WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ?

hardyxy9 · 29.04.2013, 11:56

Hallo,
mich hat es heute erwischt, AVG Antivirus war wohl zu langsam. In meinem eingeschränkten Konto (WIN7 Ultimate) hat sich ein Virus eingenistet, sieht aus wie etwas von der Bundesregierung, ich soll angeblich irgendwas illegales gemacht haben ..
Ich weiß garnicht wie dieser Plagegeist heißt .
Ich habe auf mein nicht befallenes Admin Konto gewechselt um das hier schreiben zu können..
notfalls hätte ich noch ein Netbook.
Habe schon mal Malwarebytes runtergeladen..

Habe mit AVG den kompletten Rechner gescannt, der hat wohl auch was gefunden und angeblich bereinigt, aber wenn ich wieder in mein Konto mit eingeschränkten Rechten gehe, legt sich die Seite wieder über den kpl.Bildschirm ..da hatte er wohl noch was anderes gefunden.

Bitte um Eure Hilfe, danke!

aharonov · 29.04.2013, 12:57

Hi,

mal mit FRST reinschauen:

Schritt 1

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun in die System Reparatur Option booten:

Variante 1 - Über den Boot Manager
Starte den Rechner neu auf.

Während des Hochfahrens drücke mehrmals die F8 Taste.

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

oder

Variante 2 - Mit Windows CD/DVD
Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu auf und boote von der CD.

Wähle die Spracheinstellungen und klicke Weiter.

Klicke auf Computerreparaturoptionen.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.

Gib nun bitte notepad ein und drücke Enter.
- Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
- Lese nun hier den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
- Schliesse Notepad wieder.
Gib nun bitte folgenden Befehl ein und drücke Enter:
e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
Akzeptiere den Disclaimer mit Yes und klicke Scan.

Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von FRST

hardyxy9 · 29.04.2013, 13:20

Danke!
leider ist F8 mit meiner USB Tastatur nicht machbar, ich versuche das booten von CD!

Hier das FRST Log:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-04-2013 02
Ran by SYSTEM on 29-04-2013 15:40:14
Running from L:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-10] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe [828416 2011-08-08] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM-x32\...\Run: [PE2CKFNT SE] C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe"  -osboot [295072 2013-01-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [1074736 2013-01-25] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-01-25] (Iminent)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [328992 2007-08-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1163264 2011-04-01] ()
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKU\Hermann\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
HKU\Hermann\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Hermann\...\Run: [WebCamRT.exe] C:\Program Files (x86)\Philips ToUcam Camera\SpotLife\WebCamRT.exe /WinStart /regkey=Software\Spotlife\Spotlife.5\WebCamSettings [x]
HKU\Hermann\...\Run: [TrafficTravisv4] C:\Users\Hermann\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe [x]
HKU\Hermann\...\Policies\system: [DisableLockWorkstation] 0
HKU\Hermann\...\Policies\system: [DisableChangePassword] 0
HKU\Hermann\...\Policies\system: [LogonHoursAction] 2
HKU\Hermann\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Hermann Neuer ADMIN\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Photo PX730" [283232 2012-11-05] (SEIKO EPSON CORPORATION)
HKU\Hermann Neuer ADMIN\...\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\Hermann Neuer ADMIN\...\Policies\system: [LogonHoursAction] 2
HKU\Hermann Neuer ADMIN\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Hermann Surf\...\Run: [Epson Stylus Photo PX730(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /FU "C:\Users\HERMAN~1\AppData\Local\Temp\E_SAF32.tmp" /EF "HKCU" [x]
HKU\Hermann Surf\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
HKU\Hermann Surf\...\Run: [TrafficTravisv4] C:\Users\Hermann Surf\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe [17953280 2013-04-29] ()
HKU\Hermann Surf\...\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\8bzd6z.dat,FG00 [127488 2013-04-29] (?????????? ??????????2)
HKU\Hermann Surf\...\Policies\system: [LogonHoursAction] 2
HKU\Hermann Surf\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Jessi\...\Run: [Epson Stylus Photo PX730(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /FU "C:\Users\Jessi\AppData\Local\Temp\E_SB99F.tmp" /EF "HKCU" [x]
HKU\Jessi\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
HKU\Jessi\...\Run: [ICQ] "C:\Users\Jessi\AppData\Roaming\ICQ\Application\ICQ7M\ICQ.exe" silent loginmode=4 [127040 2012-11-22] (ICQ, LLC.)
HKU\Jessi\...\Policies\system: [LogonHoursAction] 2
HKU\Jessi\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:ProgramData\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk
ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)
Startup: C:ProgramData\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk
ShortcutTarget: Reality Fusion GameCam SE.lnk -> C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe ()
Startup: C:\Users\Hermann Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Hermann Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\8bzd6z.dat (?????????? ??????????2)
Startup: C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-18] (AVG Technologies CZ, s.r.o.)
S2 BRA_Scheduler; C:\Program Files (x86)\Brother\bratimer.exe [98304 2012-12-11] ()
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [610944 2012-07-28] (SEIKO EPSON CORPORATION)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2795048 2013-04-03] (Iminent)
S2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2012-01-13] ()
S3 DATEV Update-Service; "J:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe" [x]

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-02-13] (AVG Technologies CZ, s.r.o.)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2013-02-13] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2013-02-13] (Wireless Device)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-23] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S0 dmboot; 
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-29 15:40 - 2013-04-29 15:40 - 00000000 ____D C:\FRST
2013-04-29 02:41 - 2013-04-29 02:41 - 00002632 ____A C:ProgramData\z6dzb8.js
2013-04-29 02:26 - 2013-04-29 02:26 - 00000000 ____D C:\Windows\pss
2013-04-29 02:21 - 2013-04-29 02:21 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Local\AuthenTec
2013-04-29 02:20 - 2013-04-29 02:20 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Symantec
2013-04-29 02:02 - 2013-04-29 02:02 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Hermann Neuer ADMIN\Downloads\mbam-setup-1.75.0.1300.exe
2013-04-29 01:53 - 2013-04-29 02:00 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Roaming\vlc
2013-04-29 01:31 - 2013-04-29 01:31 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Local\Scansoft
2013-04-29 01:31 - 2013-04-29 01:31 - 00000000 ____A C:\Users\Hermann Neuer ADMIN\Sti_Trace.log
2013-04-29 01:27 - 2013-04-29 02:41 - 95023320 ___AT C:ProgramData\z6dzb8.pad
2013-04-29 01:27 - 2013-04-29 02:41 - 00000000 ____A C:ProgramData\as98213.txt
2013-04-29 01:27 - 2013-04-29 01:27 - 95023320 ___AT C:ProgramData\dzrol7.pad
2013-04-29 01:27 - 2013-04-29 01:27 - 00127488 ____A (?????????? ??????????2) C:ProgramData\8bzd6z.dat
2013-04-29 01:27 - 2013-04-29 01:27 - 00127488 ____A (?????????? ??????????2) C:ProgramData\7lorzd.dat
2013-04-29 01:27 - 2013-04-29 01:27 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe
2013-04-29 01:27 - 2013-04-29 01:27 - 00000152 ____A C:ProgramData\z6dzb8.reg
2013-04-29 01:27 - 2013-04-29 01:27 - 00000056 ____A C:ProgramData\z6dzb8.bat
2013-04-29 00:23 - 2013-04-29 00:23 - 00000094 ____A C:\Users\Hermann Surf\Documents\Seriennummer ScanSoft.txt
2013-04-29 00:20 - 2013-04-29 00:20 - 00000000 ____D C:\Users\Hermann Surf\Documents\Eigene PaperPort-Dokumente
2013-04-29 00:20 - 2013-04-29 00:20 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\Zeon
2013-04-29 00:20 - 2013-04-29 00:20 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\ScanSoft
2013-04-29 00:07 - 2013-04-29 00:07 - 00000000 ___RD C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Brother
2013-04-28 23:56 - 2013-04-28 23:56 - 00002151 ____A C:\Users\Hermann Surf\Desktop\ControlCenter3.lnk
2013-04-25 02:02 - 2013-04-25 02:02 - 00055220 ____A C:\Users\Hermann Surf\Downloads\mod_flexytalk_1.0.zip
2013-04-25 00:33 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-21 05:17 - 2013-04-21 05:25 - 00000000 __RAD C:\Jessis iPod
2013-04-19 00:07 - 2013-04-19 00:48 - 246370077 ____A C:\Users\Hermann Surf\Downloads\G-Queen.11.04.08.Anna.Shimizu.And.Azusa.Onodera.Vivente.1.JAP.XXX.720p.WMV-OHRLY_mov-world.net.rar
2013-04-16 00:34 - 2013-04-16 00:34 - 00586059 ____A C:\Users\Hermann Surf\Downloads\vertragsverlngerungenmai.zip
2013-04-15 06:41 - 2013-04-15 06:41 - 00005120 ____A C:\Users\Hermann Surf\Documents\Dokument1.zdl
2013-04-15 06:02 - 2013-04-15 06:41 - 00006144 ____A C:\Users\Hermann Surf\Documents\Buchstaben_mybetreuung.zdl
2013-04-15 05:33 - 2013-04-15 06:06 - 00010730 ____A C:\Users\Hermann Surf\Documents\wwwmybetreuung_AufklebeBuchstaben.odt
2013-04-15 05:27 - 2013-04-15 05:27 - 00001114 ____A C:\Users\Hermann Surf\Desktop\LibreOffice.lnk
2013-04-15 02:48 - 2013-04-15 02:48 - 00000000 ___RD C:\Users\Hermann Surf\AppData\Roaming\Brother
2013-04-13 04:21 - 2013-04-13 04:21 - 00000000 ____D C:\Users\Jessi\AppData\Local\Scansoft
2013-04-13 04:21 - 2013-04-13 04:21 - 00000000 ____A C:\Users\Jessi\Sti_Trace.log
2013-04-12 13:23 - 2013-04-12 13:23 - 00000000 ____D C:\Users\Hermann Surf\AppData\Local\Scansoft
2013-04-12 13:23 - 2013-04-12 13:23 - 00000000 ____A C:\Users\Hermann Surf\Sti_Trace.log
2013-04-12 13:20 - 2013-04-21 04:43 - 00000432 ____A C:\Windows\BRWMARK.INI
2013-04-12 13:20 - 2013-04-12 13:20 - 00000256 ____A C:\Windows\Brpfx04a.ini
2013-04-12 13:20 - 2013-04-12 13:20 - 00000093 ____A C:\Windows\brpcfx.ini
2013-04-12 13:19 - 2013-04-12 13:19 - 00000066 ____A C:\Windows\Brfaxrx.ini
2013-04-12 13:19 - 2013-04-12 13:19 - 00000050 ____A C:\Windows\System32\BD9320CW.DAT
2013-04-12 13:19 - 2013-04-12 13:19 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2013-04-12 13:19 - 2011-03-01 08:53 - 00118784 ____N (Brother Industries,LTD.) C:\Windows\SysWOW64\BrMfNt.dll
2013-04-12 13:19 - 2010-02-09 07:22 - 00255488 ____N (brother) C:\Windows\System32\NSSRH64.dll
2013-04-12 13:19 - 2009-10-26 00:34 - 00059392 ____N (Brother Industries,Ltd.) C:\Windows\System32\BrWiaNCp.dll
2013-04-12 13:19 - 2009-10-26 00:34 - 00048640 ____N (Brother Industries,Ltd) C:\Windows\System32\Brnsplg.dll
2013-04-12 13:19 - 2009-08-18 09:38 - 00083968 ____N (Brother Industries, Ltd.) C:\Windows\System32\BrNetSti.dll
2013-04-12 13:19 - 2008-10-17 10:04 - 00179712 ____N (Brother Industries, Ltd.) C:\Windows\System32\BrfxDA5b.dll
2013-04-12 13:19 - 2008-06-17 05:33 - 00167936 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2013-04-12 13:19 - 2007-12-13 12:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2013-04-12 13:19 - 2006-07-07 02:40 - 00073728 ____N (Brother Industories Ltd. P&S Company) C:\Windows\SysWOW64\BRCrypt.dll
2013-04-12 13:19 - 2005-04-22 03:36 - 00143360 ____N C:\Windows\System32\BrSNMP64.dll
2013-04-12 13:19 - 2003-11-28 08:57 - 00000000 ____A C:\Windows\brdfxspd.dat
2013-04-12 13:19 - 2002-11-26 03:43 - 00106496 ____N C:\Windows\SysWOW64\BrMuSNMP.dll
2013-04-12 13:16 - 2010-05-10 07:45 - 00103736 ____A (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
2013-04-12 13:16 - 2010-04-02 04:33 - 00025299 ____A (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2013-04-12 13:16 - 2010-01-12 01:02 - 01560576 ____A (Brother Industries, Ltd.) C:\Windows\System32\BrWi209c.dll
2013-04-12 13:16 - 2009-01-15 09:20 - 00003072 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2013-04-12 13:16 - 2007-12-13 12:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2013-04-12 13:16 - 2006-12-21 01:23 - 00176128 ____A (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2013-04-12 13:16 - 2005-01-17 06:10 - 00045056 ____A C:\Windows\SysWOW64\BRTCPCON.DLL
2013-04-12 13:16 - 2004-08-09 06:00 - 00000114 ____A C:\Windows\SysWOW64\BRLMW03A.INI
2013-04-12 13:16 - 2004-08-09 05:42 - 00077824 ____A (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2013-04-12 13:16 - 1999-10-26 15:00 - 00000050 ____A C:\Windows\System32\BRADC08A.DAT
2013-04-12 13:13 - 2013-04-12 13:21 - 00000000 ____D C:ProgramData\InstallShield
2013-04-12 13:13 - 2013-04-12 13:13 - 00000000 ____D C:\Program Files\Nuance
2013-04-12 13:13 - 2008-03-28 03:24 - 00031864 ____A C:\Windows\maxlink.ini
2013-04-12 13:12 - 2013-04-12 13:13 - 00000000 ____D C:ProgramData\ScanSoft
2013-04-12 13:12 - 2013-04-12 13:12 - 00000000 ____D C:\Program Files (x86)\ScanSoft
2013-04-12 13:11 - 2013-04-12 13:20 - 00000000 ____D C:ProgramData\Brother
2013-04-12 11:08 - 2013-04-12 11:08 - 00000000 ____D C:\Users\Jessi\AppData\Roaming\ExpressDownloader
2013-04-12 11:07 - 2013-04-12 11:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-04-12 03:08 - 2013-04-12 03:09 - 17881976 ____A C:\Users\Hermann Surf\Documents\Flyer halb A4 Balikbayan Rückseite.eps
2013-04-12 03:02 - 2013-04-12 03:09 - 00000132 ____A C:\Users\Hermann Surf\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-12 03:02 - 2013-04-12 03:02 - 01754178 ____A C:\Users\Hermann Surf\Documents\Flyer halb A4 Balikbayan Rückseite copy.psd
2013-04-12 02:56 - 2013-04-12 03:08 - 11371143 ____A C:\Users\Hermann Surf\Documents\Flyer halb A4 Balikbayan Rückseite.psd
2013-04-10 09:32 - 2013-04-21 05:05 - 11657101 ____A C:\Users\Hermann Surf\Documents\Flyer A4 Balikbayan Rückseite.psd
2013-04-10 09:00 - 2013-02-21 02:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 09:00 - 2013-02-21 02:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 09:00 - 2013-02-21 02:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-10 09:00 - 2013-02-21 02:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 09:00 - 2013-02-21 02:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-10 09:00 - 2013-02-21 02:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 09:00 - 2013-02-21 02:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-10 09:00 - 2013-02-19 04:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 09:00 - 2013-02-19 03:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 09:00 - 2013-02-19 03:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-10 09:00 - 2013-02-19 02:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 04:42 - 2013-04-10 04:42 - 00000000 ____D C:\Users\Public\Documents\sun
2013-04-10 04:42 - 2013-04-10 04:42 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\LibreOffice
2013-04-10 01:21 - 2013-04-10 01:21 - 00001096 ____A C:\Users\Public\Desktop\LibreOffice 4.0.lnk
2013-04-10 01:20 - 2013-04-10 01:21 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-04-10 01:10 - 2013-04-10 01:12 - 193572864 ____A C:\Users\Hermann Surf\Downloads\LibreOffice_4.0.2_Win_x86.msi
2013-04-10 00:59 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 00:59 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 00:59 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 00:59 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 00:59 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 00:59 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 00:59 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 00:59 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 00:59 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 00:59 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 00:59 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 00:59 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 00:59 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 00:59 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-06 09:56 - 2013-04-06 09:56 - 00000579 ____A C:\Users\Hermann Surf\Documents\AdobePhotoshop_CS5_Serials.txt
2013-04-04 10:16 - 2013-04-04 10:16 - 04889704 ____A (TeamViewer GmbH) C:\Users\Jessi\Downloads\TeamViewer_Setup_de_8.0.1739.exe
2013-04-04 10:16 - 2013-04-04 10:16 - 00000000 ____D C:\Users\Jessi\AppData\Roaming\TeamViewer
2013-04-04 09:51 - 2013-04-04 09:52 - 24842968 ____A (DVDVideoSoft Ltd.                                           ) C:\Users\Jessi\Downloads\FreeYouTubeToMP3Converter_3.12.1.320.exe
2013-04-04 06:54 - 2013-04-04 06:54 - 00005185 ____A C:\Users\Hermann Surf\AppData\Local\recently-used.xbel
2013-04-04 00:41 - 2013-04-04 00:41 - 00001890 ____A C:\Users\Public\Desktop\Garmin Express.lnk
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:ProgramData\Package Cache
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:ProgramData\Garmin
2013-04-04 00:38 - 2013-04-04 00:38 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Iminent
2013-03-31 00:38 - 2013-03-31 00:38 - 00211898 ____A C:\Users\Hermann Surf\Downloads\DLV_B_Schorn.tif

==================== One Month Modified Files and Folders =======

2013-04-29 15:40 - 2013-04-29 15:40 - 00000000 ____D C:\FRST
2013-04-29 04:36 - 2011-11-23 18:59 - 00000000 ____D C:ProgramData\NVIDIA
2013-04-29 04:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-29 04:36 - 2009-07-13 20:51 - 00001682 ____A C:\Windows\setupact.log
2013-04-29 04:21 - 2012-04-24 15:01 - 01193058 ____A C:\Windows\WindowsUpdate.log
2013-04-29 04:19 - 2012-04-26 23:52 - 00001908 ____A C:\Windows\diagwrn.xml
2013-04-29 04:19 - 2012-04-26 23:52 - 00001908 ____A C:\Windows\diagerr.xml
2013-04-29 04:15 - 2009-07-13 20:45 - 00030208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-29 04:15 - 2009-07-13 20:45 - 00030208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-29 04:14 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log
2013-04-29 04:08 - 2012-11-05 01:09 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Local\LogMeIn Hamachi
2013-04-29 04:08 - 2012-05-03 02:39 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-29 04:04 - 2012-05-03 02:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-29 04:03 - 2011-11-23 18:47 - 00698514 ____A C:\Windows\System32\perfh007.dat
2013-04-29 04:03 - 2011-11-23 18:47 - 00148570 ____A C:\Windows\System32\perfc007.dat
2013-04-29 04:03 - 2009-07-13 21:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-29 03:28 - 2012-04-24 21:38 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-29 02:42 - 2012-10-18 22:40 - 00000000 ___RD C:\Users\Hermann Surf\Dropbox
2013-04-29 02:42 - 2012-10-18 22:38 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\Dropbox
2013-04-29 02:41 - 2013-04-29 02:41 - 00002632 ____A C:ProgramData\z6dzb8.js
2013-04-29 02:41 - 2013-04-29 01:27 - 95023320 ___AT C:ProgramData\z6dzb8.pad
2013-04-29 02:41 - 2013-04-29 01:27 - 00000000 ____A C:ProgramData\as98213.txt
2013-04-29 02:41 - 2012-10-30 07:54 - 00000000 ____D C:\Users\Hermann Surf\AppData\Local\LogMeIn Hamachi
2013-04-29 02:26 - 2013-04-29 02:26 - 00000000 ____D C:\Windows\pss
2013-04-29 02:21 - 2013-04-29 02:21 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Local\AuthenTec
2013-04-29 02:20 - 2013-04-29 02:20 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Symantec
2013-04-29 02:02 - 2013-04-29 02:02 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Hermann Neuer ADMIN\Downloads\mbam-setup-1.75.0.1300.exe
2013-04-29 02:00 - 2013-04-29 01:53 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Roaming\vlc
2013-04-29 01:32 - 2012-12-12 06:20 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Local\Avg2013
2013-04-29 01:32 - 2012-10-29 08:33 - 00132344 ____A C:\Users\Hermann Neuer ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-29 01:31 - 2013-04-29 01:31 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Local\Scansoft
2013-04-29 01:31 - 2013-04-29 01:31 - 00000000 ____A C:\Users\Hermann Neuer ADMIN\Sti_Trace.log
2013-04-29 01:31 - 2012-10-29 08:32 - 00000000 ____D C:\users\Hermann Neuer ADMIN
2013-04-29 01:27 - 2013-04-29 01:27 - 95023320 ___AT C:ProgramData\dzrol7.pad
2013-04-29 01:27 - 2013-04-29 01:27 - 00127488 ____A (?????????? ??????????2) C:ProgramData\8bzd6z.dat
2013-04-29 01:27 - 2013-04-29 01:27 - 00127488 ____A (?????????? ??????????2) C:ProgramData\7lorzd.dat
2013-04-29 01:27 - 2013-04-29 01:27 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe
2013-04-29 01:27 - 2013-04-29 01:27 - 00000152 ____A C:ProgramData\z6dzb8.reg
2013-04-29 01:27 - 2013-04-29 01:27 - 00000056 ____A C:ProgramData\z6dzb8.bat
2013-04-29 00:27 - 2012-10-30 08:07 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\Traffic Travis v4
2013-04-29 00:25 - 2012-10-11 03:08 - 00000000 ____D C:\Users\Hermann Surf\Documents\DYMO Label
2013-04-29 00:23 - 2013-04-29 00:23 - 00000094 ____A C:\Users\Hermann Surf\Documents\Seriennummer ScanSoft.txt
2013-04-29 00:20 - 2013-04-29 00:20 - 00000000 ____D C:\Users\Hermann Surf\Documents\Eigene PaperPort-Dokumente
2013-04-29 00:20 - 2013-04-29 00:20 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\Zeon
2013-04-29 00:20 - 2013-04-29 00:20 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\ScanSoft
2013-04-29 00:07 - 2013-04-29 00:07 - 00000000 ___RD C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Brother
2013-04-28 23:56 - 2013-04-28 23:56 - 00002151 ____A C:\Users\Hermann Surf\Desktop\ControlCenter3.lnk
2013-04-28 23:52 - 2012-04-24 14:12 - 00000000 ____D C:ProgramData\MFAData
2013-04-28 23:46 - 2011-11-23 19:16 - 00000000 ____D C:ProgramData\truesuite
2013-04-26 09:26 - 2012-10-29 14:29 - 00000000 ____D C:\Users\Jessi\AppData\Local\LogMeIn Hamachi
2013-04-25 02:02 - 2013-04-25 02:02 - 00055220 ____A C:\Users\Hermann Surf\Downloads\mod_flexytalk_1.0.zip
2013-04-23 23:39 - 2012-09-24 00:38 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\vlc
2013-04-21 05:25 - 2013-04-21 05:17 - 00000000 __RAD C:\Jessis iPod
2013-04-21 05:05 - 2013-04-10 09:32 - 11657101 ____A C:\Users\Hermann Surf\Documents\Flyer A4 Balikbayan Rückseite.psd
2013-04-21 04:43 - 2013-04-12 13:20 - 00000432 ____A C:\Windows\BRWMARK.INI
2013-04-19 11:29 - 2012-05-04 12:24 - 00000000 ____D C:\Users\Jessi\AppData\Roaming\Skype
2013-04-19 00:48 - 2013-04-19 00:07 - 246370077 ____A C:\Users\Hermann Surf\Downloads\G-Queen.11.04.08.Anna.Shimizu.And.Azusa.Onodera.Vivente.1.JAP.XXX.720p.WMV-OHRLY_mov-world.net.rar
2013-04-16 00:34 - 2013-04-16 00:34 - 00586059 ____A C:\Users\Hermann Surf\Downloads\vertragsverlngerungenmai.zip
2013-04-15 06:41 - 2013-04-15 06:41 - 00005120 ____A C:\Users\Hermann Surf\Documents\Dokument1.zdl
2013-04-15 06:41 - 2013-04-15 06:02 - 00006144 ____A C:\Users\Hermann Surf\Documents\Buchstaben_mybetreuung.zdl
2013-04-15 06:06 - 2013-04-15 05:33 - 00010730 ____A C:\Users\Hermann Surf\Documents\wwwmybetreuung_AufklebeBuchstaben.odt
2013-04-15 05:27 - 2013-04-15 05:27 - 00001114 ____A C:\Users\Hermann Surf\Desktop\LibreOffice.lnk
2013-04-15 02:48 - 2013-04-15 02:48 - 00000000 ___RD C:\Users\Hermann Surf\AppData\Roaming\Brother
2013-04-15 02:22 - 2012-07-16 00:19 - 00000000 ____D C:ProgramData\Adobe
2013-04-15 02:21 - 2012-04-24 21:38 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-15 02:21 - 2011-11-23 19:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-13 04:21 - 2013-04-13 04:21 - 00000000 ____D C:\Users\Jessi\AppData\Local\Scansoft
2013-04-13 04:21 - 2013-04-13 04:21 - 00000000 ____A C:\Users\Jessi\Sti_Trace.log
2013-04-13 04:21 - 2012-04-30 08:54 - 00132344 ____A C:\Users\Jessi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-13 04:21 - 2012-04-30 08:26 - 00000000 ____D C:\users\Jessi
2013-04-12 13:24 - 2009-07-13 20:45 - 05060032 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-12 13:23 - 2013-04-12 13:23 - 00000000 ____D C:\Users\Hermann Surf\AppData\Local\Scansoft
2013-04-12 13:23 - 2013-04-12 13:23 - 00000000 ____A C:\Users\Hermann Surf\Sti_Trace.log
2013-04-12 13:23 - 2012-09-23 23:14 - 00132344 ____A C:\Users\Hermann Surf\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-12 13:23 - 2012-09-23 23:12 - 00000000 ____D C:\users\Hermann Surf
2013-04-12 13:22 - 2010-11-20 19:47 - 00724412 ____A C:\Windows\PFRO.log
2013-04-12 13:21 - 2013-04-12 13:13 - 00000000 ____D C:ProgramData\InstallShield
2013-04-12 13:20 - 2013-04-12 13:20 - 00000256 ____A C:\Windows\Brpfx04a.ini
2013-04-12 13:20 - 2013-04-12 13:20 - 00000093 ____A C:\Windows\brpcfx.ini
2013-04-12 13:20 - 2013-04-12 13:11 - 00000000 ____D C:ProgramData\Brother
2013-04-12 13:19 - 2013-04-12 13:19 - 00000066 ____A C:\Windows\Brfaxrx.ini
2013-04-12 13:19 - 2013-04-12 13:19 - 00000050 ____A C:\Windows\System32\BD9320CW.DAT
2013-04-12 13:19 - 2013-04-12 13:19 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2013-04-12 13:19 - 2013-03-25 03:12 - 00000000 ____D C:\Program Files (x86)\Brother
2013-04-12 13:16 - 2011-11-23 19:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-12 13:13 - 2013-04-12 13:13 - 00000000 ____D C:\Program Files\Nuance
2013-04-12 13:13 - 2013-04-12 13:12 - 00000000 ____D C:ProgramData\ScanSoft
2013-04-12 13:12 - 2013-04-12 13:12 - 00000000 ____D C:\Program Files (x86)\ScanSoft
2013-04-12 11:08 - 2013-04-12 11:08 - 00000000 ____D C:\Users\Jessi\AppData\Roaming\ExpressDownloader
2013-04-12 11:07 - 2013-04-12 11:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-04-12 06:45 - 2013-04-25 00:33 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 03:09 - 2013-04-12 03:08 - 17881976 ____A C:\Users\Hermann Surf\Documents\Flyer halb A4 Balikbayan Rückseite.eps
2013-04-12 03:09 - 2013-04-12 03:02 - 00000132 ____A C:\Users\Hermann Surf\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-12 03:08 - 2013-04-12 02:56 - 11371143 ____A C:\Users\Hermann Surf\Documents\Flyer halb A4 Balikbayan Rückseite.psd
2013-04-12 03:02 - 2013-04-12 03:02 - 01754178 ____A C:\Users\Hermann Surf\Documents\Flyer halb A4 Balikbayan Rückseite copy.psd
2013-04-12 02:47 - 2012-05-03 02:40 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-10 09:24 - 2012-11-05 09:53 - 00000000 ____D C:\Users\Hermann Surf\AppData\Local\CrashDumps
2013-04-10 09:01 - 2012-04-24 21:41 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 09:01 - 2009-07-13 18:34 - 00000650 ____A C:\Windows\win.ini
2013-04-10 04:42 - 2013-04-10 04:42 - 00000000 ____D C:\Users\Public\Documents\sun
2013-04-10 04:42 - 2013-04-10 04:42 - 00000000 ____D C:\Users\Hermann Surf\AppData\Roaming\LibreOffice
2013-04-10 01:21 - 2013-04-10 01:21 - 00001096 ____A C:\Users\Public\Desktop\LibreOffice 4.0.lnk
2013-04-10 01:21 - 2013-04-10 01:20 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-04-10 01:12 - 2013-04-10 01:10 - 193572864 ____A C:\Users\Hermann Surf\Downloads\LibreOffice_4.0.2_Win_x86.msi
2013-04-10 00:56 - 2012-10-16 07:22 - 00000000 ____D C:\Users\Hermann Surf\Documents\Steuerfälle
2013-04-08 01:44 - 2012-12-12 06:49 - 00000983 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-04-06 09:56 - 2013-04-06 09:56 - 00000579 ____A C:\Users\Hermann Surf\Documents\AdobePhotoshop_CS5_Serials.txt
2013-04-04 10:16 - 2013-04-04 10:16 - 04889704 ____A (TeamViewer GmbH) C:\Users\Jessi\Downloads\TeamViewer_Setup_de_8.0.1739.exe
2013-04-04 10:16 - 2013-04-04 10:16 - 00000000 ____D C:\Users\Jessi\AppData\Roaming\TeamViewer
2013-04-04 09:52 - 2013-04-04 09:51 - 24842968 ____A (DVDVideoSoft Ltd.                                           ) C:\Users\Jessi\Downloads\FreeYouTubeToMP3Converter_3.12.1.320.exe
2013-04-04 06:55 - 2013-01-08 02:29 - 00002301 ____A C:\Users\Public\Desktop\Steuer-Spar- Erklärung Selbstständige 2013.lnk
2013-04-04 06:54 - 2013-04-04 06:54 - 00005185 ____A C:\Users\Hermann Surf\AppData\Local\recently-used.xbel
2013-04-04 00:41 - 2013-04-04 00:41 - 00001890 ____A C:\Users\Public\Desktop\Garmin Express.lnk
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:ProgramData\Package Cache
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:ProgramData\Garmin
2013-04-04 00:41 - 2012-10-29 08:33 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Garmin
2013-04-04 00:41 - 2012-06-27 04:39 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-04-04 00:40 - 2012-08-20 12:43 - 00000000 ____D C:\Program Files (x86)\Philips ToUcam Camera
2013-04-04 00:38 - 2013-04-04 00:38 - 00000000 ____D C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Iminent
2013-04-02 04:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-31 00:51 - 2012-10-18 22:40 - 00001044 ____A C:\Users\Hermann Surf\Desktop\Dropbox.lnk
2013-03-31 00:38 - 2013-03-31 00:38 - 00211898 ____A C:\Users\Hermann Surf\Downloads\DLV_B_Schorn.tif

Other Malware:
===========
C:\Users\Hermann Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\msconfig.lnk

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-04-10 01:20:13
Restore point made on: 2013-04-10 09:00:17
Restore point made on: 2013-04-12 13:12:00
Restore point made on: 2013-04-12 13:13:30
Restore point made on: 2013-04-12 13:15:59
Restore point made on: 2013-04-12 13:19:36
Restore point made on: 2013-04-12 13:20:12
Restore point made on: 2013-04-14 09:13:43
Restore point made on: 2013-04-22 11:28:41
Restore point made on: 2013-04-25 07:01:58
Restore point made on: 2013-04-28 23:57:46

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 12268.32 MB
Available physical RAM: 11072.77 MB
Total Pagefile: 12266.52 MB
Available Pagefile: 11062.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:926.94 GB) (Free:771.73 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Datenpartition) (Fixed) (Total:922.84 GB) (Free:796.15 GB) NTFS (Disk=0 Partition=4)
Drive f: (HP_RECOVERY) (Fixed) (Total:13.13 GB) (Free:1.62 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive g: (W7SP1_ULTIMATE) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive l: (FREI8GB) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32 (Disk=5 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online         1863 GB  1024 KB         
  Datentr„ger 1    Kein Medium        0 B      0 B         
  Datentr„ger 2    Kein Medium        0 B      0 B         
  Datentr„ger 3    Kein Medium        0 B      0 B         
  Datentr„ger 4    Kein Medium        0 B      0 B         
  Datentr„ger 5    Online         7656 MB      0 B         

Partitions of Disk 0:
===============

Datentr„ger-ID: 40DB00A1

  Partition ###  Typ               Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             100 MB  1024 KB
  Partition 2    Prim„r             926 GB   101 MB
  Partition 0    Erweitert          922 GB   927 GB
  Partition 4    Logisch            922 GB   927 GB
  Partition 3    Prim„r              13 GB  1849 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    100 MB  Fehlerfre          

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    926 GB  Fehlerfre          

=========================================================

Disk: 0
Partition 4
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   Datenpartit  NTFS   Partition    922 GB  Fehlerfre          

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   HP_RECOVERY  NTFS   Partition     13 GB  Fehlerfre          

=========================================================

Partitions of Disk 5:
===============

Datentr„ger-ID: C3072E18

  Partition ###  Typ               Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            7652 MB  4032 KB

==================================================================================

Disk: 5
Partition 1
Typ      : 0B
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 9     L   FREI8GB      FAT32  Wechselmed  7652 MB  Fehlerfre          

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 40DB00A1)
Partition 1: (Active) - (Size=100 MB) - (Type=07) (NTFS)
Partition 2: (Not Active) - (Size=927 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=923 GB) - (Type=OF) (Extended)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07) (NTFS)

====================================================================
Disk: 5 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


Last Boot: 2013-04-23 23:58

==================== End Of Log ============================

aharonov · 29.04.2013, 15:53

Hi,

kannst du nach folgendem Fix wieder normal in das befallene Benutzerkonto starten?

Schritt 1

Drücke auf einem Zweitrechner bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:

Code:

ATTFilter

HKU\Hermann Surf\...\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\8bzd6z.dat,FG00 [127488 2013-04-29] (?????????? ??????????2)
Startup: C:\Users\Hermann Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
2013-04-29 02:41 - 2013-04-29 02:41 - 00002632 ____A C:ProgramData\z6dzb8.js
2013-04-29 01:27 - 2013-04-29 02:41 - 95023320 ___AT C:ProgramData\z6dzb8.pad
2013-04-29 01:27 - 2013-04-29 02:41 - 00000000 ____A C:ProgramData\as98213.txt
2013-04-29 01:27 - 2013-04-29 01:27 - 95023320 ___AT C:ProgramData\dzrol7.pad
2013-04-29 01:27 - 2013-04-29 01:27 - 00127488 ____A (?????????? ??????????2) C:ProgramData\8bzd6z.dat
2013-04-29 01:27 - 2013-04-29 01:27 - 00127488 ____A (?????????? ??????????2) C:ProgramData\7lorzd.dat
2013-04-29 01:27 - 2013-04-29 01:27 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe
2013-04-29 01:27 - 2013-04-29 01:27 - 00000152 ____A C:ProgramData\z6dzb8.reg
2013-04-29 01:27 - 2013-04-29 01:27 - 00000056 ____A C:ProgramData\z6dzb8.bat

Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt auf deinen USB Stick neben FRST.

Schliesse den USB Stick wieder an den infizierten Rechner an.
Starte deinen Rechner erneut in die Reparaturoptionen.
Starte nun wiederum FRST, aber klicke dieses Mal auf den Fix Button.

Das Tool erstellt eine Datei Fixlog.txt auf deinem USB Stick. Poste deren Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von FRST

hardyxy9 · 29.04.2013, 16:01

Ich habe hoffentlich alles richtig gemacht:
FIXLOG

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-04-2013 02
Ran by SYSTEM at 2013-04-29 16:58:38 Run:1
Running from L:\
Boot Mode: Recovery
==============================================

HKEY_USERS\Hermann Surf\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe value not found.
C:\Users\Hermann Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully.
2013-04-29 02:41 - 2013-04-29 02:41 - 00002632 ____A C:ProgramData\z6dzb8.js => File not found.
2013-04-29 01:27 - 2013-04-29 02:41 - 95023320 ___AT C:ProgramData\z6dzb8.pad => File not found.
2013-04-29 01:27 - 2013-04-29 02:41 - 00000000 ____A C:ProgramData\as98213.txt => File not found.
2013-04-29 01:27 - 2013-04-29 01:27 - 95023320 ___AT C:ProgramData\dzrol7.pad => File not found.
2013-04-29 01:27 - 2013-04-29 01:27 - 00127488 ____A (?????????? ??????????2) C:ProgramData\8bzd6z.dat => File not found.
2013-04-29 01:27 - 2013-04-29 01:27 - 00127488 ____A (?????????? ??????????2) C:ProgramData\7lorzd.dat => File not found.
2013-04-29 01:27 - 2013-04-29 01:27 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe => File not found.
2013-04-29 01:27 - 2013-04-29 01:27 - 00000152 ____A C:ProgramData\z6dzb8.reg => File not found.
2013-04-29 01:27 - 2013-04-29 01:27 - 00000056 ____A C:ProgramData\z6dzb8.bat => File not found.

==== End of Fixlog ====

Die Frage lautete, ob ich mich jetzt wieder normal in das befallene Konto einloggen kann.
Die Antwort ist: JA, die Seite taucht nicht mehr auf.

Danke, Du bist einfach spitze!
Kommt jetzt noch was ..?

aharonov · 29.04.2013, 16:07

Ok, dann mach in diesem Konto bitte einen OTL-Scan:

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

hardyxy9 · 29.04.2013, 16:17

[AVG AntiVirus hat dabei angeschlagen und das gemeldet (warum erst jetzt...?): "";"Virus identifiziert: JS/Agent.Z, c:\ProgramData\z6dzb8.js";"Infiziert" | Ich habe auf 'entfernen' geklickt.]

[CODE])OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 4/29/2013 5:11:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hermann Surf\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11.98 Gb Total Physical Memory | 9.48 Gb Available Physical Memory | 79.11% Memory free
23.96 Gb Paging File | 21.21 Gb Available in Paging File | 88.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 926.94 Gb Total Space | 771.71 Gb Free Space | 83.25% Space Free | Partition Type: NTFS
Drive D: | 13.13 Gb Total Space | 1.62 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive J: | 922.84 Gb Total Space | 796.15 Gb Free Space | 86.27% Space Free | Partition Type: NTFS
 
Computer Name: HERMANN-HP | User Name: Hermann Neuer ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013/04/29 17:09:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hermann Surf\Downloads\OTL.exe
PRC - [2013/04/29 10:27:23 | 017,953,280 | ---- | M] () -- C:\Users\Hermann Surf\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe
PRC - [2013/04/15 12:21:49 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013/04/03 16:05:21 | 002,795,048 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/03/12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hermann Surf\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/01/25 14:47:00 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013/01/25 14:47:00 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013/01/19 16:32:58 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 11:02:40 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Brother\bratimer.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/05 12:31:52 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
PRC - [2012/01/14 08:26:31 | 000,327,392 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2011/06/09 15:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/06/09 15:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/03/30 10:41:10 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/29 03:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 09:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 09:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/28 21:32:40 | 001,825,360 | ---- | M] (Sanford, L.P.) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
PRC - [2010/11/21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2000/08/17 17:40:20 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
PRC - [1998/09/17 16:34:26 | 000,055,296 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/29 10:27:23 | 017,953,280 | ---- | M] () -- C:\Users\Hermann Surf\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe
MOD - [2013/04/15 12:21:49 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013/02/14 18:20:33 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll
MOD - [2013/02/13 20:04:07 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/10 20:45:41 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013/01/10 20:45:40 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/01/10 20:44:35 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll
MOD - [2013/01/10 20:44:27 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013/01/10 20:44:27 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013/01/10 20:44:27 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013/01/10 20:44:26 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/10 20:44:26 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/10 20:44:25 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 20:44:07 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/10 20:08:21 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/10 20:08:12 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/10 20:08:10 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll
MOD - [2013/01/10 20:08:06 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/10 20:08:05 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/10 20:08:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/10 20:08:02 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/10 20:08:01 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/10 20:08:01 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/10 20:07:57 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/12/12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/11/05 12:31:52 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/08/31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/11 01:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/11 01:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/08/09 11:37:16 | 001,571,817 | ---- | M] () -- C:\Users\Hermann Surf\AppData\Roaming\Traffic Travis v4\libeay32.dll
MOD - [2011/08/09 11:37:16 | 000,331,742 | ---- | M] () -- C:\Users\Hermann Surf\AppData\Roaming\Traffic Travis v4\ssleay32.dll
MOD - [2011/03/30 10:40:56 | 000,237,160 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/01/28 21:14:54 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
MOD - [2010/11/21 05:25:01 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2010/11/21 05:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/21 05:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/06/10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2003/07/11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
MOD - [2000/08/17 18:02:36 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTrayRes.dll
MOD - [2000/08/17 17:40:20 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
MOD - [2000/08/17 17:40:14 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Philips ToUcam Camera\GameCam SE\Program\RfDownload.dll
MOD - [1998/11/30 18:34:06 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\U32MISC.dll
MOD - [1998/07/22 17:33:02 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\u32Spy.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/05 15:17:46 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2012/07/28 13:32:43 | 000,610,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe -- (EpsonCustomerResearchParticipation)
SRV:64bit: - [2011/06/10 12:35:04 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 12:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/07 05:16:22 | 000,078,848 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\SysNative\PrintCtrl.exe -- (Printer Control)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/15 12:21:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/03 16:05:21 | 002,795,048 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/11 11:02:40 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Brother\bratimer.exe -- (BRA_Scheduler)
SRV - [2012/12/10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/05 12:31:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012/01/14 08:26:31 | 000,327,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2011/06/09 21:23:58 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/03/30 10:41:10 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/29 03:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/25 07:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/21 02:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- J:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011/02/01 09:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 09:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/28 21:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/13 14:15:32 | 000,141,824 | ---- | M] (Wireless Data Device) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmntnet.sys -- (cmntnet)
DRV:64bit: - [2013/02/13 14:15:32 | 000,123,904 | ---- | M] (Wireless Device) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnuusbser.sys -- (cmnuusbser)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/24 05:15:39 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/11/24 04:55:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/24 04:55:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/10 12:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/22 12:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 01:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/04/21 01:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/03/03 19:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/09/23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/07/26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/24 13:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKLM\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=394286201
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=394286201&q={searchTerms}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\TS_KeyLodaded\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\TS_KeyLodaded\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\TS_KeyLodaded\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\TS_KeyLodaded\..\SearchScopes\{136E043D-39D8-4884-88F7-B47A3B070908}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\TS_KeyLodaded\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\TS_KeyLodaded\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\TS_KeyLodaded\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\TS_KeyLodaded\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\TS_KeyLodaded\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT2851647.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "ChatZumSearch"
FF - prefs.js..browser.search.order.1: "ChatZumSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: webbooster@iminent.com:6.10.2.1
FF - prefs.js..extensions.enabledAddons: {ADFA33FD-16F5-4355-8504-DF4D664CFE83}:1.0.20
FF - prefs.js..extensions.enabledAddons: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:10.15.0.562
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&CUI=UN09309758555980696&UM=&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\TEMP.Hermann-HP\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/19 16:33:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/19 16:33:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2013/03/09 15:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/12 17:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/12 17:53:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/29 19:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\mozilla\Extensions
[2013/04/29 12:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\qxs2ikp0.default\extensions
[2013/04/29 11:39:26 | 000,000,000 | ---D | M] (ChatZum Toolbar) -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\qxs2ikp0.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
[2013/04/29 12:24:49 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\qxs2ikp0.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013/03/09 15:10:47 | 000,001,609 | ---- | M] () -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\mozilla\firefox\profiles\qxs2ikp0.default\searchplugins\ChatZumSearch.xml
[2013/04/29 11:39:58 | 000,001,058 | ---- | M] () -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\mozilla\firefox\profiles\qxs2ikp0.default\searchplugins\utorrentbarde-customized-web-search.xml
[2013/04/29 17:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/11/05 12:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/29 17:03:26 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
[2012/12/03 12:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
[2012/12/03 12:01:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/03 12:01:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/03 12:01:09 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\websitelogon@truesuite.com
[2013/03/09 15:10:14 | 000,000,000 | ---D | M] ("Iminent Minibar") -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM
[2012/11/05 12:31:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/12 16:59:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (IEHlprObj Class) - {DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C} - C:\Program Files\WebBoomerang\IEHelper.dll ()
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatZum Toolbar\tbunsj9FD8.tmp\tbcore3.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatZum Toolbar\tbunsj9FD8.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PE2CKFNT SE] C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003..\Run: [ctfmon.exe] C:\ProgramData\8bzd6z.dat (Корпорация Майкрософт2)
O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003..\Run: [Epson Stylus Photo PX730(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /FU "C:\Users\HERMAN~1\AppData\Local\Temp\E_SAF32.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003..\Run: [TrafficTravisv4] C:\Users\Hermann Surf\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe ()
O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Photo PX730" File not found
O4 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\TS_KeyLodaded..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKU\TS_KeyLodaded..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\TS_KeyLodaded..\Run: [TrafficTravisv4] C:\Users\Hermann\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe File not found
O4 - HKU\TS_KeyLodaded..\Run: [WebCamRT.exe] C:\Program Files (x86)\Philips ToUcam Camera\SpotLife\WebCamRT.exe /WinStart /regkey=Software\Spotlife\Spotlife.5\WebCamSettings File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Hermann Surf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~2.DLL ()
O9:64bit: - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~2.DLL ()
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~1.DLL ()
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\VideoGet\Plugins\VIDEOG~1.DLL ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2928652112-3187983571-3213460233-1003\..Trusted Domains: netzaehler.de ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DC02DD9-EAAF-4808-9CC8-A515805F5335}: DhcpNameServer = 212.23.115.132 212.23.115.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D955C847-13C9-4AE2-A9D9-B6218CB8759A}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F40FCA03-8D20-441F-BCF5-08EF17DC8385}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2198e1bf-8eac-11e1-83e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2198e1bf-8eac-11e1-83e1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/30 01:40:05 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/29 12:26:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/29 12:21:13 | 000,000,000 | ---D | C] -- C:\Users\Hermann Neuer ADMIN\AppData\Local\AuthenTec
[2013/04/29 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Symantec
[2013/04/29 11:53:01 | 000,000,000 | ---D | C] -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\vlc
[2013/04/29 11:31:56 | 000,000,000 | ---D | C] -- C:\Users\Hermann Neuer ADMIN\AppData\Local\Scansoft
[2013/04/29 11:27:49 | 000,127,488 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\8bzd6z.dat
[2013/04/29 11:27:49 | 000,127,488 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\7lorzd.dat
[2013/04/29 11:27:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/04/29 10:07:33 | 000,000,000 | R--D | C] -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Brother
[2013/04/21 15:17:09 | 000,000,000 | R--D | C] -- C:\Jessis iPod
[2013/04/12 23:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013/04/12 23:19:22 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll
[2013/04/12 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2013/04/12 23:19:21 | 000,255,488 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll
[2013/04/12 23:19:21 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll
[2013/04/12 23:19:21 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2013/04/12 23:19:21 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll
[2013/04/12 23:19:21 | 000,083,968 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
[2013/04/12 23:19:21 | 000,059,392 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll
[2013/04/12 23:19:21 | 000,048,640 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll
[2013/04/12 23:19:12 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2013/04/12 23:16:23 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2013/04/12 23:16:23 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2013/04/12 23:16:21 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi209c.dll
[2013/04/12 23:16:20 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL
[2013/04/12 23:16:20 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE
[2013/04/12 23:16:20 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL
[2013/04/12 23:16:20 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL
[2013/04/12 23:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2013/04/12 23:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2013/04/12 23:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11
[2013/04/12 23:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2013/04/12 23:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2013/04/12 23:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2013/04/12 23:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2013/04/10 19:00:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 19:00:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 19:00:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 19:00:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 19:00:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 19:00:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 19:00:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 19:00:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 19:00:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 19:00:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 19:00:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 19:00:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 19:00:45 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 19:00:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 19:00:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 14:42:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2013/04/10 11:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013/04/10 11:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013/04/10 10:59:48 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 10:59:47 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 10:59:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 10:59:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 10:59:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 10:59:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 10:59:37 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 10:59:37 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 10:59:37 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 10:59:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 10:59:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 10:59:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/08 11:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/04 10:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2013/04/04 10:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/04/04 10:38:56 | 000,000,000 | ---D | C] -- C:\Users\Hermann Neuer ADMIN\AppData\Roaming\Iminent
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/29 17:10:33 | 000,030,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 17:10:33 | 000,030,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 17:04:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/29 17:03:46 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/29 17:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/29 17:03:02 | 1058,267,134 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/29 14:19:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/04/29 14:19:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/04/29 14:03:08 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/29 14:03:08 | 000,698,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/04/29 14:03:08 | 000,652,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/29 14:03:08 | 000,148,570 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/04/29 14:03:08 | 000,121,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/29 13:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/29 12:41:52 | 095,023,320 | ---- | M] () -- C:\ProgramData\z6dzb8.pad
[2013/04/29 12:41:51 | 000,002,632 | ---- | M] () -- C:\ProgramData\z6dzb8.js
[2013/04/29 11:27:51 | 095,023,320 | ---- | M] () -- C:\ProgramData\dzrol7.pad
[2013/04/29 11:27:51 | 000,000,152 | ---- | M] () -- C:\ProgramData\z6dzb8.reg
[2013/04/29 11:27:51 | 000,000,056 | ---- | M] () -- C:\ProgramData\z6dzb8.bat
[2013/04/29 11:27:49 | 000,127,488 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\8bzd6z.dat
[2013/04/29 11:27:49 | 000,127,488 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\7lorzd.dat
[2013/04/29 11:27:49 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/04/21 14:43:39 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/04/15 12:21:49 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/15 12:21:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/12 23:24:01 | 005,060,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/12 23:20:27 | 000,000,256 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2013/04/12 23:20:27 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2013/04/12 23:19:22 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2013/04/12 23:19:22 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\BD9320CW.DAT
[2013/04/12 21:07:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2013/04/12 12:47:55 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/10 11:21:06 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2013/04/08 11:44:53 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/04 16:55:02 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung Selbstständige 2013.lnk
[2013/04/04 10:41:25 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
 
========== Files Created - No Company Name ==========
 
[2013/04/29 12:41:51 | 000,002,632 | ---- | C] () -- C:\ProgramData\z6dzb8.js
[2013/04/29 11:27:51 | 000,000,152 | ---- | C] () -- C:\ProgramData\z6dzb8.reg
[2013/04/29 11:27:51 | 000,000,056 | ---- | C] () -- C:\ProgramData\z6dzb8.bat
[2013/04/29 11:27:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\z6dzb8.pad
[2013/04/29 11:27:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\dzrol7.pad
[2013/04/12 23:20:27 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/04/12 23:20:27 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/04/12 23:20:00 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/04/12 23:19:22 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BD9320CW.DAT
[2013/04/12 23:19:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll
[2013/04/12 23:19:21 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013/04/12 23:19:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/04/12 23:19:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/04/12 23:16:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/12 23:16:19 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BRADC08A.DAT
[2013/04/12 23:16:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/04/12 23:13:15 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2013/04/12 21:07:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2013/04/10 11:21:06 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2013/04/04 10:41:25 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2013/03/20 23:35:45 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL
[2013/02/14 17:50:08 | 000,003,822 | ---- | C] () -- C:\Users\Hermann Neuer ADMIN\AppData\Local\recently-used.xbel
[2012/10/30 18:20:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/10/29 18:32:59 | 000,000,680 | RHS- | C] () -- C:\Users\Hermann Neuer ADMIN\ntuser.pol
[2012/09/05 11:09:40 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2012/08/20 22:46:42 | 000,000,434 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2012/05/30 18:03:20 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2012/05/30 18:03:14 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\Lffpx90n.dll
[2012/04/27 10:21:52 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012/04/25 10:01:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/04/25 07:45:37 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012/04/25 07:45:13 | 000,000,108 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012/04/25 07:42:33 | 000,000,109 | ---- | C] () -- C:\Windows\Startup.INI
[2012/04/25 07:32:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/24 05:16:18 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/11/24 05:08:24 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/05/13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011/05/13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011/05/13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011/05/13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

aharonov · 29.04.2013, 16:24

Ok, dann weiter:

Schritt 1

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste in deiner nächsten Antwort:

Log von Combofix

hardyxy9 · 29.04.2013, 16:24

Code:

ATTFilter

OTL Extras logfile created on: 4/29/2013 5:11:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hermann Surf\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11.98 Gb Total Physical Memory | 9.48 Gb Available Physical Memory | 79.11% Memory free
23.96 Gb Paging File | 21.21 Gb Available in Paging File | 88.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 926.94 Gb Total Space | 771.71 Gb Free Space | 83.25% Space Free | Partition Type: NTFS
Drive D: | 13.13 Gb Total Space | 1.62 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive J: | 922.84 Gb Total Space | 796.15 Gb Free Space | 86.27% Space Free | Partition Type: NTFS
 
Computer Name: HERMANN-HP | User Name: Hermann Neuer ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F0A6D58-9D04-4D69-9AB0-DB0A7D63AC0D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{16D7A1EE-07BF-486D-914A-AB99734C68A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1C371BC2-4EE7-4068-8887-F9128D9BD866}" = lport=445 | protocol=6 | dir=in | app=system | 
"{20EC722F-B7B1-4E3C-8B0F-0FACCFAD2BB8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2E7A4B1B-EB8F-42F6-8937-071D4BED4572}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{35FC5BF6-3F2C-4969-8090-BD270F29455E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5B82E96C-2BA0-4D07-9F2F-9A72BDF63FFA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{609F0025-4603-4C5E-BC3C-76E299FE845E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72257A86-B1B6-4E7D-AA88-69C028216C1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72328FD2-FE86-47A8-A4A1-E96CA677FC09}" = lport=138 | protocol=17 | dir=in | app=system | 
"{75569B86-9E02-4128-BD47-22A22DC1F5BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B2DD580-1EDC-45D5-885E-CFB38CFFAEF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B3215BA-1421-4155-ABD1-178007F5F538}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EF23A43-620E-4E42-99D7-C0CF2ACB6B5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{978405B5-9227-4D21-88F1-C5AA743152DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A006B7C8-790C-4EF8-A72C-BDD5BFBD8B96}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A46AE90C-0C80-46AF-BDC9-7E8EA1612B25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9978CD6-1788-4D96-B013-FE0CEC32656E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AA066438-AD75-4D5A-B264-AD391EEE6F4A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B877C8E9-48FA-47D6-A10D-457A1CE416D6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CA75F088-0937-48D5-B077-691104C5864A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D4D97E95-BA51-4063-97D0-BA224E03ADCE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D5F78378-563B-4CD1-A6F1-178A134F1AE4}" = lport=58432 | protocol=6 | dir=in | app=j:\datev\programm\sws\limaservice.exe | 
"{D8AF3C27-9DD2-434E-95AA-B9076E3A00B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA7128E2-0422-4E52-BBFD-1CF9912FEF01}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DB3515F8-40AE-41C3-AB7D-B73C325B5482}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F7C4B358-75D6-4184-9A87-88A87CD7DAB5}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A91278B-0D81-44DA-BA6C-4B6717B64CF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FC6C419-276A-45DF-8ADA-639ACDF52D4C}" = protocol=17 | dir=in | app=c:\program files (x86)\expressdownloader\expressdownloader.exe | 
"{11C07882-8D19-4774-B0F1-61A2183A2BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{1AFBA0E4-9A51-4651-ADD3-4185E7EF6211}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1E4E70AC-66C5-4CB8-B305-2BB9D8421D44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{22580837-401A-409D-8337-2091595F0D2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{289540C5-635D-426A-93C1-237233AE0416}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{2BD6B288-0CD5-4EBD-9680-5F30FDA3765A}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\auditorserver.exe | 
"{2BE0329F-91E3-4854-81C3-6C33BF042298}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2E3A176E-D033-493B-8AE8-9B6942479791}" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe | 
"{2E9DD156-4181-4F7F-91DD-3A0174630821}" = protocol=6 | dir=in | app=c:\program files (x86)\expressdownloader\expressdl.exe | 
"{32407DCE-478F-431A-99E8-9F4C9248FF8B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{36E6D74B-7376-42C4-AF71-99EA6F0B0982}" = protocol=6 | dir=in | app=c:\users\hermann surf\appdata\roaming\dropbox\bin\dropbox.exe | 
"{37369233-611D-4B4F-B927-43FB793CAFAC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{39CEB60E-73A5-479D-97C0-971E47D6F3A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A155A3A-06B7-4AA2-AB41-D96B60122C9B}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe | 
"{3B55F349-9B90-496A-AF5A-3EC6941CF347}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{3FD8FEC9-6BE4-40EC-950D-F72C34AF6D5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{421B0D4D-0209-48B5-8158-1DC184922F4E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{4349F59A-3480-4B2A-83B5-A7A8F6195814}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{45C15BEF-5F85-40C9-BF00-35C7362FAC8C}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\discover.exe | 
"{45DCEAB4-B93B-4C58-B530-CB14F45F2B82}" = protocol=6 | dir=in | app=c:\program files (x86)\expressdownloader\expressdownloader.exe | 
"{4692BB66-283E-471D-9ABF-C723D51118BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{480A7F3D-0768-4645-8B89-46224C080785}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{481C5440-0F25-4EBB-B331-B1952759AD79}" = protocol=6 | dir=out | app=system | 
"{48798660-A2BD-4953-A2C5-B5F6CCED504E}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe | 
"{504F9F63-8E3A-4A9B-B95A-B94F854B93AD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{5AA17E94-4CF3-41CC-90FC-24FD734E2F90}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5C98B513-C8E6-4A5C-A050-97292FFFD404}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{5CFAB63B-77A6-43FD-AAE2-CEC08A92E0A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{5D3924E9-F457-4DBE-B63A-81B2E88E5D1D}" = protocol=17 | dir=in | app=c:\program files (x86)\expressdownloader\expressdl.exe | 
"{5EAF8DF2-3322-4C09-B8CE-8A1265244B7F}" = protocol=17 | dir=in | app=c:\users\hermann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{619CE385-3478-4BCD-98D8-C4ABE8A509DB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{655A91B7-3A3E-4AA2-A004-936A90DC92BD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{683F3B46-30D2-4F6F-99C0-87CA017D6452}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{6A2CC0F6-CBDE-40CB-B7AF-6C1F36C718C6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{6A35EBD1-04AB-48A0-8742-AF4BA9D007DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BBC6A2A-E907-4FB6-8145-C6FCECC1C92F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6C2C26FB-7C41-4549-941E-28255564FBFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{70FE9265-FEC5-4E27-BB87-47874E9BE547}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{73F257DE-92B3-4936-B905-624488A6531F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{785B1033-82C9-4550-BDED-5CCD98BCCAFF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{79B09C43-3FDF-4E1C-817B-2B1162D3FB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradminv3.exe | 
"{79FBD4DE-9A2F-4888-99FC-9F27763BDE51}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{841E6940-5771-4802-8E01-7D28D979D727}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{8603C3F9-DDBE-45F4-A937-11995E17A343}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{87F5BA3D-B62D-4B65-AB6C-F274831ED282}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{89E1A2D3-CE96-406D-946D-310592523755}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe | 
"{8A1802E4-A34D-46C3-BB36-8454048E449F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{8E06D89B-4BC2-4C99-AF6B-6E14D0A8E448}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8FA5EB97-D739-4047-8763-A6971DFAF594}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{93A66CDB-BAF5-4E28-9F6E-6D508E668CD3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{94C2D0D8-9549-4567-9C7F-F274600E33AA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{99C02660-B41A-4B7B-9428-F931AE336D0C}" = protocol=17 | dir=in | app=c:\users\hermann surf\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9D1683DD-2380-4715-8BE6-12E4E4350383}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{A3D247C0-832D-4F22-B3A1-3ED680EA3E9A}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{AA339657-6618-468D-B1C8-A72B730E875C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{ACAA6ED7-BDBF-4897-975C-1FFE6EC2E8DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0D18616-0620-419F-A92D-6E90C65911F9}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\auditorserver.exe | 
"{B3817A9C-4FD0-423F-BAB9-C74D574DA2FF}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{B3EDE312-82C2-4C93-9AB0-A8F634B29C42}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{BB0DFBDB-D88C-472C-8C76-300E0458DEBD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BCFEBE79-EF42-41C7-9878-A8C71933EDFB}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{BDBF56E7-90E0-4798-B0A3-C1D1E48E8DB2}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradminv3.exe | 
"{BF240AD5-9BC7-4D8D-8868-4F291C62C3F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{BF7F13D3-0330-4383-86C2-5F6045AA5AE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C2D58F4D-43EE-4AC0-A520-DB1FB9C475CB}" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe | 
"{C5AAEC65-19F4-4694-8025-E7C90ABA4A61}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF8DE5FD-A7E2-4180-A337-6935F50A7122}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D3050424-332A-4503-830B-D6DD3AB8408B}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe | 
"{D6F205DB-1175-4E5A-8513-D4840F6FCB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{DC117A26-B81D-464A-970B-0B9B0B258CDB}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{DD121E53-B435-489E-A6A4-47886BB40C5F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DFDC31A1-EB10-4F43-A0AF-5A36BE4361DB}" = protocol=6 | dir=in | app=c:\users\hermann\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E2D06C98-53EC-483B-B07D-515A730E2FD0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{E7841BC7-4320-4717-BC30-E8DBC72DFE10}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E7D9E46B-46F9-4299-A013-072598001DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{E8B80477-5BF5-4900-8256-ABD11EE96FA0}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{F1A064A1-217F-4981-BC08-7AA7318590D4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F328C25E-5B6A-46D1-956C-97D3B43188F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{F58DAA6F-5057-46DA-934E-19A9BA9F4837}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{F992315F-3826-42B4-883C-42F743FC4AC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB90A9FC-0538-49C1-B0CE-8444EC9D6EC8}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{FBDCAABB-1119-4A0B-BE5C-E879CDE65CD1}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\discover.exe | 
"{FCE50A0A-820A-4C56-BEEB-16EBAFCDB17D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{072E630F-CC08-472A-99FC-C2240EACE6DB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{3558707B-C647-4A97-A69B-36D5093F6520}C:\users\jessi\appdata\roaming\icq\application\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\users\jessi\appdata\roaming\icq\application\icq7m\icq.exe | 
"TCP Query User{45A39CF0-FF63-4EF0-A67D-73C8CCEDAFC7}C:\users\hermann surf\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hermann surf\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{46B383E5-6292-456B-8DFF-3534E2A516D5}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{533A37B6-CEBA-4B10-A3C6-D7A06220313F}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{7A290094-2ACE-494A-B926-FC765AD38A5C}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"TCP Query User{83DAD32A-66FF-4D6D-9F9E-C7CB179DA55F}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe | 
"TCP Query User{B07358DB-BE45-4BAB-94A3-9A220C7BA28B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{BC044F70-CC40-4ACD-84A8-9C1CAFA17D73}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{C0AC2A38-0FF8-445A-8613-7266913C3301}C:\users\hermann surf\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\hermann surf\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{CCD3AADA-CB78-4243-80A4-46F46D76C80C}C:\users\hermann surf\appdata\roaming\ifiqg\qyut.exe" = protocol=6 | dir=in | app=c:\users\hermann surf\appdata\roaming\ifiqg\qyut.exe | 
"TCP Query User{E48BAAFD-7234-402C-9B83-85C796935899}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{ECAF0A28-F2AC-48BF-98D8-83E0551332C4}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"TCP Query User{FF3DC86B-A4A9-44C4-9416-0EE7977DCAB9}C:\users\hermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hermann\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3D662827-3EB8-4E98-9456-1A1F77626E98}C:\users\hermann surf\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hermann surf\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3E3DE64F-7561-4039-961E-2BA7FF638C1A}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{43BCA85F-6B93-44E2-9F95-AF2336FBBBA0}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{4D4B8652-97B9-42FD-81AC-D19A2A10A713}C:\users\jessi\appdata\roaming\icq\application\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\users\jessi\appdata\roaming\icq\application\icq7m\icq.exe | 
"UDP Query User{58DD2C0E-DD88-426C-A292-97D5D9190C04}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe | 
"UDP Query User{770F6E20-97EF-42B3-94BA-2AEB5A1B57D2}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{7D1791C4-20C4-4077-8A9F-5094E43C8354}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{7F837ED5-3106-46D6-BE9A-9ECCD893417E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{AFCD705A-18B9-40F4-A58B-A0451AE2054E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{B160DC47-D4F9-4A2E-AE17-6F1366B336C4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{C9006E0A-A2AE-4569-A9B3-54A7A1A0DF0C}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{CC3C6E82-6893-48A2-B627-F87A540D3F96}C:\users\hermann surf\appdata\roaming\ifiqg\qyut.exe" = protocol=17 | dir=in | app=c:\users\hermann surf\appdata\roaming\ifiqg\qyut.exe | 
"UDP Query User{D2D88B72-3963-4EDE-9799-F3D09786B30B}C:\users\hermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hermann\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{EFFE1277-B954-413F-9BE9-FFD5637620B1}C:\users\hermann surf\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\hermann surf\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}" = AllWebMenus PRO 5.3.908
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FD80311-508F-42C3-A004-4CC8D08231F5}" = AVG 2013
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B26449A6-6007-4460-B4FE-C4776115BCEA}" = Epson Customer Research Participation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.95
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Artensoft Photo Collage Maker_is1" = Artensoft Photo Collage Maker
"AVG" = AVG 2013
"EPSON PX730 Series" = Druckerdeinstallation für EPSON PX730 Series
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Retouch Pilot Free_is1" = Retouch Pilot Free 3.5.3
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09764316-ABC4-4469-AD5B-D3EACE45EE3D}" = Drivers For Free
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}" = LibreOffice 4.0.2.2
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{118D6CE9-5F18-42F9-958A-14676A629FDE}" = Iminent
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C41FC6B-00C9-11D4-8EB7-00500462F5BA}" = Reality Fusion VBall
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{229A9797-2EE6-4B96-9CEC-3E4710F611E0}" = Lexware Abschreibungsrechner
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30AB2FCD-FBF2-4bed-4444-13E6A1468621}_is1" = Ann Video Converter 4.5.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34681D92-5958-406A-A654-1B57E7A7B3DC}" = HP Support Assistant
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41102DB9-776E-40FA-9085-4554C93A3719}" = Lexware Elster
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4451CEE8-8904-44B4-BADD-90878F269063}" = Lexware büro easy 2011
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C5D19EF-994D-8913-F5E0-C798380792AE}" = Market Samurai
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{515B238D-5EDC-4D9F-BA3E-66470D6FDDF7}" = PowerArchiver 2012
"{524CA1A3-FA5E-11D3-8EB7-00500462F5BA}" = Reality Fusion GameCam SE
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BC4DC1E-3798-4CF4-9088-A6864DFAE1B2}" = Lexware online banking
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C0CB7FD-BC33-4979-9B18-8089831C2513}" = EverDesk Google Edition
"{7DA64485-2CEE-4F7B-84AB-B287236703B6}" = HERMA Label Designer plus 1.1
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8A0947D0-A565-4694-85FB-F47049D8CD66}_is1" = Aiseesoft iTunes Backup Genius 2.1.2
"{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}" = Garmin POI Loader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EBB8452-274B-465D-8324-00B0832FBB02}" = SoftMaker Office Professional 2012
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F8441B-E7A7-4513-9D7C-080B643D2FD6}_is1" = PresentationTube Recorder 1.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93337CC5-9BC4-4FB0-B82E-38EC63E149F3}_is1" =  Leawo iTransfer version  1.4.0.1106
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}" = Brother MFL-Pro Suite MFC-9320CW
"{A4D00E12-F45D-4D43-8B10-0DDD83E8224D}" = Steuer-Spar-Erklärung Selbstständige 2013
"{A6DB62F9-ECEE-4716-B56B-D18673113AF6}" = Adobe CreatePDF Desktop Printer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E443A61D-26C7-43AA-A2C1-36CAE266B883}" = eM Client
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD071DBA-2994-4350-93BB-EC245D0D3C74}_is1" = iResizer 2.1
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Around the World in 80 Days_is1" = Around the World in 80 Days
"Audacity_is1" = Audacity 2.0.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Camfrog 6.3" = Camfrog Video Chat 6.3
"ChatZum Toolbar" = ChatZum Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleverPrint_is1" = CleverPrint
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DATEVB00000482.0" = DATEV Installation V.2.8
"Digimarc MediaBridge Reader" = Digimarc MediaBridge Reader
"DYMO Label v.8" = DYMO Label v.8
"EasyBits Magic Desktop" = Magic Desktop
"EPSON PX730 Series Netg" = Netzwerkhandbuch EPSON PX730 Series
"EPSON PX730 Series Useg" = Benutzerhandbuch EPSON PX730 Series
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"EverDesk Google Edition" = EverDesk Google Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FileStream Web Boomerang" = FileStream Web Boomerang
"FlipBook Maker_is1" = FlipBook Maker  3.6.3
"Flow Architect Studio 3D" = Pixelplan - Flow Architect Studio 3D
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.05" = GPL Ghostscript
"HaaliMkx" = Haali Media Splitter
"iLivid" = iLivid
"IMBoosterARP" = Iminent
"Inkscape" = Inkscape 0.48.4
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"Light Developer_is1" = Light Developer v7.1, build 12452
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PageCam3UnInstall" = PageCam 3.1
"PatchBeam" = PatchBeam
"PDF Blender" = PDF Blender
"PhotoMagic_is1" = PhotoMagic 1.0.0.0
"PhotoScape" = PhotoScape
"Pixelplan O4C Viewer Web" = Pixelplan - Pixelplan O4C Viewer Web
"PowerArchiver 2012 13.01.04" = PowerArchiver 2012
"RealPlayer 16.0" = RealPlayer
"Smiley Bar for Facebook" = Smiley Bar for Facebook
"Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VideoGet_is1" = Nuclear Coffee - VideoGet
"VideoLink Mail" = VideoLink Mail
"VIP Access SDK" = VIP Access SDK (1.0.1.4) 
"VLC media player" = VLC media player 2.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Wondershare DVD Creator_is1" = Wondershare DVD Creator(Build 2.6.5)
"WPClipper_is1" = wpclipper-9.0
"WTA-0c4da2a4-127e-4981-8792-6f0336cc0265" = Virtual Villagers - The Secret City
"WTA-13275dd6-2efd-4948-b91b-4d5a3b3baf82" = Vacation Quest - The Hawaiian Islands
"WTA-142c8a84-58f6-48b7-96be-8da00c7ff024" = Jewel Quest Solitaire
"WTA-1daa3e6a-499f-4e4b-b94a-8aa3ba13dba8" = Plants vs. Zombies - Game of the Year
"WTA-235577f2-d693-4acc-88ba-2d6a18ddd604" = Farm Frenzy
"WTA-302b780a-01ae-400a-ad48-905811d34e7b" = Slingo Deluxe
"WTA-43ebcc01-799e-4741-af77-aed5dac5187c" = Chuzzle Deluxe
"WTA-4fe1ba36-6ba0-4275-9f24-6d7e63256943" = Penguins!
"WTA-52431ca9-7dba-41a0-866b-11d571c8ff5f" = Cake Mania
"WTA-57b36382-4aac-4aac-8a21-b6232e02c186" = Namco All-Stars: PAC-MAN
"WTA-597c9fff-5014-4758-9055-7a0bb5c0b19a" = FATE
"WTA-6852dfd1-6493-4a40-8351-88b02ec8fa4f" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-863e423d-2ac9-46c4-a14f-ab9629ea5e69" = Mah Jong Medley
"WTA-921809fe-ce1a-408d-9f4e-86094fb0bc49" = Bounce Symphony
"WTA-92eb1cd5-48a2-44bb-b801-c700542979f1" = Bejeweled 3
"WTA-aea39541-275c-462a-ab88-d266bda3bb9a" = Blasterball 3
"WTA-b068a0cf-5e2d-4afa-893a-7ec15e846550" = Agatha Christie - Peril at End House
"WTA-b367d5b1-f99e-428c-a071-14cedc3d6587" = Polar Bowler
"WTA-c28db2a8-8ed0-4bbd-884c-c64674a16096" = Cradle of Rome 2
"WTA-cbab492f-9a2f-490b-a83b-2f89683459b5" = Mystery of Mortlake Mansion
"WTA-cbfd3959-4865-430b-81df-82e99b88fdc3" = Zuma Deluxe
"WTA-d5456a57-e623-49af-8dab-59f5a847d775" = Governor of Poker 2 Premium Edition
"WTA-f4f3aa1c-17de-48f9-b3ec-bfaa12a08314" = Chronicles of Albian
"XSManager" = XSManager
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2928652112-3187983571-3213460233-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2928652112-3187983571-3213460233-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\TS_KeyLodaded\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
"ExpressDownloader" = ExpressDownloader
"GoToMeeting" = GoToMeeting 5.3.0.978
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/25/2013 10:09:18 AM | Computer Name = Hermann-HP | Source = MsiInstaller | ID = 11730
Description = 
 
Error - 3/25/2013 1:13:48 PM | Computer Name = Hermann-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bratimer.exe, Version: 0.0.0.0, Zeitstempel:
 0x50c6862f  Name des fehlerhaften Moduls: bratimer.exe, Version: 0.0.0.0, Zeitstempel:
 0x50c6862f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002624  ID des fehlerhaften Prozesses:
 0xf54  Startzeit der fehlerhaften Anwendung: 0x01ce2949cdf06060  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Brother\bratimer.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Brother\bratimer.exe  Berichtskennung: 5b330c2c-956f-11e2-800d-386077677cb6
 
Error - 3/28/2013 7:43:50 AM | Computer Name = Hermann-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
 Zeitstempel: 0x4df09290  Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
 5.3.0.194, Zeitstempel: 0x4df09290  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0001280a
ID
 des fehlerhaften Prozesses: 0x38c  Startzeit der fehlerhaften Anwendung: 0x01ce2ba97b13e79d
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
 c1d0cb4d-979c-11e2-bbb7-386077677cb6
 
Error - 3/29/2013 8:36:32 AM | Computer Name = Hermann-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
 Zeitstempel: 0x4df09290  Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
 5.3.0.194, Zeitstempel: 0x4df09290  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0001280a
ID
 des fehlerhaften Prozesses: 0x304  Startzeit der fehlerhaften Anwendung: 0x01ce2c7a00ba1d47
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
 48d5c5ff-986d-11e2-bd9a-386077677cb6
 
Error - 3/29/2013 10:48:31 AM | Computer Name = Hermann-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\hermann
 surf\downloads\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 3/29/2013 2:21:32 PM | Computer Name = Hermann-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
 Zeitstempel: 0x4df09290  Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
 5.3.0.194, Zeitstempel: 0x4df09290  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0001280a
ID
 des fehlerhaften Prozesses: 0x3c4  Startzeit der fehlerhaften Anwendung: 0x01ce2caa3320aab3
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
 7b130146-989d-11e2-b0eb-386077677cb6
 
Error - 3/31/2013 3:42:11 AM | Computer Name = Hermann-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
 Zeitstempel: 0x4df09290  Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
 5.3.0.194, Zeitstempel: 0x4df09290  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0001280a
ID
 des fehlerhaften Prozesses: 0x304  Startzeit der fehlerhaften Anwendung: 0x01ce2de337662d7b
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
 7ec9ff99-99d6-11e2-8317-386077677cb6
 
Error - 3/31/2013 5:34:13 AM | Computer Name = Hermann-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
 Zeitstempel: 0x4df09290  Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
 5.3.0.194, Zeitstempel: 0x4df09290  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0001280a
ID
 des fehlerhaften Prozesses: 0x304  Startzeit der fehlerhaften Anwendung: 0x01ce2df2d5d9ffe6
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
 25980201-99e6-11e2-8210-386077677cb6
 
Error - 3/31/2013 2:08:11 PM | Computer Name = Hermann-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
 Zeitstempel: 0x4df09290  Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
 5.3.0.194, Zeitstempel: 0x4df09290  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0001280a
ID
 des fehlerhaften Prozesses: 0x30c  Startzeit der fehlerhaften Anwendung: 0x01ce2e3aab73006f
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
 f2a2262c-9a2d-11e2-af76-386077677cb6
 
Error - 4/2/2013 7:23:11 AM | Computer Name = Hermann-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
 Zeitstempel: 0x4df09290  Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
 5.3.0.194, Zeitstempel: 0x4df09290  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0001280a
ID
 des fehlerhaften Prozesses: 0x308  Startzeit der fehlerhaften Anwendung: 0x01ce2f946991b358
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
 b34dece0-9b87-11e2-b386-386077677cb6
 
[ Hewlett-Packard Events ]
Error - 1/31/2013 10:40:04 AM | Computer Name = Hermann-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ System Events ]
Error - 4/29/2013 6:42:39 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 4/29/2013 6:44:48 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 4/29/2013 8:03:50 AM | Computer Name = Hermann-HP | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 4/29/2013 8:06:32 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 4/29/2013 8:08:14 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 4/29/2013 8:21:48 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 4/29/2013 8:36:34 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 4/29/2013 8:36:40 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 4/29/2013 8:37:07 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:   %%13
 
Error - 4/29/2013 11:03:38 AM | Computer Name = Hermann-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >

aharonov · 29.04.2013, 16:25

Der nächste Schritt steht bereits im letzten Post..

hardyxy9 · 29.04.2013, 16:34

Jetzt ist gerade etwas komisches passiert:
Ich war der Meinung ich hätte hier im Thread gerade gelesen ich solle adwcleaner downloaden und anwenden. Hab ich gemacht.

Jetzt ist diese Seite nach dem Neustart wieder da und sperrt das eingeschränkte Konto..

Ich schau auf dem Zweitrechner hier in den Thread... steht nichts von adwcleaner, sondern Combofix, das gibts doch garnicht... nochmal von vorne?

aharonov · 29.04.2013, 16:38

Der FRST-Fix hatte eben nur so halbwegs geklappt, darum ist der zurückgekommen. Aber das ist kein Problem.
Gehe beim infizierten Rechner in das Admin-Konto und führe dort wie zuvor beschrieben Combofix aus.

hardyxy9 · 29.04.2013, 16:58

Ich habe Combofix durchgeführt, finde jedoch kein Logfile. Habe ich vielleicht zu früh die Maus bewegt, das Fenster hatte sich jedoch vorher schon geschlossen.
Ich finde in C: einen Dateiordner Combofix ohne Textdatei, und mit gleicher Uhrzeit einen Ordner Qoobox, da ist ein Quarantine Unterordner mit Inhalt .. nee ist leer..

Kann/Soll ich Combofix nochmal ausführen?

aharonov · 29.04.2013, 17:02

Ja, lass Combofix noch einmal laufen.

hardyxy9 · 29.04.2013, 17:32

Code:

ATTFilter

ComboFix 13-04-28.01 - Hermann Neuer ADMIN 29.04.2013  18:06:44.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.12268.9840 [GMT 2:00]
ausgeführt von:: c:\users\Hermann Neuer ADMIN\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\7lorzd.dat
c:\programdata\8bzd6z.dat
c:\programdata\dzrol7.pad
c:\programdata\rundll32.exe
c:\programdata\z6dzb8.bat
c:\programdata\z6dzb8.pad
c:\users\Hermann Surf\AppData\Roaming\Ongy
c:\users\Hermann Surf\AppData\Roaming\Ongy\upud.izl
c:\users\Hermann Surf\SoftonicDownloader_fuer_avery-zweckform-designpro.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-29  ))))))))))))))))))))))))))))))
.
.
2013-04-29 23:40 . 2013-04-29 23:40	--------	d-----w-	C:\FRST
2013-04-29 16:15 . 2013-04-29 16:15	--------	d-----w-	c:\users\Hermann Surf\AppData\Local\temp
2013-04-29 16:15 . 2013-04-29 16:15	--------	d-----w-	c:\users\Jessi\AppData\Local\temp
2013-04-29 16:15 . 2013-04-29 16:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-29 15:53 . 2013-04-29 15:53	--------	d-----w-	c:\users\Hermann Neuer ADMIN\AppData\Local\CrashDumps
2013-04-29 15:51 . 2013-04-29 15:51	--------	d-----w-	c:\users\Hermann Neuer ADMIN\AppData\Local\Diagnostics
2013-04-29 15:30 . 2013-04-29 15:30	2632	----a-w-	c:\programdata\z6dzb8.js
2013-04-29 15:29 . 2011-06-09 13:32	1658880	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2013-04-29 15:28 . 2013-04-29 15:28	159	----a-w-	c:\windows\DeleteOnReboot.bat
2013-04-29 10:21 . 2013-04-29 10:21	--------	d-----w-	c:\users\Hermann Neuer ADMIN\AppData\Local\AuthenTec
2013-04-29 10:20 . 2013-04-29 10:20	--------	d-----w-	c:\users\Hermann Neuer ADMIN\AppData\Roaming\Symantec
2013-04-29 09:53 . 2013-04-29 10:00	--------	d-----w-	c:\users\Hermann Neuer ADMIN\AppData\Roaming\vlc
2013-04-29 09:31 . 2013-04-29 09:31	--------	d-----w-	c:\users\Hermann Neuer ADMIN\AppData\Local\Scansoft
2013-04-29 09:27 . 2013-04-29 09:27	152	----a-w-	c:\programdata\z6dzb8.reg
2013-04-29 08:20 . 2013-04-29 08:20	--------	d-----w-	c:\users\Hermann Surf\AppData\Roaming\Zeon
2013-04-29 08:20 . 2013-04-29 08:20	--------	d-----w-	c:\users\Hermann Surf\AppData\Roaming\ScanSoft
2013-04-29 08:07 . 2013-04-29 08:07	--------	d-----r-	c:\users\Hermann Neuer ADMIN\AppData\Roaming\Brother
2013-04-25 08:33 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-21 13:17 . 2013-04-21 13:25	--------	d---a-r-	C:\Jessis iPod
2013-04-15 10:48 . 2013-04-15 10:48	--------	d-----r-	c:\users\Hermann Surf\AppData\Roaming\Brother
2013-04-13 12:21 . 2013-04-13 12:21	--------	d-----w-	c:\users\Jessi\AppData\Local\Scansoft
2013-04-12 21:23 . 2013-04-12 21:23	--------	d-----w-	c:\users\Hermann Surf\AppData\Local\Scansoft
2013-04-12 21:19 . 2006-07-07 10:40	73728	------w-	c:\windows\SysWow64\BRCrypt.dll
2013-04-12 21:19 . 2011-03-01 16:53	118784	------w-	c:\windows\SysWow64\BrMfNt.dll
2013-04-12 21:19 . 2010-02-09 15:22	255488	------w-	c:\windows\system32\NSSRH64.dll
2013-04-12 21:19 . 2009-10-26 08:34	59392	------w-	c:\windows\system32\BrWiaNCp.dll
2013-04-12 21:19 . 2009-10-26 08:34	48640	------w-	c:\windows\system32\Brnsplg.dll
2013-04-12 21:19 . 2009-08-18 17:38	83968	------w-	c:\windows\system32\BrNetSti.dll
2013-04-12 21:19 . 2008-10-17 18:04	179712	------w-	c:\windows\system32\BrfxDA5b.dll
2013-04-12 21:19 . 2008-06-17 13:33	167936	------w-	c:\windows\SysWow64\NSSearch.dll
2013-04-12 21:19 . 2005-04-22 11:36	143360	------w-	c:\windows\system32\BrSNMP64.dll
2013-04-12 21:19 . 2002-11-26 11:43	106496	------w-	c:\windows\SysWow64\BrMuSNMP.dll
2013-04-12 21:19 . 2007-12-13 20:16	5632	------w-	c:\windows\SysWow64\BrDctF2L.dll
2013-04-12 21:16 . 2009-01-15 17:20	3072	------w-	c:\windows\SysWow64\BrDctF2S.dll
2013-04-12 21:16 . 2007-12-13 20:16	73728	------w-	c:\windows\SysWow64\BrDctF2.dll
2013-04-12 21:16 . 2010-01-12 09:02	1560576	----a-w-	c:\windows\system32\BrWi209c.dll
2013-04-12 21:16 . 2010-05-10 15:45	103736	----a-w-	c:\windows\SysWow64\BRRBTOOL.EXE
2013-04-12 21:16 . 2010-04-02 12:33	25299	----a-w-	c:\windows\SysWow64\BRLM03A.DLL
2013-04-12 21:16 . 2006-12-21 09:23	176128	----a-w-	c:\windows\SysWow64\BROSNMP.DLL
2013-04-12 21:16 . 2005-01-17 14:10	45056	----a-w-	c:\windows\SysWow64\BRTCPCON.DLL
2013-04-12 21:16 . 2004-08-09 13:42	77824	----a-w-	c:\windows\SysWow64\BRLMW03A.DLL
2013-04-12 21:13 . 2013-04-12 21:13	--------	d-----w-	c:\program files\Nuance
2013-04-12 21:13 . 2013-04-12 21:21	--------	d-----w-	c:\programdata\InstallShield
2013-04-12 21:12 . 2013-04-12 21:12	--------	d-----w-	c:\program files (x86)\Common Files\ScanSoft Shared
2013-04-12 21:12 . 2013-04-12 21:13	--------	d-----w-	c:\programdata\ScanSoft
2013-04-12 21:12 . 2013-04-12 21:12	--------	d-----w-	c:\program files (x86)\ScanSoft
2013-04-12 21:11 . 2013-04-12 21:20	--------	d-----w-	c:\programdata\Brother
2013-04-12 19:08 . 2013-04-12 19:08	--------	d-----w-	c:\users\Jessi\AppData\Roaming\ExpressDownloader
2013-04-10 12:42 . 2013-04-10 12:42	--------	d-----w-	c:\users\Hermann Surf\AppData\Roaming\LibreOffice
2013-04-10 09:20 . 2013-04-10 09:21	--------	d-----w-	c:\program files (x86)\LibreOffice 4.0
2013-04-04 18:16 . 2013-04-04 18:16	--------	d-----w-	c:\users\Jessi\AppData\Roaming\TeamViewer
2013-04-04 08:41 . 2013-04-04 08:41	--------	d-----w-	c:\programdata\Garmin
2013-04-04 08:41 . 2013-04-04 08:41	--------	d-----w-	c:\programdata\Package Cache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 10:21 . 2012-04-25 05:38	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-15 10:21 . 2011-11-24 03:08	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 17:01 . 2012-04-25 05:41	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-29 18:01 . 2013-03-29 18:01	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 18:01 . 2013-03-29 18:01	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-29 18:01 . 2013-03-29 18:01	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 18:01 . 2013-03-29 18:01	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-29 18:01 . 2013-03-29 18:01	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-29 18:01 . 2013-03-29 18:01	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-29 18:01 . 2013-03-29 18:01	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-29 18:01 . 2013-03-29 18:01	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 18:01 . 2013-03-29 18:01	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 18:01 . 2013-03-29 18:01	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-29 18:01 . 2013-03-29 18:01	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-29 18:01 . 2013-03-29 18:01	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-29 18:01 . 2013-03-29 18:01	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-29 18:01 . 2013-03-29 18:01	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 18:01 . 2013-03-29 18:01	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-29 18:01 . 2013-03-29 18:01	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-29 18:01 . 2013-03-29 18:01	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-29 18:01 . 2013-03-29 18:01	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-29 18:01 . 2013-03-29 18:01	441856	----a-w-	c:\windows\system32\html.iec
2013-03-29 18:01 . 2013-03-29 18:01	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-29 18:01 . 2013-03-29 18:01	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-29 18:01 . 2013-03-29 18:01	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-29 18:01 . 2013-03-29 18:01	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 18:01 . 2013-03-29 18:01	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-29 18:01 . 2013-03-29 18:01	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-29 18:01 . 2013-03-29 18:01	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-29 18:01 . 2013-03-29 18:01	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-29 18:01 . 2013-03-29 18:01	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 18:01 . 2013-03-29 18:01	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 18:01 . 2013-03-29 18:01	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 18:01 . 2013-03-29 18:01	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-29 18:01 . 2013-03-29 18:01	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-29 18:01 . 2013-03-29 18:01	235008	----a-w-	c:\windows\system32\url.dll
2013-03-29 18:01 . 2013-03-29 18:01	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 18:01 . 2013-03-29 18:01	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 18:01 . 2013-03-29 18:01	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 18:01 . 2013-03-29 18:01	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-29 18:01 . 2013-03-29 18:01	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 18:01 . 2013-03-29 18:01	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-29 18:01 . 2013-03-29 18:01	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-29 18:01 . 2013-03-29 18:01	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 18:01 . 2013-03-29 18:01	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 18:01 . 2013-03-29 18:01	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 18:01 . 2013-03-29 18:01	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-29 18:01 . 2013-03-29 18:01	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 18:01 . 2013-03-29 18:01	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-29 18:01 . 2013-03-29 18:01	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-29 18:01 . 2013-03-29 18:01	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-29 18:01 . 2013-03-29 18:01	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-02-26 21:40 . 2013-02-26 21:40	246072	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2013-02-14 01:52 . 2013-02-14 01:52	239416	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2013-02-13 12:15 . 2013-02-13 12:15	141824	----a-w-	c:\windows\system32\drivers\cmntnet.sys
2013-02-13 12:15 . 2013-02-13 12:15	123904	----a-w-	c:\windows\system32\drivers\cmnuusbser.sys
2013-02-13 12:15 . 2013-02-13 12:15	117888	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2013-02-13 12:15 . 2013-02-13 12:15	63648	----a-w-	c:\windows\system32\drivers\smsbda.sys
2013-02-13 12:15 . 2013-02-13 12:15	133120	----a-w-	c:\windows\system32\drivers\cm_netamd.sys
2013-02-13 12:15 . 2013-02-13 12:15	118272	----a-w-	c:\windows\system32\drivers\cm_seramd.sys
2013-02-13 12:15 . 2013-02-13 12:15	112640	----a-w-	c:\windows\system32\drivers\cm_net32.sys
2013-02-13 12:15 . 2013-02-13 12:15	103680	----a-w-	c:\windows\system32\drivers\cm_ser32.sys
2013-02-12 05:45 . 2013-03-13 08:24	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 08:24	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 08:24	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 08:24	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 08:24	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:24	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 21:42	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-08 02:37 . 2013-02-08 02:37	116536	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2013-02-08 02:37 . 2013-02-08 02:37	311096	----a-w-	c:\windows\system32\drivers\avgloga.sys
2013-02-08 02:37 . 2013-02-08 02:37	71480	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2013-02-08 02:37 . 2013-02-08 02:37	206136	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2013-02-08 02:37 . 2013-02-08 02:37	45880	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE" [2012-11-05 283232]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
"PE2CKFNT SE"="c:\program files (x86)\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2013-01-19 295072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2011-04-01 1163264]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
c:\users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Photo Express Calendar Checker SE.lnk - c:\program files (x86)\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2012-8-20 55296]
Reality Fusion GameCam SE.lnk - c:\program files (x86)\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe [2012-8-20 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-27 4937264]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\bratimer.exe [2012-12-11 98304]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/23 19:12;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 cmntnet;Wireless Data Device USB Ethernet Driver;c:\windows\system32\DRIVERS\cmntnet.sys [2013-02-13 141824]
R3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;c:\windows\system32\DRIVERS\cmnuusbser.sys [2013-02-13 123904]
R3 DATEV Update-Service;DATEV Update-Service;j:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [2011-02-21 155232]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-11-24 31152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-26 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-11-05 151648]
S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2012-07-28 610944]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-09 85560]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2010-05-07 78848]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-30 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2012-01-14 327392]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-04-20 131656]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-04-20 399944]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 10:47	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 10:21]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 10:39]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 10:39]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-10 1128448]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-08-08 828416]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Hermann Neuer ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\qxs2ikp0.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-PageCam3UnInstall - c:\windows\IsUn0407.exe
AddRemove-Pixelplan O4C Viewer Web - c:\users\Hermann\AppData\Roaming\Pixelplan\Pixelplan O4C Viewer Web\1.2.7\uninstall.exe
AddRemove-Traffic Travis 4.1 Setup Wizard_is1 - c:\users\Hermann\AppData\Roaming\Traffic Travis v4\unins000.exe
AddRemove-Ulead Photo Express 2.0 SE - c:\windows\IsUn0407.exe
AddRemove-{34681D92-5958-406A-A654-1B57E7A7B3DC} - c:\program files (x86)\InstallShield Installation Information\{34681D92-5958-406A-A654-1B57E7A7B3DC}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-29  18:30:09
ComboFix-quarantined-files.txt  2013-04-29 16:30
.
Vor Suchlauf: 13 Verzeichnis(se), 847.564.820.480 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 848.226.004.992 Bytes frei
.
- - End Of File - - 0836E9A956F89774FF39686B7A097D49

29.04.2013, 16:25	#10
aharonov /// TB-Ausbilder	WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Der nächste Schritt steht bereits im letzten Post.. __________________ cheers, Leo

29.04.2013, 16:38	#12
aharonov /// TB-Ausbilder	WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Der FRST-Fix hatte eben nur so halbwegs geklappt, darum ist der zurückgekommen. Aber das ist kein Problem. Gehe beim infizierten Rechner in das Admin-Konto und führe dort wie zuvor beschrieben Combofix aus. __________________ cheers, Leo

29.04.2013, 17:02	#14
aharonov /// TB-Ausbilder	WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ? Ja, lass Combofix noch einmal laufen. __________________ cheers, Leo

WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ?

Plagegeister aller Art und deren Bekämpfung: WIN7 eingeschränktes Konto nicht nutzbar / soll 100€ zahlen ?