Popups mit Sicherheitswarnung beim Surfen

orphus · 17.07.2013, 11:40

Hi,
Ich hab mir gestern auf der Suche nach einem IRC-Quizbot scheinbar irgendeinen Virus eingefangen.
Ab und an, wenn ich Links anklicke erscheint ein Popup oder es öffnet sich ein Tab, der definitiv nicht zum Link gehört, wo dann sowas steht, wie:
"Ihr PC ist gefährdet! Jetzt beheben!" oder ähnliches

Antivir findet leider nichts...

OLT.txt

Code:

ATTFilter

OTL logfile created on: 17.07.2013 11:05:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Keksinator\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,95 Gb Total Physical Memory | 3,70 Gb Available Physical Memory | 62,18% Memory free
11,90 Gb Paging File | 9,42 Gb Available in Paging File | 79,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,22 Gb Total Space | 128,92 Gb Free Space | 55,75% Space Free | Partition Type: NTFS
Drive D: | 17,87 Gb Total Space | 15,97 Gb Free Space | 89,37% Space Free | Partition Type: NTFS
Drive F: | 136,72 Gb Total Space | 16,48 Gb Free Space | 12,06% Space Free | Partition Type: NTFS
Drive G: | 79,65 Gb Total Space | 59,54 Gb Free Space | 74,75% Space Free | Partition Type: NTFS
 
Computer Name: KEKS-HQ | User Name: Keksinator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.17 10:45:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keksinator\Downloads\OTL.exe
PRC - [2013.07.06 21:55:06 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Keksinator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Keksinator\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.22 17:46:08 | 001,089,888 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013.04.02 18:51:36 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2013.04.02 18:51:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.02.15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011.06.14 18:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011.03.22 12:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011.02.17 23:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011.02.17 23:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011.02.17 23:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.13 04:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.04.28 18:25:44 | 000,228,352 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.03.25 03:32:30 | 002,499,584 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2010.03.25 03:32:16 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2007.02.14 12:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
PRC - [2004.08.27 07:20:00 | 000,573,440 | ---- | M] (Rainbow Technologies, Inc.) -- C:\Program Files (x86)\Rainbow Technologies\SentinelLM 7.2.0.21 Server\English\lservnt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.12 15:11:18 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013.07.11 23:55:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013.07.11 11:27:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.11 11:27:18 | 000,687,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\8a64025f7849664164acd20d3f8dcd7f\System.Security.ni.dll
MOD - [2013.07.11 11:27:16 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.11 11:27:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.11 11:27:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.11 11:27:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.04.20 00:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Keksinator\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.12.12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Keksinator\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.09.08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.09.08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011.09.02 10:41:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 05:24:25 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.21 05:23:56 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010.11.21 05:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.11.13 01:26:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.28 18:25:44 | 000,228,352 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.05.07 21:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.06.12 10:58:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.29 15:58:56 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.04.02 18:51:36 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2013.04.02 18:51:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.02.15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.06.14 18:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.11 12:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011.02.17 23:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.25 03:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2004.08.27 07:20:00 | 000,573,440 | ---- | M] (Rainbow Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Rainbow Technologies\SentinelLM 7.2.0.21 Server\English\lservnt.exe -- (SentinelLM)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.22 16:53:01 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.11.09 12:12:39 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.10.14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.09.02 11:00:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.02 11:00:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.05.13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.05.07 21:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.07 20:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.15 06:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.11 12:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011.02.17 03:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.13 02:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 20:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.07.28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.18 14:06:36 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.08.18 14:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.08.18 14:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.08.18 14:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.08.18 14:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.08.18 14:06:36 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2005.11.07 15:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://icewars.de/index.php?action=login&PHPSESSID=ccf8ca5ce8d83209de13de523068a92e"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keksinator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keksinator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.05.29 16:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.07.06 00:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 22:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 22:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.03 10:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.07.06 00:19:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\122.xpi [2013.07.16 17:41:12 | 000,007,562 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 22:39:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 22:39:22 | 000,000,000 | ---D | M]
 
[2011.12.18 18:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keksinator\AppData\Roaming\mozilla\Extensions
[2012.05.02 17:27:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keksinator\AppData\Roaming\mozilla\Firefox\Profiles\fec8z2r0.default\extensions
[2012.10.17 09:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.07 22:39:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.07 22:39:22 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2013.07.06 00:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.07 22:39:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.11 22:40:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 06:43:28 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.11 22:40:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.11 22:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.11 22:40:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.11 22:40:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Keksinator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Keksinator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: LyricsContainer = C:\Users\Keksinator\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.122_0\
CHR - Extension: Website Logon = C:\Users\Keksinator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Keksinator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (LyricsContainer) - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files (x86)\LyricsContainer\122.dll (RYD Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Keksinator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Keksinator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{272551F4-DF9B-4449-B1B0-38C295BDF9E4}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA0E4CF8-50C9-40F8-8F16-54CAE17C11EF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9747b1b6-306d-11e1-850b-2c4138628b11}\Shell - "" = AutoRun
O33 - MountPoints2\{9747b1b6-306d-11e1-850b-2c4138628b11}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.16 20:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConTEXT
[2013.07.16 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConTEXT
[2013.07.16 19:02:19 | 000,000,000 | ---D | C] -- C:\Windrop
[2013.07.16 17:41:42 | 002,124,481 | ---- | C] (Jason Cox                                                   ) -- C:\Users\Keksinator\Desktop\1341980304-triviabot_175912.exe
[2013.07.16 17:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013.07.16 11:24:00 | 000,037,888 | ---- | C] (Felix Kaiser) -- C:\Windows\uninstd0_1.exe
[2013.07.16 11:24:00 | 000,000,000 | ---D | C] -- C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client
[2013.07.16 11:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Client
[2013.07.16 11:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Client
[2013.07.11 11:37:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.09 17:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.07.09 17:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.07.09 16:10:35 | 000,000,000 | ---D | C] -- C:\Users\Keksinator\AppData\Local\Evernote
[2013.07.09 16:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[2013.07.09 16:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2013.07.05 11:46:23 | 000,000,000 | ---D | C] -- C:\Users\Keksinator\AppData\Roaming\dvdcss
[2013.07.04 18:06:00 | 000,000,000 | ---D | C] -- C:\Users\Keksinator\AppData\Local\{56CBD944-A49F-4C58-851F-BD2E3788CAAF}
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.17 10:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.17 10:47:21 | 000,000,168 | ---- | M] () -- C:\Users\Keksinator\defogger_reenable
[2013.07.17 10:36:40 | 000,000,025 | ---- | M] () -- C:\Windows\SIERRA.INI
[2013.07.17 10:12:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000UA.job
[2013.07.17 08:04:00 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.17 08:04:00 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.17 07:59:18 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013.07.17 07:56:33 | 000,041,880 | ---- | M] () -- C:\Windows\SysWow64\lservsta
[2013.07.17 07:56:33 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\nsprs.tgz
[2013.07.17 07:56:33 | 000,000,073 | ---- | M] () -- C:\Windows\SysWow64\nsprs.dll
[2013.07.17 07:56:33 | 000,000,017 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm
[2013.07.17 07:56:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKeksinator.job
[2013.07.17 07:56:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.17 07:56:10 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.16 20:22:19 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\ConTEXT.lnk
[2013.07.16 19:12:20 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000Core.job
[2013.07.16 18:57:59 | 000,001,085 | ---- | M] () -- C:\Users\Keksinator\Desktop\Continue Download Helper Installation.lnk
[2013.07.16 17:41:43 | 002,124,481 | ---- | M] (Jason Cox                                                   ) -- C:\Users\Keksinator\Desktop\1341980304-triviabot_175912.exe
[2013.07.16 15:22:41 | 000,001,136 | ---- | M] () -- C:\Users\Keksinator\Desktop\Weisseradler-Script - Verknüpfung.lnk
[2013.07.14 20:13:46 | 000,002,388 | ---- | M] () -- C:\Users\Keksinator\Desktop\Google Chrome.lnk
[2013.07.11 11:11:44 | 000,383,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 09:20:15 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.11 09:20:15 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.11 09:20:15 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.11 09:20:15 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.11 09:20:15 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.09 17:03:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.07.09 16:11:53 | 000,001,087 | ---- | M] () -- C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2013.07.09 16:10:27 | 000,000,932 | ---- | M] () -- C:\Users\Keksinator\Desktop\Evernote.lnk
[2013.07.06 00:09:08 | 000,000,000 | ---- | M] () -- C:\END
 
========== Files Created - No Company Name ==========
 
[2013.07.17 10:47:21 | 000,000,168 | ---- | C] () -- C:\Users\Keksinator\defogger_reenable
[2013.07.16 20:22:19 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\ConTEXT.lnk
[2013.07.16 18:57:59 | 000,001,085 | ---- | C] () -- C:\Users\Keksinator\Desktop\Continue Download Helper Installation.lnk
[2013.07.16 17:41:06 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013.07.16 15:22:41 | 000,001,136 | ---- | C] () -- C:\Users\Keksinator\Desktop\Weisseradler-Script - Verknüpfung.lnk
[2013.07.09 16:11:53 | 000,001,087 | ---- | C] () -- C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2013.07.09 16:10:27 | 000,000,932 | ---- | C] () -- C:\Users\Keksinator\Desktop\Evernote.lnk
[2013.07.06 00:09:08 | 000,000,000 | ---- | C] () -- C:\END
[2013.05.08 23:27:57 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2013.05.08 23:27:57 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2013.05.08 23:27:57 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2013.05.08 23:27:57 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2013.05.08 23:27:57 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2013.01.06 21:21:56 | 000,000,816 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.25 16:57:10 | 000,017,408 | ---- | C] () -- C:\Users\Keksinator\AppData\Local\WebpageIcons.db
[2012.07.23 23:37:08 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
[2012.01.03 09:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2011.12.28 18:25:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.28 00:09:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.12.28 00:09:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.12.28 00:09:13 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.12.27 21:38:11 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.27 21:38:10 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.12.27 21:38:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.27 18:38:45 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.12.21 23:13:10 | 000,007,602 | ---- | C] () -- C:\Users\Keksinator\AppData\Local\Resmon.ResmonCfg
[2011.11.09 12:16:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.09 12:08:37 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.09 12:07:28 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.09 12:07:28 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.09 12:07:28 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.09 12:07:27 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.09 12:07:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.09 12:07:26 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.09 12:03:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.09.02 01:43:05 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.03.15 21:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.29 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\abgx360
[2013.05.08 23:32:16 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Chemstations
[2013.04.13 12:31:50 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\DAEMON Tools Lite
[2013.07.17 07:59:12 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Dropbox
[2012.01.02 00:47:09 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Foxit Software
[2013.01.09 01:28:25 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\ICQ
[2011.12.22 00:08:09 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\IDT
[2012.12.01 00:20:44 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Kalypso Media
[2013.02.10 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\MediaMonkey
[2013.03.20 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Need for Speed World
[2012.01.03 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\OpenOffice.org
[2013.03.12 13:18:33 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Origin
[2013.05.29 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\PDF Architect
[2013.05.29 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\pdfforge
[2013.05.15 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\SmartDraw
[2013.07.07 00:10:08 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Spotify
[2011.12.18 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Synaptics
[2012.10.03 10:04:42 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Thunderbird
[2012.12.01 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Tropico 4
[2011.12.27 12:44:32 | 000,000,000 | ---D | M] -- C:\Users\Keksinator\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 

< End of report >

gmer.txt

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-17 12:30:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GS00 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\KEKSIN~1\AppData\Local\Temp\kwrdqpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                         fffff80002fae000 45 bytes [00, 00, 1B, 02, 4D, 6D, 43, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                         fffff80002fae02f 16 bytes [00, 02, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                    0000000071821a22 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                    0000000071821ad0 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                    0000000071821b08 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                    0000000071821bba 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                    0000000071821bda 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[3376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                    0000000071821a22 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[3376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                    0000000071821ad0 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[3376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                    0000000071821b08 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[3376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                    0000000071821bba 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[3376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                    0000000071821bda 2 bytes [82, 71]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[3376] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                             0000000076761465 2 bytes [76, 76]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[3376] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                            00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Users\Keksinator\AppData\Roaming\Dropbox\bin\Dropbox.exe[3408] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                  0000000076761465 2 bytes [76, 76]
.text     C:\Users\Keksinator\AppData\Roaming\Dropbox\bin\Dropbox.exe[3408] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                 00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\Rainbow Technologies\SentinelLM 7.2.0.21 Server\English\lservnt.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\Rainbow Technologies\SentinelLM 7.2.0.21 Server\English\lservnt.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076761465 2 bytes [76, 76]
.text     C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000767614bb 2 bytes [76, 76]
.text     ...                                                                                                                                                        * 2

---- EOF - GMER 2.1 ----

orphus · 17.07.2013, 11:41

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 17.07.2013 10:49:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Keksinator\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,95 Gb Total Physical Memory | 3,85 Gb Available Physical Memory | 64,77% Memory free
11,90 Gb Paging File | 9,57 Gb Available in Paging File | 80,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,22 Gb Total Space | 128,92 Gb Free Space | 55,76% Space Free | Partition Type: NTFS
Drive D: | 17,87 Gb Total Space | 15,97 Gb Free Space | 89,37% Space Free | Partition Type: NTFS
Drive F: | 136,72 Gb Total Space | 16,48 Gb Free Space | 12,06% Space Free | Partition Type: NTFS
Drive G: | 79,65 Gb Total Space | 59,54 Gb Free Space | 74,75% Space Free | Partition Type: NTFS
 
Computer Name: KEKS-HQ | User Name: Keksinator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CA6D5B-5CD7-415E-9765-2376DB98BD46}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0333916F-BFCF-4982-92E3-A48DDF55B988}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{03DCEB7A-8F65-4EC8-9B98-43515BE0BA95}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0FB9107E-459C-481E-BD49-268FF9FE7A4F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1269B876-BD95-4247-A205-B8CF934F887F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1446434F-2C93-40C4-9D67-E5C6FE44F167}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{15879250-6AF2-43CD-A5EE-1B7EEF5A9B62}" = rport=139 | protocol=6 | dir=out | app=system | 
"{18E44233-352E-4EEA-94E5-3D65C6653088}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D8C90DB-2717-4065-99AE-53CF91A6793B}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{21C9AA2A-903E-4E2E-AAF2-7DCA4BA9E2B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2301E067-556F-49D4-BB2B-243D15E08A0D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A52AE01-F339-440A-BA4A-283589D7F419}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3150B6A5-BB20-463D-B6E8-AA0C5A24AB18}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{3526E06F-029E-4FFA-8A70-50CFDC2278BA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{354A3CD6-1DBF-4F54-B535-536B84340D0F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{395F9107-FCEC-4F3A-85DA-F6EBE99A4E9B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{3BF01366-7C5C-4118-9A19-D0CB155221AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40DE9ABE-7EE8-4144-9254-FD284D3B10EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47FED6E1-95A6-4553-A6CC-7160F2033255}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49A17900-A267-4E67-B15A-CCC646BCEF6C}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{4B90EFBB-D58E-4811-9313-B521F2D1F7A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4DAAFEB6-698B-4DFA-B711-EAEB5EF3CD2C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{50BDCCE4-2C4F-465A-A33E-279764050A52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{59E8736A-CF05-44E2-AFA9-4D439718BD32}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61135340-AE69-4DEA-8BF9-28331BEB8781}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{63EC1E07-67A9-4870-B95C-22AF8E943389}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{65E6309D-9175-462C-A9FB-85E95AB08B33}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{693FB7BF-AA62-454C-880F-263FA7CEEEDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C764802-F920-4C1E-B47D-5C488F983726}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6F86A1A6-304F-47B2-9FFB-A83D97ECC11F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7062A374-1E06-4AB6-BCA3-68331ECC7AE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70BABEE9-85DC-4B7C-AB71-B48613E92EBF}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{716E0986-B73B-4469-AF98-B57BD25A89B2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{748DD890-1BE7-4610-B1DC-563306402110}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{798D59A6-43D0-4982-B5F2-FD19569A95F1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7DEAD44C-5D65-40E3-AAAE-B0624D52AB99}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{7E0220D0-8C94-4AFD-8DE7-9B402A1C06C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8248360A-3981-4124-829E-E05ADE51BB0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{89ED7DDA-3A75-48E8-A74C-B9DA696B60AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8A5814D3-4F05-4F8B-AD8D-85400251ED3D}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{960694C9-90C2-4850-9496-04FE105D8C17}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96E11A8A-6541-4545-B693-E019A772EDB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FA25255-92EF-4B1A-8418-26879B4AF9C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A65A4DC0-C591-4E1C-9C51-1C0E7A3DE09E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BAA8BB81-351A-4570-8E3D-F76F99A5F4A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BAD70B84-2E26-41FF-AE93-6C6B81BD017E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BB1184D5-64A9-4289-854F-63E45866F5AC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BE6E98EB-E01C-433B-B6D0-5C681BF29142}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C1C7D231-A5FF-43DC-AF21-DDC8CDB3EF80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CD4B022C-5BA7-4AD6-9C83-E8F444CF5B6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D356E127-D5F6-4241-A99D-B66E79A4BD4A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D5CD9E36-0B39-4B33-B0C2-4EFD0F0EA1D9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DBAB7FFF-D390-462D-BDA2-63A0D0A9B189}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E9D607FA-AD0D-4588-B8D0-044584415D8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED6FFF63-E147-4EDA-BAFD-52FF44A75F43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFA17821-620B-4D4E-8C17-750DDA5DF74A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F345D75D-5F6E-4993-9358-12C29CF5AAA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9D6508F-620E-4865-96C7-5268F723EC93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068993E3-3D3B-4043-985B-9474C8672238}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0787DE92-87F1-4089-9B46-4B8A2D5D50A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{159587CD-02EB-4BCF-A9D3-BD6526C3A3D4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{15A84204-71D0-424D-91AC-AA466EBBB49C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1AE1F2EE-987C-4FFD-A74E-EFCEB3D43DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{1AEE2219-AB4C-42B3-8D4E-CFB8FE40E4B2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{1B5D25D9-E936-4E02-BF28-6EAC9736A87B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{1BE08D6C-8031-4EF2-85F5-EC694167D61F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1E15BFC6-1C62-4EDA-A58F-903D668ECE27}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{1E3BC72B-5F4E-4BB5-8975-6AE38CC864F3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{1E6D4B05-E960-4732-8B39-C7EE0C5E375A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F284524-6393-44E0-A62D-ABE7274A261A}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{224E7D27-FE12-437E-A7C9-4C07A98796FD}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{264F4BCB-E1E7-4AB9-8E4B-1519A17BA27E}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | 
"{28AF4B04-4A19-4B59-A6E9-61D3C42D5AD3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{362FFF1F-2D6E-49DA-9B80-35B6BB966EF1}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | 
"{3F054D4E-52ED-4369-9F26-FD9C9D30BEE4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{43166388-9A11-403C-8FC2-575AAA0718B8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{43450DF1-016F-425F-9D90-3BD136736060}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{441275C7-E858-4136-9F6A-C34358CDE9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | 
"{4BB0FC47-A588-43D4-9C5D-0452B7710B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{4DA6E6F8-E1AF-4443-90B9-36D287C669E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4FF483B2-CEF2-4958-BA01-E62CEC243AFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{52847772-9879-4A80-B933-EA9AA1C5F6D3}" = protocol=6 | dir=in | app=c:\users\keksinator\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5EA75390-47B4-44D8-8126-6EDBA9A6840C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5EA77261-8B06-4163-8DC8-74DFEA5FF233}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5EE24FDE-F8B5-4E64-A314-7D1A39DE0FBD}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{5F33BD93-DFD3-41D2-A784-431A82D01A46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5F6180E1-7B1D-4222-8DA4-902474ADC7B7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{63B56B27-F3F3-4005-AFF9-97CC76327ACA}" = protocol=6 | dir=out | app=system | 
"{67F8047C-175C-4B22-A13E-B0FC61B21510}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{68447FB4-36AB-406A-83F0-A3B2DA817056}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{68A903D4-37A8-41F4-BFEE-83EBC0B24A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed world\gamelauncher.exe | 
"{6B109C57-F5DB-4F25-8015-9BB8FE537B39}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{6DD9B046-507D-48A2-A64C-FAA0A47B42AF}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | 
"{738D4A3C-E1F5-4916-924B-1F18E4A8109E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7C3834BE-0CA7-42B4-87CA-2B16B4E729AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7CD6BF75-492E-4624-9864-61DDE00C2D3B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{7DEED58A-8FE9-4FD1-87BC-A66B55CA0634}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed world\gamelauncher.exe | 
"{7E9DE957-7102-434E-B2ED-CC3635861E45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81D99214-6253-40A5-B113-526EFA1D7C25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{829F9EF6-42C9-43CC-B373-D6154F5649AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{88639D5E-D198-49FB-82F2-F90B72E9FEE6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{8AE33071-95D7-466B-BD6C-77972650DA7E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{8BAD78BE-172C-43A5-ACA9-4BF416F19022}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8CDFB99A-BF65-459F-A6CE-BF17127BCC9D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F416F64-F3AD-42E3-A489-1B1094F6C5C5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{9215EF7E-C332-4693-BD5C-F21812943AC7}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{9267B2A7-6AD5-4E16-8601-097A2C63C818}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{967162C4-794D-4D42-BF67-005CA293E2FD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{9E652948-F7CF-4BAF-805C-0D062148F287}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{A26B8306-165A-4DA4-B39D-EECBD711FDB5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A26E5E42-9963-4C4D-BF56-46F41CD37D06}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{A6CE9D04-985B-48ED-AAE2-14EF1BBFE2BD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{A832F121-BF14-4F3D-BF3C-537C6864C253}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8DEF76C-B46E-4934-BA44-DA9B8E7795EA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{AD30A438-102F-47F6-BEBE-94780ED012DF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{B28554FB-5072-425A-8256-0108BA6A4DA0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{B3628F8E-EA9E-46A7-B9CA-CFDF1F3C473A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp2014mc.exe | 
"{B49B8683-63CD-424F-80B1-A924688CACCD}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | 
"{B4E35021-FD85-4329-91BD-FC31B52B03D1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{B57806F5-7F3E-4AED-B5D6-2DAEA86FF362}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B5EA0FAE-E73C-4E3A-B418-43E16DFC868D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{BAC7301E-4326-435A-BB15-A50E36DD7225}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{C0997674-C4DC-4A46-A488-83E239DE4E10}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{C16F6FE9-BAC4-4CBF-AA17-36021133F106}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | 
"{C37845C4-EC4F-41EC-AB20-1916C4BE8E68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C5AA069E-4918-48BD-97B9-5D5E30BBA370}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CF58DFD0-2027-4DAD-8973-7152310348B7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{D1392E78-D188-463A-895E-EAF3B6DBAFD8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D483B42F-8881-47AF-9515-5D64798C94A8}" = protocol=17 | dir=in | app=c:\users\keksinator\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D6932BF6-67C0-4C11-A0A6-EF160E835DC1}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | 
"{D8BAD76D-67D3-4AFB-B702-9D65A2F317CA}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{D8BCD4A0-E87E-40A8-B5F8-26B259DDD4DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D960BCEB-D4F6-42EA-8650-7D2A74B23312}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D9F4D516-7D20-425A-9E7B-3F596A17C68E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DD5670A1-81C0-4BC0-98AC-4BA75D3CF8FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DDDBB4FC-E666-4155-A617-FAF03362AE23}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{E24FF590-78BF-4CEF-A2E7-727DEAB436DB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{E35E4089-AD65-4505-B278-8E8A40253B92}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp2014mc.exe | 
"{E4B6690B-96FD-4F6D-80FD-63DE40549197}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{E68FA099-D4C3-4374-80B4-B94D2E5F6C8E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | 
"{E82DEF7A-5EB7-40AD-928F-CFC96E1571A4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{E9FCABE9-F3C0-4148-A3C1-3D45E6BC9C1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EA8C0E79-FA4A-4D22-B108-02A026C12D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{EE687812-7F48-4862-AAF5-7F6E685777EC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{F2C2910E-2EF8-4AB5-9C51-652FE18ED3E4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{F306D449-C4F8-4706-9A17-AF337FB3A821}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | 
"{F5B07570-92CD-4228-8930-706DEC463161}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{F67C8E9E-AD37-4837-96C7-06B8CEF53854}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | 
"{F7B74A81-6463-4BE5-B063-4010F139407E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F80C2C93-B9C3-43A3-A66C-67199D445D3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC272043-48D6-4D89-AE3C-AA3EDA989496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FD09BB54-AC99-4641-B817-D9957FFC3290}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"TCP Query User{075F995B-6607-4B8F-B477-1701EE15C3D9}G:\quake 3 - area\quake3.exe" = protocol=6 | dir=in | app=g:\quake 3 - area\quake3.exe | 
"TCP Query User{254F1F02-2C91-4B81-9140-D3FA845E32D6}C:\program files (x86)\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stronghold 3\bin\win32_release\stronghold3.exe | 
"TCP Query User{282B7191-7525-4F22-A4AE-9038EE08A8CA}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{2F9273D8-765D-48AE-86C3-83CCD70F0589}C:\users\keksinator\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\keksinator\appdata\local\temp\rarsfx0\bie_kms.exe | 
"TCP Query User{40050736-847A-4758-8BC8-320EAC15B2E8}C:\users\keksinator\downloads\dreamset236x64\dreamset.exe" = protocol=6 | dir=in | app=c:\users\keksinator\downloads\dreamset236x64\dreamset.exe | 
"TCP Query User{558B9B15-5023-47BA-AEA4-896DC2473891}C:\program files (x86)\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stronghold 3\bin\win32_release\stronghold3.exe | 
"TCP Query User{866B4B13-6038-45CD-980C-CAB9930DC8B3}G:\receiver\dreamset236x64\dreamset.exe" = protocol=6 | dir=in | app=g:\receiver\dreamset236x64\dreamset.exe | 
"TCP Query User{9EAA855F-85AD-47BB-BDCE-90FB41A41A15}C:\users\keksinator\dropbox\receiver\dreamset236x64\dreamset.exe" = protocol=6 | dir=in | app=c:\users\keksinator\dropbox\receiver\dreamset236x64\dreamset.exe | 
"TCP Query User{A082981F-9584-47F5-A27D-73839BE23262}G:\cs 1.6\hl.exe" = protocol=6 | dir=in | app=g:\cs 1.6\hl.exe | 
"TCP Query User{A9DC47DE-598E-4FF2-9AAC-E83EA95AD2BA}C:\windrop\eggdrop.exe" = protocol=6 | dir=in | app=c:\windrop\eggdrop.exe | 
"TCP Query User{C87E8A02-2F0E-461A-A66E-9695A7E0C2CC}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{CEDD2F38-1B1D-47D6-AB5C-A296D0180F0A}G:\weisseradler-script 1.071\weisseradler-script.exe" = protocol=6 | dir=in | app=g:\weisseradler-script 1.071\weisseradler-script.exe | 
"TCP Query User{D67D5DC2-B59E-47F3-84CA-549489555D17}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"TCP Query User{DB1AC5E5-CA17-4C78-90F2-F885E1603D3B}C:\users\keksinator\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\keksinator\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{F0899E6B-44EC-4534-90C0-54A2A9999675}C:\program files (x86)\client\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\client\client.exe | 
"TCP Query User{FE2E4AC6-9DB2-4BB1-870E-5C352D48C18A}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{22A6C42F-CD52-4A8F-80F0-7CE18B63E09E}C:\users\keksinator\dropbox\receiver\dreamset236x64\dreamset.exe" = protocol=17 | dir=in | app=c:\users\keksinator\dropbox\receiver\dreamset236x64\dreamset.exe | 
"UDP Query User{39DAE8E6-A80F-49E7-B6DA-1FA3CA5B4566}C:\users\keksinator\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\keksinator\appdata\local\temp\rarsfx0\bie_kms.exe | 
"UDP Query User{4186AF74-193D-42A2-8391-06FBE2F2F34D}G:\receiver\dreamset236x64\dreamset.exe" = protocol=17 | dir=in | app=g:\receiver\dreamset236x64\dreamset.exe | 
"UDP Query User{56205203-BD2E-4100-91FB-61735E45A07C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{563386F2-48FC-45CF-9957-C512762332EE}C:\program files (x86)\client\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\client\client.exe | 
"UDP Query User{563FB846-E68B-46B7-B1E0-CC102EE0C9EE}G:\weisseradler-script 1.071\weisseradler-script.exe" = protocol=17 | dir=in | app=g:\weisseradler-script 1.071\weisseradler-script.exe | 
"UDP Query User{5E4CCE8B-0B7A-418F-AA7E-56F2EDEFF36F}C:\program files (x86)\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stronghold 3\bin\win32_release\stronghold3.exe | 
"UDP Query User{7980043C-8952-41AE-93EE-DFDAAAFB1FD6}G:\quake 3 - area\quake3.exe" = protocol=17 | dir=in | app=g:\quake 3 - area\quake3.exe | 
"UDP Query User{ADADFC91-770A-458B-8CF6-0D85DE2352A6}C:\program files (x86)\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stronghold 3\bin\win32_release\stronghold3.exe | 
"UDP Query User{CB62DEFE-00ED-4C58-9649-1C2D91C0CB67}C:\users\keksinator\downloads\dreamset236x64\dreamset.exe" = protocol=17 | dir=in | app=c:\users\keksinator\downloads\dreamset236x64\dreamset.exe | 
"UDP Query User{CFAD0D23-BD78-460B-AE82-805C3996D328}G:\cs 1.6\hl.exe" = protocol=17 | dir=in | app=g:\cs 1.6\hl.exe | 
"UDP Query User{D3111A10-C070-4500-9334-B9898BB2914E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{DA26BBBE-5A7B-4A6E-8FC6-85D45F0E57ED}C:\users\keksinator\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\keksinator\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E990D15A-6FAE-4563-BA74-20463E22F00F}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"UDP Query User{F5F299FF-3389-458D-8369-F205673E02DE}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{FEF42626-EF19-4805-84A4-1C31A6C4A4D3}C:\windrop\eggdrop.exe" = protocol=17 | dir=in | app=c:\windrop\eggdrop.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{45DB21FA-B3F4-20D9-A21C-5CDEB23315AC}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}" = HP 3D DriveGuard
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A11B072-9CE7-ABB9-2F65-EC971A7B839D}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics TouchPad Driver
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CDD00EB-1DC3-C181-DB3C-F954B2BDAB6D}" = CCC Help Chinese Standard
"{108069CB-B8B1-4858-82A4-E4BD5A749EFB}" = CCC Help Greek
"{118F296E-18AC-AAC1-78F9-B0FF8279D009}" = Catalyst Control Center Graphics Previews Common
"{166E80E3-7B0C-D22C-3EAE-A66860DF48E7}" = CCC Help Danish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B121E56-4949-83AE-B8A7-9D01EBB7CB29}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F5BCBDC-7C08-FBC2-31B0-1D83C3247CAD}" = CCC Help Dutch
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}" = Need For Speed™ World
"{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41C160D7-9255-A4EB-55FB-FC3D5FE6BED3}" = CCC Help Portuguese
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56709CD7-06E8-B205-56A6-110DC5090A9A}" = PX Profile Update
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A38BA9E-D1B3-E7C2-F3B9-623359AFEDAA}" = CCC Help Thai
"{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager
"{602586CF-6ABD-1DBA-641A-959E5A999861}" = CCC Help Chinese Traditional
"{6146B9DC-C33D-11E2-BDE1-984BE15F174E}" = Evernote v. 4.6.6
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7132DF7E-C237-0D66-77A0-F1F378520605}" = CCC Help Japanese
"{71892F91-1F22-4CC7-9ACC-5F5A530CBCCB}" = Xbox Dvd Menu
"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6
"{751A4ABF-A3BC-AA70-3252-C285F10A265B}" = Catalyst Control Center Localization All
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7A5B032B-CCF0-43BE-D0B9-28FFA0B0B034}" = CCC Help Norwegian
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7F3203C1-25BD-E32E-F470-2332E1AD5EDF}" = Catalyst Control Center Profiles Mobile
"{807CE83D-F17E-5F76-035F-3525EAE8978F}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E719A1-1E6B-B44A-62AC-824E5DDD0415}" = CCC Help Turkish
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core - English
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{949D6B51-10E8-4CD4-A81E-064E38240415}" = Catalyst Control Center - Branding
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9957DA6E-DE8D-0DED-2897-B1F4FBEF300E}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD5C619-D41C-2D47-C2A0-AB02D6C4A7D4}" = CCC Help German
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF405820-19DE-03BA-1B41-0797EA62F213}" = CCC Help Finnish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3CAF031-3289-5C18-149A-C350C0B43D6D}" = Catalyst Control Center InstallProxy
"{B4E7C6D9-8824-147E-721F-004F52D6418E}" = CCC Help Russian
"{BB51D3AF-1115-1676-0D33-CE5BBCCD8B00}" = CCC Help Polish
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BAB8E1-73B4-4DA9-9911-B82C98CCB088}" = SentinelLM 7.2.0.21 Server
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62FA27C-3F19-FC14-424D-F1CEE432604F}" = CCC Help Czech
"{E7F752BB-8B7B-2906-9CD2-8B25CAD7B303}" = CCC Help Spanish
"{E815530E-14D8-E337-3D21-6A1AB5F9DDD9}" = Catalyst Control Center
"{EAFA49E7-56AC-67B2-17E9-75F466884000}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F5307A59-A5A2-C48F-BDD3-6C88E83203A6}" = CCC Help Korean
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFCCF57-5102-C54C-778C-C613EC82F647}" = CCC Help Swedish
"7-Zip" = 7-Zip 9.20
"abgx360" = abgx360 v1.0.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Client" = Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"Foxit Reader_is1" = Foxit Reader
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Lyrics@LyricsContainer.co" = LyricsContainer
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"PuTTY_is1" = PuTTY version 0.62
"Space_Tanks_is1" = Spacetanks Premium V.1.02
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"UnLock Phone" = UnLock Phone 1.3
"UnLock Root" = UnLock Root 3.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Spotify" = Spotify
"Tropico 4" = Tropico 4 1.00
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.07.2013 18:34:24 | Computer Name = Keks-HQ | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 16.07.2013 18:34:24 | Computer Name = Keks-HQ | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 16.07.2013 18:34:24 | Computer Name = Keks-HQ | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 16.07.2013 18:34:24 | Computer Name = Keks-HQ | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 16.07.2013 18:34:24 | Computer Name = Keks-HQ | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 16.07.2013 18:34:24 | Computer Name = Keks-HQ | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 16.07.2013 18:34:24 | Computer Name = Keks-HQ | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 16.07.2013 18:34:24 | Computer Name = Keks-HQ | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 17.07.2013 01:56:42 | Computer Name = Keks-HQ | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2013 01:56:54 | Computer Name = Keks-HQ | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 17.07.2013 04:34:25 | Computer Name = Keks-HQ | Source = SentinelKeysServer | ID = 8
Description = 
 
[ Hewlett-Packard Events ]
Error - 07.05.2013 18:09:55 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 14.05.2013 18:10:25 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 21.05.2013 18:17:01 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 28.05.2013 18:04:27 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 04.06.2013 18:18:44 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 11.06.2013 19:04:16 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 18.06.2013 18:14:33 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 25.06.2013 14:41:12 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 02.07.2013 14:34:18 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 09.07.2013 14:40:55 | Computer Name = Keks-HQ | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 6091  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
[ HP Connection Manager Events ]
Error - 12.07.2013 14:37:28 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/12 20:37:28.902|00001A1C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 13.07.2013 05:26:41 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/13 11:26:41.368|0000034C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 14.07.2013 04:57:27 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/14 10:57:27.647|00000FE4|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 14.07.2013 06:57:20 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/14 12:57:20.078|00000BA4|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 14.07.2013 18:37:56 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/15 00:37:56.480|00000BFC|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 15.07.2013 09:45:29 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/15 15:45:29.624|00000FD0|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 15.07.2013 13:13:46 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/15 19:13:46.102|0000182C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 15.07.2013 18:13:11 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/16 00:13:11.004|00001090|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 16.07.2013 18:34:26 | Computer Name = Keks-HQ | Source = hpCMSrv | ID = 5
Description = 2013/07/17 00:34:26.417|000010A0|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 17.07.2013 04:41:57 | Computer Name = Keks-HQ | Source = hpMobile | ID = 5
Description = 2013.07.17 10:41:57.993|000016E8|Error      |[HP.Mobile]Wlan::UpdateProperties{void()}|Die
 Daten sind unzulässig. (Ausnahme von HRESULT: 0x8007000D)
 
[ HP Software Framework Events ]
Error - 15.05.2012 15:28:33 | Computer Name = Keks-HQ | Source = CaslWmi | ID = 5
Description = 2012.05.15 21:28:33.489|0000137C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 15.05.2012 15:38:15 | Computer Name = Keks-HQ | Source = CaslWmi | ID = 5
Description = 2012.05.15 21:38:15.202|00001A20|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 16.05.2012 13:21:24 | Computer Name = Keks-HQ | Source = CaslWmi | ID = 5
Description = 2012.05.16 19:21:24.522|000013CC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 16.05.2012 18:28:20 | Computer Name = Keks-HQ | Source = CaslWmi | ID = 5
Description = 2012.05.17 00:28:20.193|00000B70|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 17.05.2012 03:45:42 | Computer Name = Keks-HQ | Source = CaslWmi | ID = 5
Description = 2012.05.17 09:45:42.367|000011C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 05.06.2012 14:24:29 | Computer Name = Keks-HQ | Source = CaslSmBios | ID = 5
Description = 2012.06.05 20:24:29.436|0000111C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 05.06.2012 14:26:28 | Computer Name = Keks-HQ | Source = CaslSmBios | ID = 5
Description = 2012.06.05 20:26:28.460|00001820|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 04.08.2012 19:00:23 | Computer Name = Keks-HQ | Source = CaslSmBios | ID = 5
Description = 2012.08.05 01:00:23.080|00000960|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 31.12.2012 11:23:46 | Computer Name = Keks-HQ | Source = CaslSmBios | ID = 5
Description = 2012.12.31 16:23:46.235|00001280|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 28.02.2013 07:03:55 | Computer Name = Keks-HQ | Source = CaslSmBios | ID = 5
Description = 2013.02.28 12:03:55.873|000007EC|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
[ Media Center Events ]
Error - 05.02.2012 15:13:55 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 20:13:55 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 05.02.2012 16:16:32 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 21:16:32 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 11.02.2012 11:21:24 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 16:21:24 - Fehler beim Herstellen der Internetverbindung.  16:21:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 11:21:32 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 16:21:30 - Fehler beim Herstellen der Internetverbindung.  16:21:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 12:21:37 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 17:21:37 - Fehler beim Herstellen der Internetverbindung.  17:21:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 12:21:43 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 17:21:42 - Fehler beim Herstellen der Internetverbindung.  17:21:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 13:21:48 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 18:21:48 - Fehler beim Herstellen der Internetverbindung.  18:21:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 13:21:53 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 18:21:53 - Fehler beim Herstellen der Internetverbindung.  18:21:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 14:21:58 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 19:21:58 - Fehler beim Herstellen der Internetverbindung.  19:21:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 14:22:03 | Computer Name = Keks-HQ | Source = MCUpdate | ID = 0
Description = 19:22:03 - Fehler beim Herstellen der Internetverbindung.  19:22:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 17.07.2013 02:22:36 | Computer Name = Keks-HQ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 17.07.2013 04:41:58 | Computer Name = Keks-HQ | Source = PNRPSvc | ID = 102
Description = 
 
Error - 17.07.2013 04:41:58 | Computer Name = Keks-HQ | Source = PNRPSvc | ID = 102
Description = 
 
Error - 17.07.2013 04:41:58 | Computer Name = Keks-HQ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 17.07.2013 04:41:58 | Computer Name = Keks-HQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 17.07.2013 04:41:58 | Computer Name = Keks-HQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 17.07.2013 04:41:58 | Computer Name = Keks-HQ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 17.07.2013 04:49:32 | Computer Name = Keks-HQ | Source = PNRPSvc | ID = 102
Description = 
 
Error - 17.07.2013 04:49:32 | Computer Name = Keks-HQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 17.07.2013 04:49:32 | Computer Name = Keks-HQ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >

t'john · 21.07.2013, 21:10

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

dann:
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

dann:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

orphus · 22.07.2013, 11:14

Danke für die Antwort!

Hier die Logs:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Keksinator :: KEKS-HQ [Administrator]

21.07.2013 22:32:18
mbam-log-2013-07-21 (22-32-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438342
Laufzeit: 48 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKCR\CLSID\{463B0ED4-8AFA-404B-90E7-4063A0708050} (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{27B2566E-4FC1-48C3-8686-7B283574E83D} (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{D9A613A0-E419-4BF8-80D1-1B21CA6FD76D} (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{463B0ED4-8AFA-404B-90E7-4063A0708050} (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{463B0ED4-8AFA-404B-90E7-4063A0708050} (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{463B0ED4-8AFA-404B-90E7-4063A0708050} (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\Program Files (x86)\LyricsContainer\122.dll (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AETT29GC\LyricsContainer_1060-8001_v122[1] (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Keksinator\AppData\Local\Temp\LyricsContainertmp.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Keksinator\AppData\Local\Temp\is1326335552\LyricsWoofer_1060-2021_v116.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Keksinator\Downloads\Weisseradler-Script 1.071.rar (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\$RECYCLE.BIN\S-1-5-21-1463712896-1720958018-544928618-1000\$R399EEI\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\ISOS\Anno 2070\Anno.2070.Update.1.01-RELOADED\crack\solidcore32.dll (Trojan.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\ISOS\Anno 2070\Installed\solidcore32.dll (Trojan.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\Weisseradler-Script 1.071\Weisseradler-Script.exe (Trojan.Downloader) -> Löschen bei Neustart.

(Ende)

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 21/07/2013 um 23:31:34 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Keksinator - KEKS-HQ
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Keksinator\Downloads\adwcleaner (1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\Tasks\LyricsContainer Update.job
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Freemium
Ordner Gelöscht : C:\Program Files (x86)\LyricsContainer
Ordner Gelöscht : C:\ProgramData\Freemium
Ordner Gelöscht : C:\Users\Keksinator\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Keksinator\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Ordner Gelöscht : C:\Users\Keksinator\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lyrics@LyricsContainer.co
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v8.0.1 (de)

Datei : C:\Users\Keksinator\AppData\Roaming\Mozilla\Firefox\Profiles\fec8z2r0.default\prefs.js

C:\Users\Keksinator\AppData\Roaming\Mozilla\Firefox\Profiles\fec8z2r0.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Keksinator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1773 octets] - [29/04/2013 20:01:40]
AdwCleaner[S1].txt - [1674 octets] - [29/04/2013 20:03:06]
AdwCleaner[S2].txt - [3161 octets] - [21/07/2013 23:31:34]

########## EOF - C:\AdwCleaner[S2].txt - [3221 octets] ##########

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by Keksinator (administrator) on 22-07-2013 12:01:23
Running from C:\Users\Keksinator\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Keksinator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Dropbox, Inc.) C:\Users\Keksinator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Rainbow Technologies, Inc.) C:\Program Files (x86)\Rainbow Technologies\SentinelLM 7.2.0.21 Server\English\lservnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP2014MC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Keksinator\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-31] (Google Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Keksinator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-06] (Spotify Ltd)
MountPoints2: J - J:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {9747b1b6-306d-11e1-850b-2c4138628b11} - J:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Diamondback] - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe [228352 2010-04-28] ()
HKLM-x32\...\Run: [MobileConnect] - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [2499584 2010-03-25] (Vodafone)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-06-14] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Keksinator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {C0B93072-C5B9-4412-9A37-4012A29AE9D3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {C0B93072-C5B9-4412-9A37-4012A29AE9D3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {C0B93072-C5B9-4412-9A37-4012A29AE9D3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-09-02] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Keksinator\AppData\Roaming\Mozilla\Firefox\Profiles\fec8z2r0.default
FF Homepage: hxxp://icewars.de/index.php?action=login&PHPSESSID=ccf8ca5ce8d83209de13de523068a92e
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Keksinator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Keksinator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] C:\Program Files (x86)\LyricsContainer\122.xpi

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Keksinator\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Simple Pass 2011) - C:\Users\Keksinator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Keksinator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Website Logon) - C:\Users\KEKSIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\KEKSIN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-04-02] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-04-02] ()
R2 SentinelLM; C:\Program Files (x86)\Rainbow Technologies\SentinelLM 7.2.0.21 Server\English\lservnt.exe [573440 2004-08-27] (Rainbow Technologies, Inc.)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-05-29] (soft Xpansion)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2010-03-25] (Vodafone)
S2 CHEMCAD System Authorization; "C:\Program Files (x86)\Chemstations\CHEMCAD\sysauth_service.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-07-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-07-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-07-18] (Avira GmbH)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-22] (DT Soft Ltd)
S3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-22 12:01 - 2013-07-22 12:01 - 00000000 ____D C:\FRST
2013-07-21 23:31 - 2013-07-21 23:32 - 00003282 _____ C:\AdwCleaner[S2].txt
2013-07-21 22:29 - 2013-07-21 22:29 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 22:29 - 2013-07-21 22:29 - 00001069 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 22:29 - 2013-07-21 22:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 22:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\Malwarebytes
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 22:25 - 2013-07-21 22:25 - 01779345 _____ (Farbar) C:\Users\Keksinator\Downloads\FRST64 (1).exe
2013-07-21 22:20 - 2013-07-21 22:20 - 01779345 _____ (Farbar) C:\Users\Keksinator\Downloads\FRST64.exe
2013-07-21 22:19 - 2013-07-21 22:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Keksinator\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-07-21 22:19 - 2013-07-21 22:19 - 00666633 _____ C:\Users\Keksinator\Downloads\adwcleaner (1).exe
2013-07-21 22:16 - 2013-07-21 22:16 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Keksinator\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-17 14:32 - 2013-07-17 14:32 - 00442624 _____ C:\Windows\Minidump\071713-27752-01.dmp
2013-07-17 12:30 - 2013-07-17 12:30 - 00009124 _____ C:\Users\Keksinator\Desktop\gmer.log
2013-07-17 10:58 - 2013-07-17 10:58 - 00138820 _____ C:\Users\Keksinator\Desktop\Extras.Txt
2013-07-17 10:57 - 2013-07-17 11:22 - 00138820 _____ C:\Users\Keksinator\Downloads\Extras.Txt
2013-07-17 10:57 - 2013-07-17 11:22 - 00129200 _____ C:\Users\Keksinator\Desktop\OTL.Txt
2013-07-17 10:56 - 2013-07-17 11:10 - 00129200 _____ C:\Users\Keksinator\Downloads\OTL.Txt
2013-07-17 10:47 - 2013-07-17 10:47 - 00000552 _____ C:\Users\Keksinator\Downloads\defogger_disable.log
2013-07-17 10:47 - 2013-07-17 10:47 - 00000168 _____ C:\Users\Keksinator\defogger_reenable
2013-07-17 10:46 - 2013-07-17 10:46 - 00377856 _____ C:\Users\Keksinator\Downloads\gmer_2.1.19163.exe
2013-07-17 10:45 - 2013-07-17 10:45 - 00602112 _____ (OldTimer Tools) C:\Users\Keksinator\Downloads\OTL.exe
2013-07-17 10:45 - 2013-07-17 10:45 - 00050477 _____ C:\Users\Keksinator\Downloads\Defogger.exe
2013-07-16 20:22 - 2013-07-16 20:27 - 00000000 ____D C:\Program Files (x86)\ConTEXT
2013-07-16 20:22 - 2013-07-16 20:22 - 01654328 _____ (ConTEXT Project Ltd                                         ) C:\Users\Keksinator\Downloads\ConTEXTv0_986.exe
2013-07-16 20:22 - 2013-07-16 20:22 - 00000889 _____ C:\Users\Public\Desktop\ConTEXT.lnk
2013-07-16 20:22 - 2013-07-16 20:22 - 00000889 _____ C:\ProgramData\Desktop\ConTEXT.lnk
2013-07-16 20:21 - 2013-07-16 20:21 - 00020759 _____ C:\Users\Keksinator\Downloads\Deutsch.lng
2013-07-16 19:16 - 2013-07-16 19:16 - 00747835 _____ C:\Users\Keksinator\Downloads\moxquizz-0.8.1.tar.tar
2013-07-16 19:02 - 2013-07-21 23:00 - 00000000 ____D C:\Windrop
2013-07-16 18:06 - 2013-07-16 18:07 - 00827570 _____ C:\Users\Keksinator\Downloads\eggdrop1.6.0.tar.gz
2013-07-16 18:02 - 2013-07-16 18:02 - 00263522 _____ C:\Users\Keksinator\Downloads\moxquizz.tcl
2013-07-16 15:22 - 2013-07-16 15:22 - 00001136 _____ C:\Users\Keksinator\Desktop\Weisseradler-Script - Verknüpfung.lnk
2013-07-16 11:24 - 2013-07-16 11:24 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client
2013-07-16 11:24 - 2013-07-16 11:24 - 00000000 ____D C:\Program Files (x86)\Client
2013-07-16 11:24 - 2004-11-30 20:54 - 00037888 _____ (Felix Kaiser) C:\Windows\uninstd0_1.exe
2013-07-16 11:23 - 2013-07-16 11:23 - 00876304 _____ (Microsoft Corporation) C:\Users\Keksinator\Downloads\Client-0.3.1final.exe
2013-07-15 13:41 - 2013-07-15 13:41 - 08849161 _____ C:\Users\Keksinator\Downloads\Management 2013.zip
2013-07-15 13:41 - 2013-07-15 13:41 - 00679936 _____ C:\Users\Keksinator\Downloads\Steinfurt 2013 handout.ppt
2013-07-15 13:41 - 2013-07-15 13:41 - 00002033 _____ C:\Users\Keksinator\Downloads\untitled-[1.2]
2013-07-11 11:37 - 2013-07-11 11:38 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 09:16 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 09:16 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 09:16 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 09:16 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 09:16 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 09:16 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 09:16 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 09:16 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 09:16 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 09:16 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-11 09:16 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 09:16 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 09:16 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 09:16 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 09:16 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 09:16 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 09:16 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 09:16 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 09:16 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 09:16 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-11 09:16 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 09:16 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 09:16 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-11 09:16 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 09:16 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-11 09:16 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-11 09:16 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 09:16 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 09:16 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 09:16 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 09:16 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-11 09:16 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 09:09 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 09:09 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 09:09 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 09:09 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 09:09 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 09:08 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 09:08 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 16:10 - 2013-07-09 16:10 - 00000932 _____ C:\Users\Keksinator\Desktop\Evernote.lnk
2013-07-09 16:10 - 2013-07-09 16:10 - 00000000 ____D C:\Users\KEKSIN~1\AppData\Local\Evernote
2013-07-09 16:10 - 2013-07-09 16:10 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-07-09 16:06 - 2013-07-09 16:07 - 55051616 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Keksinator\Downloads\Evernote_4.6.6.8360.exe
2013-07-05 11:46 - 2013-07-05 11:46 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\dvdcss
2013-07-04 18:06 - 2013-07-04 18:06 - 00000000 ____D C:\Users\KEKSIN~1\AppData\Local\{56CBD944-A49F-4C58-851F-BD2E3788CAAF}

==================== One Month Modified Files and Folders =======

2013-07-22 12:01 - 2013-07-22 12:01 - 00000000 ____D C:\FRST
2013-07-22 12:01 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 12:01 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 11:58 - 2012-04-08 20:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 11:58 - 2011-09-02 10:43 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-22 11:58 - 2011-09-02 10:43 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-22 11:58 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 11:55 - 2012-10-18 11:39 - 00000000 ___RD C:\Users\Keksinator\Dropbox
2013-07-22 11:55 - 2012-10-18 11:37 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\Dropbox
2013-07-22 11:54 - 2013-05-08 23:31 - 00044904 _____ C:\Windows\SysWOW64\lservsta
2013-07-22 11:54 - 2013-05-08 23:27 - 00000087 _____ C:\Windows\SysWOW64\nsprs.tgz
2013-07-22 11:54 - 2013-05-08 23:27 - 00000073 _____ C:\Windows\SysWOW64\nsprs.dll
2013-07-22 11:54 - 2013-05-08 23:27 - 00000017 ____H C:\Windows\SysWOW64\servdat.slm
2013-07-22 11:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 11:54 - 2009-07-14 06:51 - 00148198 _____ C:\Windows\setupact.log
2013-07-22 09:09 - 2011-11-09 12:10 - 01326858 _____ C:\Windows\WindowsUpdate.log
2013-07-21 23:32 - 2013-07-21 23:31 - 00003282 _____ C:\AdwCleaner[S2].txt
2013-07-21 23:25 - 2010-11-21 05:47 - 00565070 _____ C:\Windows\PFRO.log
2013-07-21 23:12 - 2012-08-31 20:04 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000UA.job
2013-07-21 23:11 - 2012-09-25 18:34 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\Skype
2013-07-21 23:00 - 2013-07-16 19:02 - 00000000 ____D C:\Windrop
2013-07-21 22:29 - 2013-07-21 22:29 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 22:29 - 2013-07-21 22:29 - 00001069 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 22:29 - 2013-07-21 22:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\Malwarebytes
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 22:25 - 2013-07-21 22:25 - 01779345 _____ (Farbar) C:\Users\Keksinator\Downloads\FRST64 (1).exe
2013-07-21 22:20 - 2013-07-21 22:20 - 01779345 _____ (Farbar) C:\Users\Keksinator\Downloads\FRST64.exe
2013-07-21 22:19 - 2013-07-21 22:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Keksinator\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-07-21 22:19 - 2013-07-21 22:19 - 00666633 _____ C:\Users\Keksinator\Downloads\adwcleaner (1).exe
2013-07-21 22:16 - 2013-07-21 22:16 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Keksinator\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 19:42 - 2011-12-18 17:28 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{10FFBC28-7DB4-4FD5-BC6A-70CC09B5103D}
2013-07-17 19:12 - 2012-08-31 20:04 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000Core.job
2013-07-17 14:32 - 2013-07-17 14:32 - 00442624 _____ C:\Windows\Minidump\071713-27752-01.dmp
2013-07-17 14:32 - 2011-12-23 21:33 - 00000000 ____D C:\Windows\Minidump
2013-07-17 14:31 - 2011-12-23 21:33 - 1083925614 _____ C:\Windows\MEMORY.DMP
2013-07-17 12:30 - 2013-07-17 12:30 - 00009124 _____ C:\Users\Keksinator\Desktop\gmer.log
2013-07-17 11:22 - 2013-07-17 10:57 - 00138820 _____ C:\Users\Keksinator\Downloads\Extras.Txt
2013-07-17 11:22 - 2013-07-17 10:57 - 00129200 _____ C:\Users\Keksinator\Desktop\OTL.Txt
2013-07-17 11:10 - 2013-07-17 10:56 - 00129200 _____ C:\Users\Keksinator\Downloads\OTL.Txt
2013-07-17 10:58 - 2013-07-17 10:58 - 00138820 _____ C:\Users\Keksinator\Desktop\Extras.Txt
2013-07-17 10:47 - 2013-07-17 10:47 - 00000552 _____ C:\Users\Keksinator\Downloads\defogger_disable.log
2013-07-17 10:47 - 2013-07-17 10:47 - 00000168 _____ C:\Users\Keksinator\defogger_reenable
2013-07-17 10:47 - 2011-12-18 17:02 - 00000000 ____D C:\Users\Keksinator
2013-07-17 10:46 - 2013-07-17 10:46 - 00377856 _____ C:\Users\Keksinator\Downloads\gmer_2.1.19163.exe
2013-07-17 10:45 - 2013-07-17 10:45 - 00602112 _____ (OldTimer Tools) C:\Users\Keksinator\Downloads\OTL.exe
2013-07-17 10:45 - 2013-07-17 10:45 - 00050477 _____ C:\Users\Keksinator\Downloads\Defogger.exe
2013-07-17 10:39 - 2011-09-02 01:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-17 10:38 - 2011-12-27 19:01 - 00000000 ____D C:\Program Files (x86)\Codemasters
2013-07-17 10:36 - 2011-12-27 18:38 - 00000025 _____ C:\Windows\SIERRA.INI
2013-07-17 07:56 - 2012-11-13 21:22 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForKeksinator.job
2013-07-16 20:48 - 2012-11-13 21:22 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKeksinator
2013-07-16 20:27 - 2013-07-16 20:22 - 00000000 ____D C:\Program Files (x86)\ConTEXT
2013-07-16 20:22 - 2013-07-16 20:22 - 01654328 _____ (ConTEXT Project Ltd                                         ) C:\Users\Keksinator\Downloads\ConTEXTv0_986.exe
2013-07-16 20:22 - 2013-07-16 20:22 - 00000889 _____ C:\Users\Public\Desktop\ConTEXT.lnk
2013-07-16 20:22 - 2013-07-16 20:22 - 00000889 _____ C:\ProgramData\Desktop\ConTEXT.lnk
2013-07-16 20:21 - 2013-07-16 20:21 - 00020759 _____ C:\Users\Keksinator\Downloads\Deutsch.lng
2013-07-16 19:16 - 2013-07-16 19:16 - 00747835 _____ C:\Users\Keksinator\Downloads\moxquizz-0.8.1.tar.tar
2013-07-16 18:07 - 2013-07-16 18:06 - 00827570 _____ C:\Users\Keksinator\Downloads\eggdrop1.6.0.tar.gz
2013-07-16 18:02 - 2013-07-16 18:02 - 00263522 _____ C:\Users\Keksinator\Downloads\moxquizz.tcl
2013-07-16 15:22 - 2013-07-16 15:22 - 00001136 _____ C:\Users\Keksinator\Desktop\Weisseradler-Script - Verknüpfung.lnk
2013-07-16 11:38 - 2011-12-27 14:59 - 00000000 ____D C:\Users\KEKSIN~1\AppData\Local\CrashDumps
2013-07-16 11:24 - 2013-07-16 11:24 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client
2013-07-16 11:24 - 2013-07-16 11:24 - 00000000 ____D C:\Program Files (x86)\Client
2013-07-16 11:23 - 2013-07-16 11:23 - 00876304 _____ (Microsoft Corporation) C:\Users\Keksinator\Downloads\Client-0.3.1final.exe
2013-07-15 13:41 - 2013-07-15 13:41 - 08849161 _____ C:\Users\Keksinator\Downloads\Management 2013.zip
2013-07-15 13:41 - 2013-07-15 13:41 - 00679936 _____ C:\Users\Keksinator\Downloads\Steinfurt 2013 handout.ppt
2013-07-15 13:41 - 2013-07-15 13:41 - 00002033 _____ C:\Users\Keksinator\Downloads\untitled-[1.2]
2013-07-14 20:13 - 2012-08-31 20:05 - 00002388 _____ C:\Users\Keksinator\Desktop\Google Chrome.lnk
2013-07-14 10:30 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 19:07 - 2012-08-31 20:04 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000UA
2013-07-12 19:07 - 2012-08-31 20:04 - 00003724 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000Core
2013-07-11 11:38 - 2013-07-11 11:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 11:11 - 2009-07-14 06:45 - 00383824 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 11:10 - 2012-01-12 21:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 11:10 - 2012-01-12 21:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 09:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 09:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 09:21 - 2012-01-07 13:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-09 17:03 - 2012-09-25 18:34 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-07-09 17:03 - 2012-09-25 18:34 - 00002517 _____ C:\ProgramData\Desktop\Skype.lnk
2013-07-09 17:03 - 2012-09-25 18:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-09 17:03 - 2012-09-25 18:34 - 00000000 ____D C:\ProgramData\Skype
2013-07-09 16:11 - 2011-12-18 17:28 - 00000000 ___RD C:\Users\Keksinator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-09 16:10 - 2013-07-09 16:10 - 00000932 _____ C:\Users\Keksinator\Desktop\Evernote.lnk
2013-07-09 16:10 - 2013-07-09 16:10 - 00000000 ____D C:\Users\KEKSIN~1\AppData\Local\Evernote
2013-07-09 16:10 - 2013-07-09 16:10 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-07-09 16:07 - 2013-07-09 16:06 - 55051616 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Keksinator\Downloads\Evernote_4.6.6.8360.exe
2013-07-07 00:10 - 2013-04-23 18:54 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\Spotify
2013-07-06 21:55 - 2013-04-23 18:55 - 00000000 ____D C:\Users\KEKSIN~1\AppData\Local\Spotify
2013-07-06 10:14 - 2011-12-18 17:26 - 00092688 _____ C:\Users\KEKSIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-06 00:19 - 2012-10-03 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-06 00:19 - 2011-12-23 21:16 - 00000000 ____D C:\ProgramData\DivX
2013-07-06 00:19 - 2011-12-23 21:16 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-06 00:18 - 2011-12-23 21:18 - 00000000 ____D C:\Program Files\DivX
2013-07-05 11:49 - 2012-07-22 21:00 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\vlc
2013-07-05 11:46 - 2013-07-05 11:46 - 00000000 ____D C:\Users\Keksinator\AppData\Roaming\dvdcss
2013-07-04 18:06 - 2013-07-04 18:06 - 00000000 ____D C:\Users\KEKSIN~1\AppData\Local\{56CBD944-A49F-4C58-851F-BD2E3788CAAF}
2013-07-04 18:05 - 2012-03-19 23:54 - 00000000 ____D C:\Users\KEKSIN~1\AppData\Local\Windows Live
2013-06-24 19:00 - 2012-12-12 20:09 - 00053760 ___SH C:\Users\Keksinator\Downloads\Thumbs.db
2013-06-24 00:57 - 2011-12-21 23:29 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\piz_0ef.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 13:36

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013
Ran by Keksinator at 2013-07-22 12:02:30
Running from C:\Users\Keksinator\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x32)
abgx360 v1.0.6 (x32)
adcom 802.11 Wireless LAN Adapter (Version: 5.60.48.61)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
ATI Catalyst Install Manager (Version: 3.0.816.0)
AuthenTec TrueAPI (Version: 1.2.1.33)
Avira Free Antivirus (x32 Version: 12.1.9.2400)
Battlefield 3™ (x32 Version: 1.6.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0508.224.2391)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0508.224.2391)
Catalyst Control Center InstallProxy (x32 Version: 2011.0508.224.2391)
Catalyst Control Center Localization All (x32 Version: 2011.0508.224.2391)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0508.224.2391)
CCC Help Chinese Standard (x32 Version: 2011.0508.0223.2391)
CCC Help Chinese Traditional (x32 Version: 2011.0508.0223.2391)
CCC Help Czech (x32 Version: 2011.0508.0223.2391)
CCC Help Danish (x32 Version: 2011.0508.0223.2391)
CCC Help Dutch (x32 Version: 2011.0508.0223.2391)
CCC Help English (x32 Version: 2011.0508.0223.2391)
CCC Help Finnish (x32 Version: 2011.0508.0223.2391)
CCC Help French (x32 Version: 2011.0508.0223.2391)
CCC Help German (x32 Version: 2011.0508.0223.2391)
CCC Help Greek (x32 Version: 2011.0508.0223.2391)
CCC Help Hungarian (x32 Version: 2011.0508.0223.2391)
CCC Help Italian (x32 Version: 2011.0508.0223.2391)
CCC Help Japanese (x32 Version: 2011.0508.0223.2391)
CCC Help Korean (x32 Version: 2011.0508.0223.2391)
CCC Help Norwegian (x32 Version: 2011.0508.0223.2391)
CCC Help Polish (x32 Version: 2011.0508.0223.2391)
CCC Help Portuguese (x32 Version: 2011.0508.0223.2391)
CCC Help Russian (x32 Version: 2011.0508.0223.2391)
CCC Help Spanish (x32 Version: 2011.0508.0223.2391)
CCC Help Swedish (x32 Version: 2011.0508.0223.2391)
CCC Help Thai (x32 Version: 2011.0508.0223.2391)
CCC Help Turkish (x32 Version: 2011.0508.0223.2391)
ccc-utility64 (Version: 2011.0508.224.2391)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
Client (x32)
ConTEXT v0.98.6 (x32)
CyberLink YouCam (x32 Version: 3.5.1.3922)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.1.0236)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diablo III (x32 Version: 1.0.2.9950)
DivX-Setup (x32 Version: 2.6.1.44)
Dropbox (HKCU Version: 2.0.22)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Evernote v. 4.6.6 (x32 Version: 4.6.6.8360)
Foxit Reader (x32 Version: 5.4.5.124)
Google Chrome (HKCU Version: 28.0.1500.72)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.16.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (x32 Version: 4.1.23.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP On Screen Display (x32 Version: 1.1.2)
HP Power Manager (x32 Version: 1.2.3)
HP Quick Launch (x32 Version: 2.6.3)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP SimplePass 2011 (x32 Version: 5.1.0.495)
HP Software Framework (x32 Version: 4.5.10.1)
HP Support Assistant (x32 Version: 6.1.12.1)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.021)
ICQ7.7 (x32 Version: 7.7)
IDT Audio (x32 Version: 1.0.6329.0)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Java(TM) 6 Update 24 (64-bit) (Version: 6.0.240)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Magic Desktop (x32 Version: 3.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaMonkey 4.0 (x32 Version: 4.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32)
Mozilla Firefox 15.0.1 (x86 de) (HKCU Version: 15.0.1)
Mozilla Firefox 8.0.1 (x86 de) (x32 Version: 8.0.1)
Mozilla Thunderbird 15.0.1 (x86 de) (x32 Version: 15.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Need For Speed™ World (x32 Version: 1.0.0.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 9.1.12.73)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.0)
PunkBuster Services (x32 Version: 0.991)
PuTTY version 0.62 (x32 Version: 0.62)
PX Profile Update (x32 Version: 1.00.1.)
Razer Diamondback 3G (x32 Version: 5.01)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.74)
Recovery Manager (x32 Version: 2.0.0)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
SentinelLM 7.2.0.21 Server (x32)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Spacetanks Premium V.1.02 (x32)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Stronghold 3 (c) THQ version 1 (x32 Version: 1)
Synaptics TouchPad Driver (Version: 15.3.29.0)
Tropico 4 1.00 (HKCU Version: 1.00)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
UnLock Phone 1.3 (x32 Version: 1.3)
UnLock Root 3.1 (x32 Version: 3.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Validity WBF DDK (Version: 4.3.118.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69)
VLC media player 2.0.2 (Version: 2.0.2)
Vodafone Mobile Connect Lite (x32 Version: 9.4.9.22273)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR (x32)
Xbox Dvd Menu (x32 Version: 1.0.0)

==================== Restore Points  =========================

18-07-2013 22:13:27 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F93B1C2-1A40-4CA2-B0AA-AE19A737038D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {141A0CBA-25F8-492B-9AB5-62DD3ADFFA9B} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-KEKS-HQ => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {436621EC-C50B-47E2-B4E7-06384C8725A7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {617AF4AF-8074-4324-BB77-9C29B3769403} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {69B69782-1CD4-48C2-886A-B0C045F05856} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {785B9D71-FB95-4C83-A346-95A6B07D7894} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {7A1F9795-EE81-41CC-BFB7-95F2B62B407A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000Core => C:\Users\Keksinator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {8AAC3231-5620-4233-8DC1-5AF816D8E38B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {9B5D54B6-619D-4414-A5EE-F897F5034BBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {A0CBE787-3AFE-4F60-826B-7BEB66F03666} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-10-09] (Microsoft)
Task: {A57B5513-40B1-43C5-8C85-5D8A7E787739} - System32\Tasks\User_Feed_Synchronization-{10FFBC28-7DB4-4FD5-BC6A-70CC09B5103D} => C:\Windows\system32\msfeedssync.exe [2011-11-09] (Microsoft Corporation)
Task: {A7FF7AD9-3221-49EC-8367-0F0F8F56E46F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {AF1F9AE5-8C0C-4D0C-B9A8-75B2D66D55BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {B5F93433-0F85-4819-A178-6E0C0AA489AE} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File
Task: {BF080650-3240-4D6A-BF3A-5D023AC05EC9} - System32\Tasks\HPCeeScheduleForKeksinator => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E9A81918-3C71-4BE8-9EDD-8126343CCD7A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {F27A274A-92F0-438C-9FA4-C3859BD0EF23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {F2991225-5FD1-4B17-850C-6A3CA99700F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000UA => C:\Users\Keksinator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000Core.job => C:\Users\Keksinator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463712896-1720958018-544928618-1000UA.job => C:\Users\Keksinator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKeksinator.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2013 11:54:46 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (07/22/2013 11:54:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2013 09:09:24 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/22/2013 08:53:38 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (07/22/2013 08:53:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 11:59:48 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/21/2013 11:54:59 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (07/21/2013 11:54:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 11:31:38 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/21/2013 11:26:05 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (07/22/2013 11:55:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/22/2013 11:55:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/22/2013 11:55:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/22/2013 11:55:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/22/2013 11:55:20 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (07/22/2013 11:55:20 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (07/22/2013 11:55:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/22/2013 11:55:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/22/2013 11:55:10 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (07/22/2013 11:54:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CHEMCAD System Authorization" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (07/22/2013 11:54:46 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (07/22/2013 11:54:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2013 09:09:24 AM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/22/2013 08:53:38 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (07/22/2013 08:53:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 11:59:48 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/21/2013 11:54:59 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (07/21/2013 11:54:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 11:31:38 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/21/2013 11:26:05 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue


CodeIntegrity Errors:
===================================
  Date: 2012-07-23 21:34:58.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIOB886.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-23 21:34:58.931
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIOB886.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-23 21:29:59.436
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIO2693.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-23 21:29:59.436
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIO2693.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-23 21:18:57.099
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIOB56.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-23 21:18:57.084
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIOB56.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 22:38:41.899
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIO82D7.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 22:38:41.889
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIO82D7.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 22:37:09.609
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIOFA57.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 22:37:09.599
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\KEKSIN~1\AppData\Local\Temp\PIOFA57.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 6091.86 MB
Available physical RAM: 3822.22 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 9503.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.22 GB) (Free:128.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.87 GB) (Free:15.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Unterhaltung) (Fixed) (Total:136.72 GB) (Free:16.48 GB) NTFS
Drive g: (Daten) (Fixed) (Total:79.65 GB) (Free:59.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FA5300E9)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=231 GB) - (Type=42)
Partition 4: (Not Active) - (Size=234 GB) - (Type=42)

==================== End Of Log ============================

t'john · 22.07.2013, 16:32

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\piz_0ef.pad

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

dann:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

orphus · 22.07.2013, 19:48

Erledigt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by Keksinator at 2013-07-22 20:40:52 Run:1
Running from C:\Users\Keksinator\Downloads
Boot Mode: Normal
==============================================

C:\ProgramData\piz_0ef.pad => Moved successfully.

==== End of Fixlog ====

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.0 (07.21.2013:1)
OS: Windows 7 Home Premium x64
Ran by Keksinator on 22.07.2013 at 20:42:45,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{069EFC24-6BBA-45CD-895D-30984B17476E}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{0CE87485-957D-4F06-B778-21E0AEF61F57}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{0D746BCD-D6B1-43C3-B828-3941036FADB0}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{0D9D17E5-4F62-4E1F-B02A-7F533810771C}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{0FC94852-0144-482D-9A14-3E5A896C0A00}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{128ADF07-24FF-41C5-9F9B-A58E647BC3CF}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{16B0FE19-F804-4592-8C69-C80A3F368D18}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{1ECCFFB0-1DF0-4538-8E5C-A78EF7B34A64}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{1FD62FBF-F0A9-418B-89D7-CF07D3EA9A15}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{29DBD100-DE30-48BB-B9D0-EE1D8DF677F1}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{2E45FF11-331D-4728-8834-D34FF9CAB756}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{33B1BA94-963D-4110-88B1-B2EE40B6E348}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{3645A775-AB44-49C7-B838-71D627445D74}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{39F804ED-B27B-4307-AB8E-EC74A5A178C8}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{44F4C72C-9E19-4759-9203-7F38438D5F54}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{45D8894B-40F7-4751-8029-804FDDED94AB}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{482EE58D-9710-450F-A21F-2A7DF5DF4F7B}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{4B38789A-84EA-4D2E-8D05-A94B4FDDDC14}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{55D9F5F3-6B3B-4CFC-8D55-36050E8F0C5A}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{567F7C1F-8DC9-43AE-BF9D-472FE98D716B}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{56CBD944-A49F-4C58-851F-BD2E3788CAAF}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{5D0BB2B8-5CF0-401D-8F7E-F8AF728105B7}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{66835321-D7A6-45C8-9988-C29DF985E135}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{67CBB081-4CD2-4C5C-A983-34E13DD77E98}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{68F7E093-212C-4F67-BCE9-13340B08FB0F}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{6DCD78F8-24AD-4087-822D-888832BCF2B2}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{72221CB6-2834-4FE5-977D-98C632FD5E7B}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{751C08DD-AF36-4A41-9193-DF67186A619B}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{75D080C4-A464-451C-BA9B-D4DC79460FAF}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{76017F35-A069-4278-8199-9B8D97BC1F9C}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{7DB7D2A0-3EFD-440F-A0A9-F4FB7E75F296}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{80CA69D5-F759-4DFD-8EF4-C1B39572B92A}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{816D6D0A-1505-4B8F-A222-9A33982E679A}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{82ED4D66-E4DA-47A6-8F9D-814CBA959AE0}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{871E0821-83EA-4A3F-9878-0A8F7183B643}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{884DCB05-90BB-4743-9264-375139AFDA1D}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{8DCBE172-4F41-4263-B3D9-14F8F2049626}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{8E0446E7-44E8-476D-BD40-D28279D27249}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{9546B013-DF4C-4935-B0A6-C55620857BDC}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{98A9051D-25A9-4367-85D3-DAFDD9398846}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{9A832843-517C-4FC3-8475-42BE5FFD10C4}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{9CB1DB08-B427-43AC-BA0E-47E19C04E41D}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{9E5F2219-9BF1-4853-8AB5-BCB365243B80}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{A36B6DCB-6C8A-41CC-8003-110C2971B1E3}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{A39C58F6-9FAF-4A6B-8572-B537875E4E96}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{B0C5CF97-07F5-4600-BFDA-6D7028844BFE}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{B0D65236-3F88-48A1-B502-0B8A3D0DC1B9}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{B4863B21-E71F-4BF7-BB30-3B2FAAFAB0F8}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{BB5F9E42-3D08-464B-A90F-26BC180DD705}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{BBE2A81A-F17B-4191-B6D2-CF4380692BEB}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{C0985438-1F8F-4225-857A-68214208A9A8}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{C519D00D-E6DE-49E9-96AF-6DBC4EACD776}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{CB38D52D-54DA-4351-A3B9-45FF50928198}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{CEDB8439-1651-43C1-B19C-7E02351D0C6E}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{D05E1576-F8C6-43EB-84D7-E85E4D623106}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{ECC10899-F631-4BE9-BA10-6551D41DDFE6}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{EE03596C-77AB-4110-9AC7-A218343435D4}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{EE590A7B-F0EB-425E-BD09-D78C5849017C}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{F0F2E1A3-CE9B-4623-ADB3-5DBF9AC463B0}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{F7098F88-5B2D-42B7-B62E-9FCC8BB581B6}
Successfully deleted: [Empty Folder] C:\Users\Keksinator\appdata\local\{FF560C4D-94C5-4947-85AB-F41443E436BE}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\lyrics@lyricscontainer.co
Emptied folder: C:\Users\Keksinator\AppData\Roaming\mozilla\firefox\profiles\fec8z2r0.default\minidumps [168 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2013 at 20:46:23,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

t'john · 23.07.2013, 16:40

Sehr gut!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

danach:

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

orphus · 25.07.2013, 19:50

immernoch viel gefunden -.-

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=63da67538f65ba409093e1f633f69bc1
# engine=14515
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-24 03:27:53
# local_time=2013-07-24 05:27:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 66584 240102963 59370 0
# compatibility_mode=5893 16776574 100 94 1151333 126309523 0 0
# scanned=207689
# found=8
# cleaned=0
# scan_time=5060
sh=A38AE3C461A302534A0DE0E694B57C3A200B54A6 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Documents and Settings\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm"
sh=407837A1D9ADA53A32EC954E31C739C5DAD3AC94 ft=1 fh=d6417535bd706cba vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Documents and Settings\Keksinator\AppData\Local\Temp\OptimizerPro.exe"
sh=32B55D23CF438EF4C9C90DC255F75C4096C5FAC0 ft=1 fh=9312da09e9483fc9 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Documents and Settings\Keksinator\Downloads\Die_Croods.exe"
sh=E9EF52A669E040327035ED8CD1147004EAD8A482 ft=1 fh=6c92ac8d837c0e60 vn="Win32/Adware.1ClickDownload.AI application" ac=I fn="C:\Documents and Settings\Keksinator\Downloads\gi_joe.exe"
sh=A38AE3C461A302534A0DE0E694B57C3A200B54A6 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm"
sh=407837A1D9ADA53A32EC954E31C739C5DAD3AC94 ft=1 fh=d6417535bd706cba vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\Keksinator\AppData\Local\Temp\OptimizerPro.exe"
sh=32B55D23CF438EF4C9C90DC255F75C4096C5FAC0 ft=1 fh=9312da09e9483fc9 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\Keksinator\Downloads\Die_Croods.exe"
sh=E9EF52A669E040327035ED8CD1147004EAD8A482 ft=1 fh=6c92ac8d837c0e60 vn="Win32/Adware.1ClickDownload.AI application" ac=I fn="C:\Users\Keksinator\Downloads\gi_joe.exe"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=63da67538f65ba409093e1f633f69bc1
# engine=14521
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-25 12:26:39
# local_time=2013-07-25 02:26:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 55700 240178489 48489 0
# compatibility_mode=5893 16776574 100 94 1226859 126385049 0 0
# scanned=320136
# found=8
# cleaned=0
# scan_time=15067
sh=A38AE3C461A302534A0DE0E694B57C3A200B54A6 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Documents and Settings\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm"
sh=407837A1D9ADA53A32EC954E31C739C5DAD3AC94 ft=1 fh=d6417535bd706cba vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Documents and Settings\Keksinator\AppData\Local\Temp\OptimizerPro.exe"
sh=32B55D23CF438EF4C9C90DC255F75C4096C5FAC0 ft=1 fh=9312da09e9483fc9 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Documents and Settings\Keksinator\Downloads\Die_Croods.exe"
sh=E9EF52A669E040327035ED8CD1147004EAD8A482 ft=1 fh=6c92ac8d837c0e60 vn="Win32/Adware.1ClickDownload.AI application" ac=I fn="C:\Documents and Settings\Keksinator\Downloads\gi_joe.exe"
sh=A38AE3C461A302534A0DE0E694B57C3A200B54A6 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm"
sh=407837A1D9ADA53A32EC954E31C739C5DAD3AC94 ft=1 fh=d6417535bd706cba vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\Keksinator\AppData\Local\Temp\OptimizerPro.exe"
sh=32B55D23CF438EF4C9C90DC255F75C4096C5FAC0 ft=1 fh=9312da09e9483fc9 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\Keksinator\Downloads\Die_Croods.exe"
sh=E9EF52A669E040327035ED8CD1147004EAD8A482 ft=1 fh=6c92ac8d837c0e60 vn="Win32/Adware.1ClickDownload.AI application" ac=I fn="C:\Users\Keksinator\Downloads\gi_joe.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 22  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Mozilla Firefox (8.0.1) 
 Mozilla Thunderbird 15.0.1 Thunderbird out of Date!  
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

t'john · 26.07.2013, 18:15

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Documents and Settings\Keksinator\AppData\Local\Temp\OptimizerPro.exe
C:\Documents and Settings\Keksinator\Downloads\Die_Croods.exe
C:\Documents and Settings\Keksinator\Downloads\gi_joe.exe
C:\Users\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm
C:\Users\Keksinator\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Keksinator\Downloads\Die_Croods.exe
C:\Users\Keksinator\Downloads\gi_joe.exe
C:\Documents and Settings\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm
C:\Documents and Settings\Keksinator\AppData\Local\Temp\OptimizerPro.exe
C:\Documents and Settings\Keksinator\Downloads\Die_Croods.exe
C:\Documents and Settings\Keksinator\Downloads\gi_joe.exe
C:\Users\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm
C:\Users\Keksinator\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Keksinator\Downloads\Die_Croods.exe
C:\Users\Keksinator\Downloads\gi_joe.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

dann:
Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Deinstalieren:
Java(TM) 6 Update 22

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html

orphus · 26.07.2013, 20:25

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by Keksinator at 2013-07-26 20:41:32 Run:2
Running from C:\Users\Keksinator\Downloads
Boot Mode: Normal
==============================================

C:\Documents and Settings\Keksinator\AppData\Local\Temp\OptimizerPro.exe => Moved successfully.
C:\Documents and Settings\Keksinator\Downloads\Die_Croods.exe => Moved successfully.
C:\Documents and Settings\Keksinator\Downloads\gi_joe.exe => Moved successfully.
C:\Users\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm => Moved successfully.
"C:\Users\Keksinator\AppData\Local\Temp\OptimizerPro.exe" => File/Directory not found.
"C:\Users\Keksinator\Downloads\Die_Croods.exe" => File/Directory not found.
"C:\Users\Keksinator\Downloads\gi_joe.exe" => File/Directory not found.
"C:\Documents and Settings\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm" => File/Directory not found.
"C:\Documents and Settings\Keksinator\AppData\Local\Temp\OptimizerPro.exe" => File/Directory not found.
"C:\Documents and Settings\Keksinator\Downloads\Die_Croods.exe" => File/Directory not found.
"C:\Documents and Settings\Keksinator\Downloads\gi_joe.exe" => File/Directory not found.
"C:\Users\Keksinator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2XJVHQ\pcperformer-st2-de[1].htm" => File/Directory not found.
"C:\Users\Keksinator\AppData\Local\Temp\OptimizerPro.exe" => File/Directory not found.
"C:\Users\Keksinator\Downloads\Die_Croods.exe" => File/Directory not found.
"C:\Users\Keksinator\Downloads\gi_joe.exe" => File/Directory not found.

==== End of Fixlog ====

Chrome 28.0.1500.72 ist aktuell
Flash (11,8,800,97) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.
Adobe Reader ist nicht installiert oder aktiviert

t'john · 28.07.2013, 18:06

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

t'john · 23.10.2013, 12:51

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Popups mit Sicherheitswarnung beim Surfen

Log-Analyse und Auswertung: Popups mit Sicherheitswarnung beim Surfen