA9-CDD4-AE9F-F229CE6F1CFC}" = CCC Help Czech
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5ED619AE-AF12-0038-32BA-A56C1C1684ED}" = Catalyst Control Center Graphics Full New
"{5EE3FC44-D3B4-DBEF-13C9-DDC0DC8DB5C0}" = CCC Help Greek
"{5F669C27-AD76-5EF1-5DD0-B4F39DDABF82}" = CCC Help Russian
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{646BCF4C-9014-1D5B-194C-AE7E5234E173}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF6FA12-4DA0-4BBD-A91C-81B1A1DDCE74}" = iCMS
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E5734E9-30D4-2912-A273-3EA6A8D38A4C}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{73CFF804-031A-145F-B4B1-54DBADE4BF5A}" = Catalyst Control Center Core Implementation
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7619C9D8-BC52-F5A0-B184-56F1BCA8FDCD}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{80D881D9-2241-FDB2-917B-754D27B1711A}" = CCC Help Portuguese
"{812E1043-3795-2164-8607-FBF53B045EC5}" = CCC Help Turkish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{854FC493-0A42-A237-ADE7-59FDEEAD444D}" = CCC Help Dutch
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{8664FCE8-F91A-42BC-927C-AA318185E5EA}" = Sharpdesk
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88661107-C9FE-F236-5885-BD043F43C290}" = CCC Help Italian
"{89A060BA-6CF3-4BDB-A94C-91C9BEF21C6A}" = Appigo Sync
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F35D245-64DC-6231-F394-F1C70B1879E2}" = CCC Help French
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94BB375E-E8DC-555A-EC06-4BF1E1641E6F}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE27CE5-2442-EEA6-1D66-ED8D95E2EDF6}" = HydraVision
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - The Bus Simulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3698519-6043-889E-F219-3434BBD87A44}" = CCC Help Japanese
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A4AA1A93-DFB5-4726-9522-B054EF1A456A}" = Catalyst Control Center - Branding
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AE41A33E-C9B5-47FE-9586-9D47B43E73B5}" = CCC Help Chinese Standard
"{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}" = Lexware zeitmanagement 2011
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B338F364-B396-48DF-8E38-29840232CF3D}" = MAGIX Video deluxe 17 Plus
"{B5F30211-27A0-C178-8D76-D838572EDEBD}" = ccc-core-static
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BEAF338B-F240-40F2-9B66-E5B7533A6874}" = ArCon Eleco 2007.01 Update
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE7855E6-B7C8-2E8E-9C10-EE996978A644}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (DATEV_CL_DE01)
"{D4073F62-505F-4E05-AB13-B399E67C0DED}" = MAGIX Screenshare
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DC792B88-128D-0DF8-B8E0-86369110C15F}" = Catalyst Control Center Graphics Light
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1A278B7-38E9-25B7-248A-2D233D9A5104}" = CCC Help Hungarian
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6930026-9C0D-8D0E-B5A0-B434B6FB9940}" = CCC Help Finnish
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA0D9E39-87E0-A1AD-8059-17090989C403}" = Catalyst Control Center HydraVision Full
"{EC154DE4-54C6-427A-941F-FCF9B3A78DF1}" = MAGIX Speed burnR (MSI)
"{ED89ADF0-7BA1-5B34-CFA1-203BEFB298C0}" = Catalyst Control Center Localization All
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F55C356C-2B50-BC6F-3221-56E4A46E1A90}" = CCC Help Spanish
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A1-Faktura_is1" = A1-Faktura 1.429
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"avast" = avast! Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DATEVB00000482.0" = DATEV Installation V.2.9
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Duraprint net" = Duraprint net
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403
"FreeCommander_is1" = FreeCommander 2009.02b
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.18
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MPE" = MyPhoneExplorer
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"Nokia PC Suite" = Nokia PC Suite
"OpenCPN 3.0.2" = OpenCPN 3.0.2
"Printer Status Monitor" = Printer Status Monitor Version 4.2.0
"Profi cash" = Profi cash
"ProfiCAD_is1" = ProfiCAD 7.3
"Q-Dir" = Q-Dir
"Rainbow Sentinel Driver" = Sentinel System Driver
"Rechnungsvorlage V3.33 (ab Excel 2000)" = Rechnungsvorlage V3.33 (ab Excel 2000) V3-33 
"SHARP MFP TWAIN C Scanner Driver" = Scannertreiber SHARP MFP TWAIN C
"SHARP MFP TWAIN K Scanner Driver" = Scannertreiber SHARP MFP TWAIN K
"SHARP MX-2310U PC-Fax Driver" = SHARP MX-2310/2010/3111/1810 PC-Fax Driver
"SHARP MX-2310U Printer Driver" = SHARP MX-2310/2010/3111/1810 Printer Driver
"SmartToolsOutlook-Geburtstagslistev3.01" = SmartTools Publishing • Word Outlook-Geburtstagsliste
"sPlan_70_Demo_is1" = sPlan 7.0 (Demo)
"StairCon" = StairCon
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"Synology Assistant" = Synology Assistant (remove only)
"TIPP10_is1" = TIPP10 Version 2.1.0
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"UN060501" = BUFFALO NAS Navigator2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2453373081-2254680472-1085111696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2453373081-2254680472-1085111696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2012 04:47:22 | Computer Name = HP-Duocore | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 04:47:23 | Computer Name = HP-Duocore | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 04:47:23 | Computer Name = HP-Duocore | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 04:53:11 | Computer Name = HP-Duocore | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 14.06.2012 07:47:49 | Computer Name = HP-Duocore | Source = NSSDK.SharpNSCopiers.1 | ID = 34938914
Description = index außerhalb der grenzwerte  (0x82150214)
 
Error - 14.06.2012 08:04:16 | Computer Name = HP-Duocore | Source = NSSDK.SharpNSCopiers.1 | ID = 34938914
Description = index außerhalb der grenzwerte  (0x82150214)
 
Error - 14.06.2012 08:04:18 | Computer Name = HP-Duocore | Source = NSSDK.SharpNSCopiers.1 | ID = 34938914
Description = index außerhalb der grenzwerte  (0x82150214)
 
Error - 14.06.2012 13:00:21 | Computer Name = HP-Duocore | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MagicTune.exe, Version: 1.0.0.1, 
Zeitstempel: 0x4cca62fb  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace4e7  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00000000000552d4
ID
 des fehlerhaften Prozesses: 0x2360  Startzeit der fehlerhaften Anwendung: 0x01cd4a4f2d7a9b21
Pfad
 der fehlerhaften Anwendung: C:\Program Files\MagicTune Premium\MagicTune.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
Berichtskennung:
 6cedf293-b642-11e1-9e7f-90e6ba3d6a39
 
Error - 14.06.2012 13:39:33 | Computer Name = HP-Duocore | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
 12.0.0.58849, Zeitstempel: 0x45b1a378  Name des fehlerhaften Moduls: ISSetup.dll,
 Version: 12.0.0.58851, Zeitstempel: 0x45e5fb47  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0009522f  ID des fehlerhaften Prozesses: 0x7c0  Startzeit der fehlerhaften Anwendung:
 0x01cd4a54a5787d3d  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\InstallShield
 Installation Information\{88684C15-B94F-4457-BEBC-310A494603F4}\setup.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\InstallShield Installation Information\{88684C15-B94F-4457-BEBC-310A494603F4}\ISSetup.dll
Berichtskennung:
 e67c879c-b647-11e1-9e7f-90e6ba3d6a39
 
Error - 14.06.2012 13:39:55 | Computer Name = HP-Duocore | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
 12.0.0.58849, Zeitstempel: 0x45b1a378  Name des fehlerhaften Moduls: ISSetup.dll,
 Version: 12.0.0.58851, Zeitstempel: 0x45e5fb47  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0009522f  ID des fehlerhaften Prozesses: 0x2354  Startzeit der fehlerhaften Anwendung:
 0x01cd4a54b44aaf7a  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\InstallShield
 Installation Information\{88684C15-B94F-4457-BEBC-310A494603F4}\setup.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\InstallShield Installation Information\{88684C15-B94F-4457-BEBC-310A494603F4}\ISSetup.dll
Berichtskennung:
 f376e127-b647-11e1-9e7f-90e6ba3d6a39
 
[ Hewlett-Packard Events ]
Error - 20.04.2011 14:17:34 | Computer Name = HP-Duocore | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041120081731.xml
 File not created by asset agent
 
Error - 25.05.2011 14:38:47 | Computer Name = HP-Duocore | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051125083843.xml
 File not created by asset agent
 
Error - 16.07.2011 03:27:29 | Computer Name = HP-Duocore | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071116092726.xml
 File not created by asset agent
 
Error - 13.08.2011 08:42:51 | Computer Name = HP-Duocore | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081113024248.xml
 File not created by asset agent
 
Error - 24.08.2011 14:52:27 | Computer Name = HP-Duocore | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081124085223.xml
 File not created by asset agent
 
Error - 03.11.2011 07:49:21 | Computer Name = HP-Duocore | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4095  Ram
 Utilization: 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 09.05.2012 09:51:57 | Computer Name = HP-Duocore | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 60  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 09.05.2012 09:51:58 | Computer Name = HP-Duocore | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization:   TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 10.05.2012 11:30:27 | Computer Name = HP-Duocore | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10.05.2012 11:33:00 | Computer Name = HP-Duocore | Source = HPSF.exe | ID = 4000
Description = 
 
[ OSession Events ]
Error - 06.08.2012 06:33:16 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2217
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 08.08.2012 09:46:12 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15281
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 25.10.2012 08:11:49 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 55
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.12.2012 09:34:42 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17898
 seconds with 7560 seconds of active time.  This session ended with a crash.
 
Error - 06.12.2012 09:59:43 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1476
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 06.12.2012 10:54:53 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3298
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 12.12.2012 18:40:25 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 146715
 seconds with 8700 seconds of active time.  This session ended with a crash.
 
Error - 21.12.2012 06:20:18 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 220
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2013 19:00:16 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22863
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 04.03.2013 08:59:37 | Computer Name = HP-Duocore | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 78
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.03.2013 22:04:31 | Computer Name = HP-Duocore | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.03.2013 22:04:31 | Computer Name = HP-Duocore | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 16.03.2013 02:54:44 | Computer Name = HP-Duocore | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 DATEV DFL-Service-Manager erreicht.
 
Error - 16.03.2013 02:54:44 | Computer Name = HP-Duocore | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DATEV DFL-Service-Manager" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 16.03.2013 15:33:35 | Computer Name = HP-Duocore | Source = bowser | ID = 8003
Description = 
 
Error - 16.03.2013 18:10:39 | Computer Name = HP-Duocore | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 16.03.2013 18:10:39 | Computer Name = HP-Duocore | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 17.03.2013 19:59:18 | Computer Name = HP-Duocore | Source = Ntfs | ID = 262281
Description = Auf dem Volume "T:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 18.03.2013 03:52:25 | Computer Name = HP-Duocore | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 18.03.2013 03:52:25 | Computer Name = HP-Duocore | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         

--- --- ---

Weitermachen mit:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Here it is:JRT Logfile:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 18.03.2013 at 21:01:09,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2453373081-2254680472-1085111696-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\software4u"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2013 at 21:13:06,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

--- --- ---

Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

danach:

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Hallo t'john, aswMBR habe ich. Muss es mich beunruhigen, dass ich nach dem beendeten Scan einen Bluescreen hatte? Vorab die Logdatei:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 20:37:10
-----------------------------
20:37:10.341 OS Version: Windows x64 6.1.7601 Service Pack 1
20:37:10.341 Number of processors: 4 586 0x170A
20:37:10.341 ComputerName: HP-DUOCORE UserName: ***
20:37:11.511 Initialize success
20:37:15.021 AVAST engine defs: 13031900
20:38:03.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:38:03.240 Disk 0 Vendor: WDC_WD10EADS-65M2B0 01.00A01 Size: 953869MB BusType: 3
20:38:03.240 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
20:38:03.240 Disk 1 Vendor: WDC_WD5001AALS-00J7B1 05.00K05 Size: 476940MB BusType: 3
20:38:03.272 Disk 0 MBR read successfully
20:38:03.272 Disk 0 MBR scan
20:38:03.272 Disk 0 unknown MBR code
20:38:03.272 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:38:03.287 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 499165 MB offset 206848
20:38:03.287 Disk 0 Partition - 00 0F Extended LBA 439999 MB offset 1022498816
20:38:03.334 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14601 MB offset 1923617217
20:38:03.365 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 200000 MB offset 1022500864
20:38:03.365 Disk 0 Partition - 00 05 Extended 239998 MB offset 1432100864
20:38:03.396 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 239997 MB offset 1432102912
20:38:03.443 Disk 0 scanning C:\Windows\system32\drivers
20:38:13.131 Service scanning
20:38:32.506 Modules scanning
20:38:32.506 Disk 0 trace - called modules:
20:38:32.506
20:38:33.567 AVAST engine scan C:\Windows
20:38:37.139 AVAST engine scan C:\Windows\system32
20:41:54.932 AVAST engine scan C:\Windows\system32\drivers
20:42:06.382 AVAST engine scan C:\Users\***
20:42:28.254 AVAST engine scan C:\ProgramData
20:49:11.934 Scan finished successfully
20:49:34.773 Disk 0 MBR has been saved successfully to "C:\Users\******\Desktop\MBR.dat"

Ich mach dann mit Eset weiter und melde mich dann mit der Log-Datei wieder.

Bis dann.

Eset scheint etwas länger zu brauchen - ist das kein Problem, wenn so lange der Firewall und der Virenscanner ausgeschaltet sind?

Guten Morgen das Eset hat zwei Dateien gefunden - in inem alten Windowas Back up:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8cae9234e487c245aac1be18481c7b2d
# engine=13431
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-20 02:41:58
# local_time=2013-03-20 03:41:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 73459 115377168 0 0
# compatibility_mode=7937 16777214 0 25 16479465 16479465 0 0
# scanned=580450
# found=2
# cleaned=0
# scan_time=23765
sh=406DA85873C7BD5DF80E4A830E59EDF6830C4063 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.FQWXKXL trojan" ac=I fn="F:\DUOCORE\Backup Set 2011-01-16 174801\Backup Files 2011-01-16 174801\Backup files 4.zip"
sh=3419B8B91853D63F9FA1368651C8DD8D8337639A ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.FQWXKXL trojan" ac=I fn="F:\DUOCORE\Backup Set 2011-01-16 174801\Backup Files 2011-01-16 174801\Backup files 8.zip"

Hätte kein Problem damit, die einfach zu löschen. Wäre es vielleicht sowieso nicht dumm jetzt mal ein komplettes Backup zu machen?

Und hier die bisher letzte Log-Datei:

Results of screen317's Security Check version 0.99.59
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
Adobe Flash Player 11.6.602.180
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Zitat:

Hätte kein Problem damit, die einfach zu löschen. Wäre es vielleicht sowieso nicht dumm jetzt mal ein komplettes Backup zu machen?

Ja! Loeschen und frisches Backup machen


Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Uninstall.
• Bestätige mit Ja.

Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

• Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
• Speichere es auf Deinem Desktop.
• Doppelklick auf OTL.exe um das Programm auszuführen.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Klicke auf den Button "Bereinigung"
• OTL fragt eventuell nach einem Neustart.
  Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

Vielen Dank für die Hilfe.

wuensche eine virenfreie Zeit