Vorsorgehilfe nach befallenem USB Stick

minimalwerk · 27.03.2013, 21:18

Hallo liebe Community,

ein Kumpel hat mich heute darüber informiert, dass ein USB Stick von ihm mit einem Zeuss Trojaner befallen war. Diesen hatte ich letzte Woche häufiger für Datenaustausch in Gebrauch.

Auf meinem PC läuft Avira Antivir Premium 2013. Bemerkt wurde auf meinem System nichts. Jedoch mache ich mir jetzt trotzdem Gedanken ob sich irgend etwas auf meinem System eingeschlichen hat. Bekommt man in so einem Fall hier auch Hilfe für eine vorsorgliche Behandlung?

LG

t'john · 30.03.2013, 08:43

klar!

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Wähle Scanne Alle Benuzer
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
Unter Extra Registrierung, wähle bitte Benutze SafeList
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

minimalwerk · 30.03.2013, 16:27

mbam log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.30.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Frank :: MINIMALWERK [Administrator]

30.03.2013 15:41:53
mbam-log-2013-03-30 (15-41-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 485207
Laufzeit: 23 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL & Extras:

Code:

ATTFilter

OTL logfile created on: 30.03.2013 16:08:29 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Frank\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 75,03% Memory free
9,15 Gb Paging File | 6,33 Gb Available in Paging File | 69,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118,90 Gb Total Space | 68,35 Gb Free Space | 57,49% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 419,76 Gb Free Space | 45,06% Space Free | Partition Type: NTFS
 
Computer Name: MINIMALWERK | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Frank\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmms) -- C:\Windows\SysNative\vmms.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ClassicShellService) -- C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ose64) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (VMSVSP) -- C:\Windows\SysNative\Drivers\vmswitch.sys (Microsoft Corporation)
DRV:64bit: - (VMSP) -- C:\Windows\SysNative\Drivers\vmswitch.sys (Microsoft Corporation)
DRV:64bit: - (VMSMP) -- C:\Windows\SysNative\Drivers\vmswitch.sys (Microsoft Corporation)
DRV:64bit: - (SSCBFS3) -- C:\Windows\SysNative\Drivers\sscbfs3.sys (EldoS Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avmaura) -- C:\Windows\SysNative\Drivers\avmaura.sys (AVM Berlin)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\Drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (hvservice) -- C:\Windows\SysNative\Drivers\hvservice.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (vhdparser) -- C:\Windows\SysNative\Drivers\vhdparser.sys (Microsoft Corporation)
DRV:64bit: - (passthruparser) -- C:\Windows\SysNative\Drivers\passthruparser.sys (Microsoft Corporation)
DRV:64bit: - (lunparser) -- C:\Windows\SysNative\Drivers\lunparser.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\Drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\Drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\Drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\Drivers\MBfilt64.sys (Creative Technology Ltd.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 82 82 D9 68 26 CE 01  [binary data]
IE - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: D:\Frank\Games\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
 
[2013.01.11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Uplay PC (Disabled) = D:\Frank\Games\Ubisoft Game Launcher\npuplaypc.dll
CHR - Extension: Google Drive = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Brushed = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: YouTube = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: FVD Video Downloader = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.3_0\
CHR - Extension: Google Mail = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.12.22 09:52:54 | 000,000,850 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 217.92.155.158		Server
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001..\Run: [ASRockRuefi]  File not found
O4 - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001..\Run: [AVMUSBFernanschluss] C:\Users\Frank\AppData\Local\Apps\2.0\YEC0O3W3.KZ9\OGG4Q9YK.RKM\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2911836400-2478651241-1007453514-1001..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSync.exe (SugarSync, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk =  File not found
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk = C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - D:\Frank\Poker\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2656B62F-DACB-4EAD-8B27-6B31A1ED7D08}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41FED387-1F36-4D23-8D99-778526B76276}: DhcpNameServer = 192.168.100.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55e56d3f-3409-11e2-be76-bc5ff4442861}\Shell - "" = AutoRun
O33 - MountPoints2\{55e56d3f-3409-11e2-be76-bc5ff4442861}\Shell\AutoRun\command - "" = "E:\navi\acp12h32.exe" 
O33 - MountPoints2\{55e56d3f-3409-11e2-be76-bc5ff4442861}\Shell\verb\command - "" = E:\shelexec.exe "start<CN=*Adobe*:%%V%%>.pdf" -DefaultApp:<base>\adobe\acrobat5\win\Reader\AcroRd32.exe -QueryApp
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.30 16:06:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2013.03.30 15:37:47 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2013.03.30 15:37:44 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.30 15:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.27 21:01:41 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 21:01:41 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 21:01:41 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.23 13:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.22 21:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.03.22 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Programs
[2013.03.22 20:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.22 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.03.22 20:49:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.17 15:04:44 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.03.17 15:04:44 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.03.17 15:04:43 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.03.17 15:04:42 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.03.17 15:04:42 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.03.17 15:04:42 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.03.17 15:04:41 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.17 15:04:41 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013.03.17 15:04:41 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013.03.17 15:04:41 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013.03.17 15:04:41 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.03.17 15:04:41 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.03.17 15:04:41 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013.03.17 15:04:41 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013.03.17 15:04:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.03.17 15:04:41 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013.03.17 15:04:41 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.03.17 15:04:41 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.03.17 15:04:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013.03.17 15:04:41 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013.03.17 15:04:41 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.03.17 15:04:41 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013.03.17 15:04:41 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.03.17 15:04:41 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013.03.17 15:04:41 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.03.17 15:04:41 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013.03.17 15:04:41 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013.03.17 15:04:41 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013.03.17 15:04:41 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.03.17 15:04:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013.03.17 15:04:40 | 000,569,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmswitch.sys
[2013.03.17 15:04:40 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.03.17 15:04:40 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013.03.17 15:04:40 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013.03.17 15:04:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013.03.17 15:04:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013.03.17 15:04:38 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.03.17 15:04:38 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.03.17 11:47:00 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.03.17 11:46:59 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.03.17 11:46:58 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.03.17 11:46:58 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.03.17 11:46:58 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.03.17 11:46:58 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.03.16 12:56:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\Magischer Aktenkoffer
[2013.03.16 12:55:39 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\SugarSync
[2013.03.16 12:55:38 | 000,225,024 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\SSCbFsNetRdr3.dll
[2013.03.16 12:55:38 | 000,192,256 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\SSCbFsMntNtf3.dll
[2013.03.16 12:55:38 | 000,159,488 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\SSCbFsMntNtf3.dll
[2013.03.16 12:55:38 | 000,143,104 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\SSCbFsNetRdr3.dll
[2013.03.16 12:55:35 | 000,347,904 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\sscbfs3.sys
[2013.03.16 12:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SugarSync
[2013.03.16 12:49:23 | 000,000,000 | R--D | C] -- C:\Users\Frank\Dropbox
[2013.03.16 12:41:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.16 12:41:07 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.16 12:41:07 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.03.16 12:41:07 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.16 12:41:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.16 12:41:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.16 12:41:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.16 12:41:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.16 12:41:07 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.03.16 12:41:07 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.16 12:41:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.03.16 12:41:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.16 12:40:46 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2013.03.09 20:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
[2013.03.05 20:21:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.05 20:21:51 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.05 20:21:51 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.05 20:21:51 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.04 20:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 20:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.28 18:25:23 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.02.28 18:25:23 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013.02.28 18:25:23 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.30 15:39:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2013.03.30 15:20:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.30 15:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 13:53:00 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.03.30 13:51:07 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.30 13:51:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.03.30 13:51:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.29 20:05:17 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.29 20:05:17 | 000,752,992 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.29 20:05:17 | 000,711,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.29 20:05:17 | 000,156,218 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.29 20:05:17 | 000,133,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.27 21:03:37 | 027,901,952 | ---- | M] () -- C:\Windows\SysNative\vmguest.iso
[2013.03.27 21:02:24 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.27 21:02:21 | 2541,535,231 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.27 21:01:31 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 21:01:31 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 21:01:31 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.24 17:17:32 | 005,045,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.21 08:04:19 | 000,134,727 | ---- | M] () -- C:\Users\Frank\Desktop\16.pdf
[2013.03.10 09:07:20 | 000,004,315 | ---- | M] () -- C:\Users\Frank\Documents\Classic Shell_Menu Settings.xml
[2013.03.06 00:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.06 00:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.05 20:21:49 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.05 20:21:49 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.05 20:21:49 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.05 20:21:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.05 20:21:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.05 20:21:49 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.02 09:22:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.03.02 03:44:30 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
 
========== Files Created - No Company Name ==========
 
[2013.03.30 14:25:52 | 000,002,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.03.30 14:25:52 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.03.30 14:25:52 | 000,001,937 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.03.24 17:17:29 | 005,045,544 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.21 08:04:18 | 000,134,727 | ---- | C] () -- C:\Users\Frank\Desktop\16.pdf
[2013.03.16 12:55:38 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync.lnk
[2013.02.16 21:23:45 | 001,065,984 | ---- | C] () -- C:\Users\Frank\AppData\Local\file__0.localstorage
[2013.02.09 13:18:30 | 000,000,726 | ---- | C] () -- C:\Users\Frank\AppData\Local\recently-used.xbel
[2013.01.18 23:29:08 | 000,001,456 | ---- | C] () -- C:\Users\Frank\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.01.18 23:28:17 | 000,000,132 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
[2013.01.06 11:14:36 | 000,000,547 | ---- | C] () -- C:\Windows\wiso.ini
[2012.11.28 08:50:20 | 000,000,091 | -H-- | C] () -- C:\Users\Frank\AppData\Roaming\eSReg.ini
[2012.11.24 00:17:43 | 000,000,045 | ---- | C] () -- C:\Users\Frank\AppData\Local\machpro.dat
[2012.11.17 17:58:01 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.11.17 16:27:08 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.11.17 16:04:15 | 000,007,615 | ---- | C] () -- C:\Users\Frank\AppData\Local\resmon.resmoncfg
[2012.11.17 16:01:25 | 001,777,076 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.17 15:35:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.15 18:17:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.15 18:17:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2012.11.17 17:50:15 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 30.03.2013 16:08:29 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Frank\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 75,03% Memory free
9,15 Gb Paging File | 6,33 Gb Available in Paging File | 69,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118,90 Gb Total Space | 68,35 Gb Free Space | 57,49% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 419,76 Gb Free Space | 45,06% Space Free | Partition Type: NTFS
 
Computer Name: MINIMALWERK | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2911836400-2478651241-1007453514-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Utilities\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Utilities\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Utilities\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Utilities\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F23536E-EBF8-479E-ACE7-1F15E0D3A564}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1695F542-0011-40A9-9DE1-7BDD69A1365B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{29190080-D58E-4B77-8067-ECF3792F377E}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{318AE5CC-4387-4E3E-8CAA-64173B81C51A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{48103176-F1E6-4E31-AE8F-DFE262555ED5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{57647257-BA4F-4F8D-BF7B-82CEDB5578B9}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{76A37310-46EB-4F1F-B9C1-A3CE5572D47C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8765B118-6004-4CFC-87B8-F438F35AAFBB}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{8F3FD25A-5E6A-49B2-BA99-855FB5B6D2B4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{98B51E4E-6FA5-49B7-90CF-81DA7A74D23F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4E0E8EE-F6F9-4B15-B9C8-E85FD4EC11AF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DEF23EB0-2DFE-49D1-849F-6033AFD536DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC901AB8-3EF5-4581-9599-529BB18267FA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F4B7EC28-7FB8-434E-B6B9-2852DA8416DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FDA26ED5-CD58-4ACE-8815-5C7593547252}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FF37B650-B484-4D3A-B48D-8EEAEEFF72A9}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029B9EA6-660D-474D-A06D-B111E3EDB43A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{03DCFB77-22B8-4567-85F1-72A5ED6EF8A0}" = dir=out | app=d:\frank\games\tombraider\tombraider.exe | 
"{0478D2E0-D5BE-48D6-B7BF-C324A4D75B7A}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{0A123BA2-A9F6-46F3-A3CD-77E56194B012}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0B2DA0CC-D277-4C00-8055-EA197A5992C7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{0C4037C6-9C5A-4BE0-9625-79551020646D}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{0FDA3B33-D4B4-4A93-A9F3-B5158D1AF4DC}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{11C10784-44D9-4AFE-B5F4-A92159C012AA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{125DDB20-8E0E-47BB-ACBC-BCC577930910}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{127B2181-14A4-47F2-9FB9-E6C66A1C4570}" = protocol=6 | dir=in | app=c:\utilities\airvideoserver\airvideoserver.exe | 
"{13A97C05-E9F6-4693-8AFB-5C4C61985317}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{15952BEA-6047-4E13-9543-4E2DC711A239}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{18878E0C-5879-4C8C-906C-4E9D07134D08}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{1A9AE1BF-69CC-4918-A9F5-AB0520B93EDF}" = protocol=6 | dir=in | app=c:\users\frank\appdata\local\apps\2.0\yec0o3w3.kz9\ogg4q9yk.rkm\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe | 
"{1D3FE10B-0774-4ED2-A55C-25F44B813B78}" = protocol=6 | dir=in | app=c:\users\frank\appdata\local\apps\2.0\yec0o3w3.kz9\ogg4q9yk.rkm\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{1E3F30B2-8F58-4806-9EA5-F559E218C3AC}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{1FB4CEDF-4F82-472F-8865-D6F554BC2A60}" = protocol=6 | dir=in | app=c:\users\frank\appdata\local\apps\2.0\yec0o3w3.kz9\ogg4q9yk.rkm\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe | 
"{20266D0D-6124-4AE9-8BBF-362A6F6F7C23}" = dir=out | name=windows_ie_ac_001 | 
"{22074389-E781-49FA-A87F-4AE31A5F50A4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{24C36714-17F6-4816-B65E-A48C266AC1D6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{252A7123-2A26-4005-AD76-4D1B403A1F8C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{2539299E-B4C4-4606-AE2C-078F3C9DCAE0}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{26B43B9B-758B-483A-B170-BD1259CF9D56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{27F2FF66-C307-4EC4-8D7F-D454C19075AA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{293609C9-75F9-431E-AEA2-C5A17E063E70}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{294D105B-CEFE-4A44-AA96-EB0451F61359}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2A8234B1-A524-4D7A-9638-B1860F4FD04B}" = protocol=17 | dir=in | app=c:\users\frank\appdata\local\apps\2.0\yec0o3w3.kz9\ogg4q9yk.rkm\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe | 
"{3359B911-40E0-46F0-ADCF-7B2294A535E6}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{3735F975-2804-4A4F-9CFB-F49DA19D3996}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{37C7DD8A-E361-4C2F-AB95-CBAEE03074BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3A7A0F9C-9524-4335-9F2B-619AC3FE4C55}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3BEAE560-BD2E-46A5-B3B9-FC7458D7C9B0}" = protocol=6 | dir=in | app=c:\utilities\airvideoserver\airvideoserver.exe | 
"{3DCE9E50-1782-4FA1-881B-795E1109A86A}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{415586F6-3625-47DE-971F-7F97EB6CEFDE}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{42095D6A-F8FF-4661-820A-9DF564A847D2}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{4533D6AC-4960-42FB-AA96-CB6F78D240FC}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{47EDD505-D98B-4587-95B9-30B18A6B1246}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{49F675C7-E13F-482A-9AD6-09A03B4D7109}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{4CCB2EDF-96BA-452C-AA40-645C04EA82E9}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{51B4FBAE-4FA3-4226-BF78-94ED98E43096}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{53289AE4-1A13-4F97-8E1E-85416F186280}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{53CA2C80-759B-416E-8358-1A869AD2EF19}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{54A6DBD9-95BE-4ED8-900D-1063C36AE971}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{560688AF-53CE-4C89-AB2E-6A1F7F2B9144}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{5D416D07-8299-4E97-BB80-E1A6A4FA2962}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{61DB7588-1144-4F87-8981-DACDFC6E5220}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{66E7CED2-1319-4495-B089-737E2E4CC11B}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{6B092E37-D338-4840-805F-266764D2E1EE}" = protocol=17 | dir=in | app=c:\users\frank\appdata\local\apps\2.0\yec0o3w3.kz9\ogg4q9yk.rkm\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe | 
"{6C31BF15-9620-402C-8A0D-C3AD32B41082}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{762B1895-D921-4AA5-BD64-2DFEA54A3EE2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{780DC924-8B91-47D2-ADA7-1BB6BB5209B8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{7BDB5556-5F8A-45CA-B4E1-45646FF56C5E}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{7DA0AAEB-C832-4400-A71F-4169AB168ACD}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{7EC314A6-7F2B-40FF-B00F-169A1A002F12}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{7F90BF43-3204-491C-B260-DDDDF3C1A8F5}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8268C276-F46F-4792-9FE8-89CCBD5D2BE5}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{83033452-5BC9-4919-9DE3-4B9B5C4B442F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{89065F28-BEF8-4789-8363-493BBDA47474}" = protocol=17 | dir=in | app=c:\users\frank\appdata\local\apps\2.0\yec0o3w3.kz9\ogg4q9yk.rkm\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{8EB6D6FC-3015-4891-B56A-89F041F7D3E9}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{9518AE37-156D-46CD-B1D7-6CBC379444B1}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{96D2ECBF-89F3-4082-B9C3-14FE87230924}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{9B017D24-5228-4306-AD88-5DA18DD9D35A}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A15B5ECE-F2C2-432F-974D-10A2C4762DA8}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{A15E3D38-24BC-41C6-9953-9F462AEC9C92}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{A630AD4F-97C9-4734-B6F2-64E0E200C3D1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AB7AAE15-2B4A-4BC4-B417-18AE7A2D1B9D}" = dir=out | name=hp printer control | 
"{B0CA23FA-F852-4D35-9052-B2331A5083F7}" = protocol=6 | dir=in | app=c:\users\frank\appdata\local\apps\2.0\yec0o3w3.kz9\ogg4q9yk.rkm\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{B2ABDE88-CD3D-45B5-887D-6F21AE238E7C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{B44FD4A8-4294-4DA8-9357-A99223E5B6AA}" = protocol=17 | dir=in | app=c:\users\frank\appdata\local\apps\2.0\yec0o3w3.kz9\ogg4q9yk.rkm\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{B5847C5E-5230-4DA9-BFA2-2A005CDB9160}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BA0D88D2-F2AC-4729-8F98-CD5370921CF3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BF3D8C38-1EC3-444F-B8BC-307F79FA1C4C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C02C3896-F7B3-4285-8752-B75FC23E57D2}" = protocol=17 | dir=in | app=c:\utilities\airvideoserver\airvideoserver.exe | 
"{C60CA1CF-E2DE-44F9-993C-684D7252F6D1}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{CC0C6A3E-B66E-44E3-9C50-40D66A1BB929}" = protocol=6 | dir=out | app=c:\utilities\airvideoserver\airvideoserver.exe | 
"{CE37765D-3466-4D0A-8DF1-52EE4D631746}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{D0B3D269-7232-45D3-A662-020A74948D85}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe | 
"{D51A9EAA-6DF9-4A15-B9AD-FE9726825FBA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{D61246E6-0B06-429B-9A53-122F91616C6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{E2D22F7B-A627-49BE-88FE-3280D11603AE}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8539324-2D0C-4757-9EAA-E672162A269E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{ECDA9D64-5F5C-470C-AF17-0E2C5E59D285}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{ED04F344-3282-4F24-A552-6827359401B6}" = dir=in | name=hp printer control | 
"{EE0964A4-18C4-4E53-B0FD-D30C886964CD}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{EF5C5979-63D0-4AED-99E6-C3526325B381}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{F244B2C2-38FB-49B8-8B75-11B575360089}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"TCP Query User{153C2950-9DEC-41FE-8DD4-D900D8AAE696}D:\frank\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=d:\frank\games\mass effect 3\binaries\win32\masseffect3.exe | 
"TCP Query User{34BE29FF-6A73-422F-8D03-F5A3FA78E98D}D:\frank\games\far cry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=d:\frank\games\far cry 3\bin\farcry3_d3d11.exe | 
"TCP Query User{4324E66C-7C5E-46D9-9BB9-9325CE51DD65}D:\manuelles backup vor windows 8\utilities\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=d:\manuelles backup vor windows 8\utilities\candisoft_load!_0.7.2\load.exe | 
"TCP Query User{646E6E8C-EF68-4B5F-8E89-513405775836}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{9F5CAF2A-3276-4F55-9427-374CB2703787}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"TCP Query User{BD1012A7-2CB5-470F-A402-3DEC7F7DDB41}C:\utilities\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=c:\utilities\candisoft_load!_0.7.2\load.exe | 
"TCP Query User{EEA609D1-E99B-413A-8679-DBCD90EC3AA9}C:\users\frank\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\frank\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{F2FD2A4E-0007-495C-A7D8-CD85BD191D2B}C:\program files (x86)\adobe\adobe muse\adobe muse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe muse\adobe muse.exe | 
"TCP Query User{F994B570-6A73-4991-8ADA-B0165314FACD}D:\frank\games\far cry 3\bin\fc3editor.exe" = protocol=6 | dir=in | app=d:\frank\games\far cry 3\bin\fc3editor.exe | 
"UDP Query User{0FE837B4-6194-45D3-A683-20F9BCA4FF30}D:\manuelles backup vor windows 8\utilities\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=d:\manuelles backup vor windows 8\utilities\candisoft_load!_0.7.2\load.exe | 
"UDP Query User{3A493178-C2B0-483E-AC88-01B9DE702CF6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{457A2214-E86B-4521-A804-6E17DFFE554B}D:\frank\games\far cry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=d:\frank\games\far cry 3\bin\farcry3_d3d11.exe | 
"UDP Query User{596D4D62-0598-45E8-99E3-73E3A42767E1}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"UDP Query User{63BF51FB-3B3F-4B44-A707-39A3F1AD6856}D:\frank\games\far cry 3\bin\fc3editor.exe" = protocol=17 | dir=in | app=d:\frank\games\far cry 3\bin\fc3editor.exe | 
"UDP Query User{6FBEC0D9-86C0-41E9-9C94-2314F2BCBA04}D:\frank\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=d:\frank\games\mass effect 3\binaries\win32\masseffect3.exe | 
"UDP Query User{8043FEE0-B0E3-49F7-8CDF-581353094F9E}C:\utilities\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=c:\utilities\candisoft_load!_0.7.2\load.exe | 
"UDP Query User{A7780676-9CF6-4D28-9A74-7BA5C72741EB}C:\users\frank\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\frank\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"UDP Query User{D2578301-5F60-4575-AC77-64231C15A2A5}C:\program files (x86)\adobe\adobe muse\adobe muse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe muse\adobe muse.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Recuva" = Recuva
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B5EB0EC0-7AD1-4A8F-B672-8E9F7A2738E6}_is1" = Crysis 3
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Air Video Server" = Air Video Server 2.4.6-beta3
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.188
"ASRock Restart to UEFI_is1" = ASRock Restart to UEFI v1.0.1
"Avira AntiVir Desktop" = Avira Antivirus Premium
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.1.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mass Effect 3 Full-Rip_is1" = Mass Effect 3
"PokerStars.eu" = PokerStars.eu
"SugarSync" = SugarSync
"TeamViewer 7" = TeamViewer 7
"Tombraider_is1" = Tombraider
"Uplay" = Uplay
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2911836400-2478651241-1007453514-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2013 16:50:25 | Computer Name = minimalwerk | Source = Perflib | ID = 1022
Description = 
 
Error - 05.02.2013 16:50:25 | Computer Name = minimalwerk | Source = Perflib | ID = 1017
Description = 
 
Error - 05.02.2013 17:04:24 | Computer Name = minimalwerk | Source = Perflib | ID = 1008
Description = 
 
Error - 07.02.2013 06:47:34 | Computer Name = minimalwerk | Source = Perflib | ID = 1008
Description = 
 
Error - 07.02.2013 06:47:34 | Computer Name = minimalwerk | Source = Perflib | ID = 1023
Description = 
 
Error - 07.02.2013 16:05:15 | Computer Name = minimalwerk | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 09.02.2013 05:59:20 | Computer Name = minimalwerk | Source = Perflib | ID = 1008
Description = 
 
Error - 09.02.2013 05:59:21 | Computer Name = minimalwerk | Source = Perflib | ID = 1023
Description = 
 
Error - 09.02.2013 06:36:18 | Computer Name = minimalwerk | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 13.02.2013 15:15:31 | Computer Name = minimalwerk | Source = MsiInstaller | ID = 11500
Description = 
 
[ System Events ]
Error - 29.03.2013 14:02:48 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume6"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 14:02:58 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume8"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 14:02:59 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume10"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 14:02:59 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume10"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 14:02:59 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume10"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 14:30:28 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume12"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 15:02:18 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume14"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 15:02:27 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume16"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 15:02:29 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume18"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
Error - 29.03.2013 15:03:45 | Computer Name = minimalwerk | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume20"
 herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
 Der letzte Status war "0xc03a001c".
 
 
< End of report >

t'john · 30.03.2013, 16:31

Alles unauffaellig

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

minimalwerk · 30.03.2013, 19:38

das freut mich schon mal

hier der SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.59  
   x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
Avira Desktop      
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 	11.6.602.180  
 Adobe Reader XI  
 Google Chrome 25.0.1364.160  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

t'john · 01.04.2013, 12:23

Sehr gut!

damit bist Du sauber und entlassen!

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

minimalwerk · 01.04.2013, 14:11

Code:

ATTFilter

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Chrome 25.0.1364.172 ist aktuell
Flash (11,6,602,180) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.
undefined

super, vielen lieben Dank

t'john · 01.04.2013, 14:37

wuensche eine virenfreie Zeit

30.03.2013, 16:31	#4
t'john /// Helfer-Team	Vorsorgehilfe nach befallenem USB Stick Alles unauffaellig Downloade Dir bitte SecurityCheck und: Speichere es auf dem Desktop. Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box. Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen. Poste den Inhalt bitte hier. __________________ Mfg, t'john Das TB unterstützen

01.04.2013, 14:37	#8
t'john /// Helfer-Team	Vorsorgehilfe nach befallenem USB Stick wuensche eine virenfreie Zeit __________________ Mfg, t'john Das TB unterstützen

Vorsorgehilfe nach befallenem USB Stick

Plagegeister aller Art und deren Bekämpfung: Vorsorgehilfe nach befallenem USB Stick