GVU - olt.txt auswertung

Ruptin · 23.07.2013, 23:07

hi...

bekanntes problem - der gvu trojaner

bitte euch um hilfe
der rechner is vermutlich eh verseucht

, aber der gvu hindert mich an der nutzung xD

hier die otl.txt

Code:

ATTFilter

OTL logfile created on: 7/24/2013 12:18:10 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = J: | %SystemRoot% = J:\Windows | %ProgramFiles% = J:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 2794.52 Gb Total Space | 2409.52 Gb Free Space | 86.22% Space Free | Partition Type: NTFS
Drive J: | 456.92 Gb Total Space | 337.18 Gb Free Space | 73.79% Space Free | Partition Type: NTFS
Drive K: | 456.92 Gb Total Space | 385.33 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- J:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/07 04:54:58 | 001,455,408 | ---- | M] () [Auto] -- J:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013/01/29 09:28:02 | 000,188,760 | ---- | M] () [Auto] -- J:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV:64bit: - [2012/04/21 10:14:56 | 000,289,280 | ---- | M] (Works Ltd.) [Auto] -- J:\Windows\System32\aptwadhhv.dll -- (LanmanWorkstation)
SRV:64bit: - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto] -- J:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- J:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/05 21:04:02 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto] -- J:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/05 21:04:02 | 000,199,032 | ---- | M] (McAfee, Inc.) [Auto] -- J:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/05 21:04:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto] -- J:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2013/05/23 05:09:59 | 002,827,728 | ---- | M] () [Auto] -- J:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- J:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/02 15:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto] -- J:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- J:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- J:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- J:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/12 11:32:13 | 000,075,136 | ---- | M] () [Auto] -- J:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/05 21:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- J:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 03:39:42 | 000,289,544 | ---- | M] () [Auto] -- J:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2012/05/08 10:48:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- J:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 10:48:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- J:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/15 08:47:07 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto] -- J:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011/04/15 08:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto] -- J:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2011/03/01 15:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- J:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 04:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- J:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/01 01:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- J:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 01:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto] -- J:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand] -- J:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/09/13 12:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- J:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto] -- J:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto] -- J:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- J:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- J:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/07 09:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto] -- J:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- J:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/13 08:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/05/08 10:48:59 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- J:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 10:48:59 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- J:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/11/26 13:44:36 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System] -- J:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/19 11:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- J:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/03/23 13:41:02 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- J:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/03/23 13:41:02 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System] -- J:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/03/23 13:41:02 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- J:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/12 03:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/21 02:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/03/25 19:36:39 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/01/05 21:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- J:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/05 21:04:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/05 21:04:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- J:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/05 21:04:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/05 21:04:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/05 21:04:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/05 21:04:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- J:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/05 21:04:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/07/07 09:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- J:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 09:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- J:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- J:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/04/16 09:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- J:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\anwender_ON_J\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=0A65F80F4119EDAE
IE - HKU\anwender_ON_J\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\anwender_ON_J\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\anwender_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\anwender_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Gast_ON_J\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\Gast_ON_J\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\Gast_ON_J\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\Gast_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: J:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: J:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: J:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: J:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: J:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: J:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: J:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: J:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: J:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: J:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: J:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: J:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: J:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: J:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: J:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: J:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: J:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: J:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: J:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/02/27 13:04:08 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/02/27 13:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013/02/27 13:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/15 13:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013/02/27 13:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/15 13:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/15 07:09:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\happylyrics@hpyproductions.net: C:\Program Files (x86)\HappyLyrics\FF\ [2013/06/15 06:23:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/05/02 15:21:44 | 000,037,909 | ---- | M] ()
 
[2012/10/15 13:12:59 | 000,000,000 | ---D | M] (No name found) -- J:\Users\anwender\AppData\Roaming\Mozilla\Extensions
[2013/06/15 06:23:23 | 000,000,000 | ---D | M] (No name found) -- J:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/08 08:14:33 | 000,000,000 | ---D | M] (No name found) -- J:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/07/08 08:14:33 | 000,000,000 | ---D | M] (Yontoo) -- J:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
[2013/06/15 06:23:48 | 000,000,000 | ---D | M] (No name found) -- J:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\extensions
[2013/06/15 06:23:49 | 000,000,000 | ---D | M] (Wajam) -- J:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
[2013/06/15 06:23:31 | 000,000,000 | ---D | M] (Delta Toolbar) -- J:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\extensions\ffxtlbr@delta.com
[2013/06/15 06:23:31 | 000,000,000 | ---D | M] (No name found) -- J:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/15 06:23:31 | 000,000,000 | ---D | M] (No name found) -- J:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/09/05 21:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- J:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 22:07:37 | 000,001,392 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/17 05:00:17 | 000,002,310 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/05 22:07:37 | 000,002,465 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 22:07:37 | 000,001,153 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/05 22:07:37 | 000,006,805 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/05 22:07:37 | 000,001,178 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/05 22:07:37 | 000,001,105 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - J:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - J:\Users\anwender\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - J:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - J:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110323101908.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - J:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - J:\Users\anwender\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - J:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - J:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - J:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Happy Lyrics) - {59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - J:\Program Files (x86)\HappyLyrics\hppylrc.dll (Happy Productions)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - J:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - J:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110323101908.dll (McAfee, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - J:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - J:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - J:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - J:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - J:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - J:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - J:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - J:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - J:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - J:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - J:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\anwender_ON_J\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - J:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] J:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Cisco Systems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] J:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] J:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] J:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] J:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] J:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [DivXUpdate] J:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] J:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] J:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] J:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] J:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [nmctxth] J:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] J:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] J:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SweetIM] J:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] J:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\anwender_ON_J..\Run: [capmasxihyzu] J:\Users\anwender\capmasxihyzu.exe ()
O4 - HKU\anwender_ON_J..\Run: [DAEMON Tools Pro Agent] J:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\anwender_ON_J..\Run: [Facebook Update] J:\Users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\anwender_ON_J..\Run: [PCSpeedUp] J:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe ()
O4 - HKU\anwender_ON_J..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] J:\Users\anwender\AppData\Local\Temp\giunxuxepjofverut.exe (Cisco Systems, Inc.)
O4 - HKU\anwender_ON_J..\Run: [Steam]  File not found
O4 - HKU\LocalService_ON_J..\Run: [Sidebar] J:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_J..\Run: [Sidebar] J:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_J..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_J..\RunOnce: [mctadmin]  File not found
O4 - Startup: J:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: J:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ()
O4 - Startup: J:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\anwender_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Translate this web page with Babylon - J:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - J:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Web-Suche - J:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O8 - Extra context menu item: Translate this web page with Babylon - J:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - J:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Web-Suche - J:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} -  File not found
O9 - Extra 'Tools' menuitem : WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} -  File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - J:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - J:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - J:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - J:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - J:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - J:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - J:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - J:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/25 12:05:32 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 14:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ace789d1-1854-11e1-a9f1-f80f4119edae}\Shell - "" = AutoRun
O33 - MountPoints2\{ace789d1-1854-11e1-a9f1-f80f4119edae}\Shell\AutoRun\command - "" = L:\Setup.bat
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/19 14:48:36 | 000,000,000 | ---D | C] -- J:\Users\anwender\AppData\Roaming\Lyquma
[2013/07/19 14:48:36 | 000,000,000 | ---D | C] -- J:\Users\anwender\AppData\Roaming\Fage
[2013/07/19 14:48:36 | 000,000,000 | ---D | C] -- J:\Users\anwender\AppData\Roaming\Cayhna
[2013/07/16 11:10:08 | 002,877,440 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\jscript9.dll
[2013/07/16 11:10:08 | 001,054,720 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\MsSpellCheckingFacility.exe
[2013/07/16 11:10:08 | 000,719,360 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\mshtmlmedia.dll
[2013/07/16 11:10:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\jscript.dll
[2013/07/16 11:10:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\msfeeds.dll
[2013/07/16 11:10:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\ieui.dll
[2013/07/16 11:10:08 | 000,226,304 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\elshyph.dll
[2013/07/16 11:10:08 | 000,185,344 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\elshyph.dll
[2013/07/16 11:10:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\msrating.dll
[2013/07/16 11:10:08 | 000,158,720 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\msls31.dll
[2013/07/16 11:10:08 | 000,150,528 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\iexpress.exe
[2013/07/16 11:10:08 | 000,138,752 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\wextract.exe
[2013/07/16 11:10:08 | 000,137,216 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\ieUnatt.exe
[2013/07/16 11:10:08 | 000,125,440 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\occache.dll
[2013/07/16 11:10:08 | 000,117,248 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\iepeers.dll
[2013/07/16 11:10:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\IEAdvpack.dll
[2013/07/16 11:10:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\iesysprep.dll
[2013/07/16 11:10:08 | 000,082,432 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\inseng.dll
[2013/07/16 11:10:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\mshtmled.dll
[2013/07/16 11:10:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/07/16 11:10:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/16 11:10:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\pngfilt.dll
[2013/07/16 11:10:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\mshtmler.dll
[2013/07/16 11:10:08 | 000,038,400 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\imgutil.dll
[2013/07/16 11:10:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\msfeedssync.exe
[2013/07/16 11:10:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\jscript9.dll
[2013/07/16 11:10:07 | 001,509,376 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\inetcpl.cpl
[2013/07/16 11:10:07 | 001,441,280 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\inetcpl.cpl
[2013/07/16 11:10:07 | 001,400,416 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\ieapfltr.dat
[2013/07/16 11:10:07 | 001,400,416 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ieapfltr.dat
[2013/07/16 11:10:07 | 000,905,728 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\mshtmlmedia.dll
[2013/07/16 11:10:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\jscript.dll
[2013/07/16 11:10:07 | 000,762,368 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ieapfltr.dll
[2013/07/16 11:10:07 | 000,629,248 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\ieapfltr.dll
[2013/07/16 11:10:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\msfeeds.dll
[2013/07/16 11:10:07 | 000,599,552 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\vbscript.dll
[2013/07/16 11:10:07 | 000,526,336 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ieui.dll
[2013/07/16 11:10:07 | 000,452,096 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\dxtmsft.dll
[2013/07/16 11:10:07 | 000,441,856 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\html.iec
[2013/07/16 11:10:07 | 000,361,984 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\html.iec
[2013/07/16 11:10:07 | 000,357,888 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\dxtmsft.dll
[2013/07/16 11:10:07 | 000,281,600 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\dxtrans.dll
[2013/07/16 11:10:07 | 000,235,008 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\url.dll
[2013/07/16 11:10:07 | 000,232,960 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\url.dll
[2013/07/16 11:10:07 | 000,226,816 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\dxtrans.dll
[2013/07/16 11:10:07 | 000,216,064 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\msls31.dll
[2013/07/16 11:10:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\msrating.dll
[2013/07/16 11:10:07 | 000,173,568 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ieUnatt.exe
[2013/07/16 11:10:07 | 000,167,424 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\iexpress.exe
[2013/07/16 11:10:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\occache.dll
[2013/07/16 11:10:07 | 000,144,896 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\wextract.exe
[2013/07/16 11:10:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\iesysprep.dll
[2013/07/16 11:10:07 | 000,136,192 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\iepeers.dll
[2013/07/16 11:10:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\IEAdvpack.dll
[2013/07/16 11:10:07 | 000,102,912 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\inseng.dll
[2013/07/16 11:10:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\mshtmled.dll
[2013/07/16 11:10:07 | 000,092,160 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\SetIEInstalledDate.exe
[2013/07/16 11:10:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/16 11:10:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\icardie.dll
[2013/07/16 11:10:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\tdc.ocx
[2013/07/16 11:10:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\icardie.dll
[2013/07/16 11:10:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\iesetup.dll
[2013/07/16 11:10:07 | 000,062,976 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\pngfilt.dll
[2013/07/16 11:10:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\tdc.ocx
[2013/07/16 11:10:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\iesetup.dll
[2013/07/16 11:10:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ie4uinit.exe
[2013/07/16 11:10:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\imgutil.dll
[2013/07/16 11:10:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\mshtmler.dll
[2013/07/16 11:10:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\iernonce.dll
[2013/07/16 11:10:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\iernonce.dll
[2013/07/16 11:10:07 | 000,027,648 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\licmgr10.dll
[2013/07/16 11:10:07 | 000,023,040 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\licmgr10.dll
[2013/07/16 11:10:07 | 000,013,824 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\mshta.exe
[2013/07/16 11:10:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\msfeedssync.exe
[2013/07/11 08:51:27 | 000,624,128 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\qedit.dll
[2013/07/11 08:51:26 | 001,887,744 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\WMVDECOD.DLL
[2013/07/11 08:51:26 | 001,620,480 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/11 08:51:26 | 000,509,440 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\qedit.dll
[2013/07/11 08:51:12 | 001,643,520 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\DWrite.dll
[2013/07/11 08:51:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\DWrite.dll
[2013/07/11 07:12:39 | 000,000,000 | ---D | C] -- J:\Users\anwender\Documents\BewerbungsMaster
[2013/07/11 07:12:39 | 000,000,000 | ---D | C] -- J:\ProgramData\BewerbungsMaster
[2013/07/11 07:12:34 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
[2013/07/11 07:11:55 | 000,000,000 | ---D | C] -- J:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
[2013/07/11 07:11:48 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\BEWERBUNGSMASTER
[2013/07/11 07:11:43 | 000,266,240 | ---- | C] (Microsoft Corporation) -- J:\Windows\Setup1.exe
[2013/07/11 07:11:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- J:\Windows\ST6UNST.EXE
[2013/07/08 18:42:20 | 000,000,000 | ---D | C] -- J:\Windows\SysWow64\searchplugins
[2013/07/08 18:42:20 | 000,000,000 | ---D | C] -- J:\Windows\SysWow64\Extensions
[2013/07/05 15:35:25 | 000,000,000 | ---D | C] -- J:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2013/07/05 15:33:50 | 000,000,000 | ---D | C] -- J:\Users\anwender\Documents\PCSpeedUp
[2013/07/05 15:33:44 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Beschleunigen
[2013/07/05 15:33:44 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\PC Beschleunigen
[2013/07/02 06:40:03 | 000,000,000 | ---D | C] -- J:\Users\anwender\Desktop\Bewerbungen
[1 J:\Users\anwender\Desktop\*.tmp files -> J:\Users\anwender\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/19 17:00:57 | 000,067,584 | --S- | M] () -- J:\Windows\bootstat.dat
[2013/07/19 17:00:48 | 000,000,394 | ---- | M] () -- J:\Windows\tasks\Happy Lyrics Update.job
[2013/07/19 16:58:55 | 000,001,110 | ---- | M] () -- J:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/19 16:58:15 | 2133,327,871 | -HS- | M] () -- J:\hiberfil.sys
[2013/07/19 16:39:25 | 000,016,752 | -H-- | M] () -- J:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 16:39:25 | 000,016,752 | -H-- | M] () -- J:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 14:48:30 | 000,163,029 | ---- | M] () -- J:\ProgramData\2433f433
[2013/07/19 14:48:30 | 000,163,003 | ---- | M] () -- J:\Users\anwender\AppData\Roaming\2433f433
[2013/07/19 14:48:30 | 000,162,989 | ---- | M] () -- J:\Users\anwender\AppData\Local\2433f433
[2013/07/19 14:23:00 | 000,000,940 | ---- | M] () -- J:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA.job
[2013/07/19 14:13:04 | 000,001,114 | ---- | M] () -- J:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/18 17:24:39 | 000,000,366 | ---- | M] () -- J:\Windows\tasks\PC SpeedUp Service Deactivator.job
[2013/07/18 08:23:00 | 000,000,918 | ---- | M] () -- J:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core.job
[2013/07/16 11:10:08 | 002,877,440 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\jscript9.dll
[2013/07/16 11:10:08 | 001,054,720 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\MsSpellCheckingFacility.exe
[2013/07/16 11:10:08 | 000,719,360 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\mshtmlmedia.dll
[2013/07/16 11:10:08 | 000,690,688 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\jscript.dll
[2013/07/16 11:10:08 | 000,493,056 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\msfeeds.dll
[2013/07/16 11:10:08 | 000,391,168 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\ieui.dll
[2013/07/16 11:10:08 | 000,226,304 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\elshyph.dll
[2013/07/16 11:10:08 | 000,185,344 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\elshyph.dll
[2013/07/16 11:10:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\msrating.dll
[2013/07/16 11:10:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\msls31.dll
[2013/07/16 11:10:08 | 000,150,528 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\iexpress.exe
[2013/07/16 11:10:08 | 000,138,752 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\wextract.exe
[2013/07/16 11:10:08 | 000,137,216 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\ieUnatt.exe
[2013/07/16 11:10:08 | 000,125,440 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\occache.dll
[2013/07/16 11:10:08 | 000,117,248 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\iepeers.dll
[2013/07/16 11:10:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\IEAdvpack.dll
[2013/07/16 11:10:08 | 000,109,056 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\iesysprep.dll
[2013/07/16 11:10:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\inseng.dll
[2013/07/16 11:10:08 | 000,079,872 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\mshtmled.dll
[2013/07/16 11:10:08 | 000,073,728 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/07/16 11:10:08 | 000,071,680 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/16 11:10:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\pngfilt.dll
[2013/07/16 11:10:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\mshtmler.dll
[2013/07/16 11:10:08 | 000,038,400 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\imgutil.dll
[2013/07/16 11:10:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\msfeedssync.exe
[2013/07/16 11:10:07 | 003,958,784 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\jscript9.dll
[2013/07/16 11:10:07 | 001,509,376 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\inetcpl.cpl
[2013/07/16 11:10:07 | 001,441,280 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\inetcpl.cpl
[2013/07/16 11:10:07 | 001,400,416 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\ieapfltr.dat
[2013/07/16 11:10:07 | 001,400,416 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\ieapfltr.dat
[2013/07/16 11:10:07 | 000,905,728 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\mshtmlmedia.dll
[2013/07/16 11:10:07 | 000,855,552 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\jscript.dll
[2013/07/16 11:10:07 | 000,762,368 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\ieapfltr.dll
[2013/07/16 11:10:07 | 000,629,248 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\ieapfltr.dll
[2013/07/16 11:10:07 | 000,603,136 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\msfeeds.dll
[2013/07/16 11:10:07 | 000,599,552 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\vbscript.dll
[2013/07/16 11:10:07 | 000,526,336 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\ieui.dll
[2013/07/16 11:10:07 | 000,452,096 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\dxtmsft.dll
[2013/07/16 11:10:07 | 000,441,856 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\html.iec
[2013/07/16 11:10:07 | 000,361,984 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\html.iec
[2013/07/16 11:10:07 | 000,357,888 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\dxtmsft.dll
[2013/07/16 11:10:07 | 000,281,600 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\dxtrans.dll
[2013/07/16 11:10:07 | 000,235,008 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\url.dll
[2013/07/16 11:10:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\url.dll
[2013/07/16 11:10:07 | 000,226,816 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\dxtrans.dll
[2013/07/16 11:10:07 | 000,216,064 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\msls31.dll
[2013/07/16 11:10:07 | 000,197,120 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\msrating.dll
[2013/07/16 11:10:07 | 000,173,568 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\ieUnatt.exe
[2013/07/16 11:10:07 | 000,167,424 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\iexpress.exe
[2013/07/16 11:10:07 | 000,149,504 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\occache.dll
[2013/07/16 11:10:07 | 000,144,896 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\wextract.exe
[2013/07/16 11:10:07 | 000,136,704 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\iesysprep.dll
[2013/07/16 11:10:07 | 000,136,192 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\iepeers.dll
[2013/07/16 11:10:07 | 000,135,680 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\IEAdvpack.dll
[2013/07/16 11:10:07 | 000,102,912 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\inseng.dll
[2013/07/16 11:10:07 | 000,097,280 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\mshtmled.dll
[2013/07/16 11:10:07 | 000,092,160 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\SetIEInstalledDate.exe
[2013/07/16 11:10:07 | 000,089,600 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/16 11:10:07 | 000,081,408 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\icardie.dll
[2013/07/16 11:10:07 | 000,077,312 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\tdc.ocx
[2013/07/16 11:10:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\icardie.dll
[2013/07/16 11:10:07 | 000,067,072 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\iesetup.dll
[2013/07/16 11:10:07 | 000,062,976 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\pngfilt.dll
[2013/07/16 11:10:07 | 000,061,952 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\tdc.ocx
[2013/07/16 11:10:07 | 000,061,440 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\iesetup.dll
[2013/07/16 11:10:07 | 000,051,712 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\ie4uinit.exe
[2013/07/16 11:10:07 | 000,051,200 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\imgutil.dll
[2013/07/16 11:10:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\mshtmler.dll
[2013/07/16 11:10:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\iernonce.dll
[2013/07/16 11:10:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\iernonce.dll
[2013/07/16 11:10:07 | 000,027,648 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\licmgr10.dll
[2013/07/16 11:10:07 | 000,025,185 | ---- | M] () -- J:\Windows\SysWow64\ieuinit.inf
[2013/07/16 11:10:07 | 000,025,185 | ---- | M] () -- J:\Windows\System32\ieuinit.inf
[2013/07/16 11:10:07 | 000,023,040 | ---- | M] (Microsoft Corporation) -- J:\Windows\SysWow64\licmgr10.dll
[2013/07/16 11:10:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\mshta.exe
[2013/07/16 11:10:07 | 000,012,800 | ---- | M] (Microsoft Corporation) -- J:\Windows\System32\msfeedssync.exe
[2013/07/12 05:01:50 | 000,360,792 | ---- | M] () -- J:\Windows\System32\FNTCACHE.DAT
[2013/07/11 20:41:42 | 000,654,150 | ---- | M] () -- J:\Windows\System32\perfh007.dat
[2013/07/11 20:41:42 | 000,616,032 | ---- | M] () -- J:\Windows\System32\perfh009.dat
[2013/07/11 20:41:42 | 000,130,022 | ---- | M] () -- J:\Windows\System32\perfc007.dat
[2013/07/11 20:41:42 | 000,106,412 | ---- | M] () -- J:\Windows\System32\perfc009.dat
[2013/07/11 20:36:45 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/11 07:12:34 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
[2013/07/11 07:11:43 | 000,266,240 | ---- | M] (Microsoft Corporation) -- J:\Windows\Setup1.exe
[2013/07/11 07:11:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- J:\Windows\ST6UNST.EXE
[2013/07/07 15:07:49 | 000,000,000 | ---- | M] () -- J:\END
[2013/07/05 15:35:25 | 000,000,312 | ---- | M] () -- J:\Users\anwender\Desktop\Curse Client.appref-ms
[2013/07/05 15:33:44 | 000,001,091 | ---- | M] () -- J:\Users\anwender\Desktop\PC Beschleunigen.lnk
[2013/07/05 15:33:44 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Beschleunigen
[1 J:\Users\anwender\Desktop\*.tmp files -> J:\Users\anwender\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/19 14:48:30 | 000,163,029 | ---- | C] () -- J:\ProgramData\2433f433
[2013/07/19 14:48:30 | 000,163,003 | ---- | C] () -- J:\Users\anwender\AppData\Roaming\2433f433
[2013/07/19 14:48:30 | 000,162,989 | ---- | C] () -- J:\Users\anwender\AppData\Local\2433f433
[2013/07/16 11:10:07 | 000,025,185 | ---- | C] () -- J:\Windows\SysWow64\ieuinit.inf
[2013/07/16 11:10:07 | 000,025,185 | ---- | C] () -- J:\Windows\System32\ieuinit.inf
[2013/07/05 15:35:25 | 000,000,312 | ---- | C] () -- J:\Users\anwender\Desktop\Curse Client.appref-ms
[2013/07/05 15:33:45 | 000,000,366 | ---- | C] () -- J:\Windows\tasks\PC SpeedUp Service Deactivator.job
[2013/07/05 15:33:44 | 000,001,091 | ---- | C] () -- J:\Users\anwender\Desktop\PC Beschleunigen.lnk
[2013/01/14 14:54:36 | 095,023,320 | ---- | C] () -- J:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/12 11:32:14 | 000,111,928 | ---- | C] () -- J:\Windows\SysWow64\PnkBstrB.exe
[2012/12/12 11:32:13 | 000,075,136 | ---- | C] () -- J:\Windows\SysWow64\PnkBstrA.exe
[2012/06/19 08:02:17 | 003,123,272 | R--- | C] () -- J:\Windows\SysWow64\pbsvc.exe
[2011/11/15 09:41:57 | 000,000,590 | ---- | C] () -- J:\Windows\WinInit.Ini
[2011/11/11 15:18:41 | 000,000,185 | ---- | C] () -- J:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/25 04:34:27 | 000,003,584 | ---- | C] () -- J:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 13:04:42 | 000,131,984 | ---- | C] () -- J:\ProgramData\FullRemove.exe
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- J:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- J:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- J:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- J:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- J:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- J:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- J:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- J:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- J:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/10/25 05:10:04 | 000,000,000 | ---D | M] -- J:\ProgramData\1912 Titanic Mystery
[2011/10/09 06:08:32 | 000,000,000 | ---D | M] -- J:\ProgramData\2DBoy
[2013/03/24 06:42:32 | 000,000,000 | ---D | M] -- J:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/03/23 13:21:33 | 000,000,000 | ---D | M] -- J:\ProgramData\Acer
[2011/09/28 10:36:13 | 000,000,000 | -HSD | M] -- J:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Application Data
[2013/07/19 17:00:19 | 000,000,000 | ---D | M] -- J:\ProgramData\Babylon
[2012/09/03 16:06:58 | 000,000,000 | ---D | M] -- J:\ProgramData\Battle.net
[2013/07/11 07:15:14 | 000,000,000 | ---D | M] -- J:\ProgramData\BewerbungsMaster
[2013/06/15 06:23:39 | 000,000,000 | ---D | M] -- J:\ProgramData\BrowserDefender
[2012/03/01 16:49:28 | 000,000,000 | -H-D | M] -- J:\ProgramData\CanonBJ
[2011/10/06 07:33:43 | 000,000,000 | ---D | M] -- J:\ProgramData\clear.fi
[2011/11/26 13:44:27 | 000,000,000 | ---D | M] -- J:\ProgramData\DAEMON Tools Pro
[2011/11/26 13:48:38 | 000,000,000 | ---D | M] -- J:\ProgramData\DassaultSystemes
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Documents
[2011/09/28 10:36:13 | 000,000,000 | -HSD | M] -- J:\ProgramData\Dokumente
[2011/07/25 11:09:20 | 000,000,000 | ---D | M] -- J:\ProgramData\EgisTec
[2011/07/25 11:09:13 | 000,000,000 | ---D | M] -- J:\ProgramData\EgisTec IPS
[2011/10/08 06:18:15 | 000,000,000 | ---D | M] -- J:\ProgramData\FarmFrenzy3_Arctica
[2011/09/28 10:36:13 | 000,000,000 | -HSD | M] -- J:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Favorites
[2011/10/09 06:06:04 | 000,000,000 | ---D | M] -- J:\ProgramData\InterAction studios
[2011/03/23 13:47:20 | 000,000,000 | ---D | M] -- J:\ProgramData\newsXpresso
[2011/10/15 08:16:05 | 000,000,000 | ---D | M] -- J:\ProgramData\Oberon Media
[2011/03/23 13:17:36 | 000,000,000 | ---D | M] -- J:\ProgramData\OberonGameConsole
[2011/09/28 10:38:24 | 000,000,000 | ---D | M] -- J:\ProgramData\oem
[2012/03/16 19:15:54 | 000,000,000 | ---D | M] -- J:\ProgramData\RosettaStoneLtdServices
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Start Menu
[2011/09/28 10:36:13 | 000,000,000 | -HSD | M] -- J:\ProgramData\Startmenü
[2012/10/23 11:08:49 | 000,000,000 | ---D | M] -- J:\ProgramData\SweetIM
[2012/07/08 08:14:33 | 000,000,000 | ---D | M] -- J:\ProgramData\Tarma Installer
[2011/11/08 12:08:27 | 000,000,000 | ---D | M] -- J:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Templates
[2011/09/28 10:36:13 | 000,000,000 | -HSD | M] -- J:\ProgramData\Vorlagen
[2012/02/11 09:14:42 | 000,000,000 | ---D | M] -- J:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/01/11 16:50:38 | 000,000,000 | ---D | M] -- J:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/07/18 08:23:00 | 000,000,918 | ---- | M] () -- J:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core.job
[2013/07/19 14:23:00 | 000,000,940 | ---- | M] () -- J:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA.job
[2013/07/19 17:00:48 | 000,000,394 | ---- | M] () -- J:\Windows\Tasks\Happy Lyrics Update.job
[2013/07/18 17:24:39 | 000,000,366 | ---- | M] () -- J:\Windows\Tasks\PC SpeedUp Service Deactivator.job
[2013/06/29 06:21:52 | 000,032,640 | ---- | M] () -- J:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> J:\ProgramData\Temp:798A3728
@Alternate Data Stream - 139 bytes -> J:\ProgramData\Temp:E79EFDA4
@Alternate Data Stream - 135 bytes -> J:\ProgramData\Temp:C46995DA
@Alternate Data Stream - 135 bytes -> J:\ProgramData\Temp:5D458568
@Alternate Data Stream - 134 bytes -> J:\ProgramData\Temp:9B750A13
@Alternate Data Stream - 134 bytes -> J:\ProgramData\Temp:5925E400
@Alternate Data Stream - 131 bytes -> J:\ProgramData\Temp:8173A019
@Alternate Data Stream - 124 bytes -> J:\ProgramData\Temp:1D6686D8
@Alternate Data Stream - 118 bytes -> J:\ProgramData\Temp:2430E4FC
< End of report >

aharonov · 24.07.2013, 00:00

Hi,

Zitat:

der rechner is vermutlich eh verseucht

Ja, in der Tat...

Kannst du den Rechner nach folgendem Fix wieder normal starten?

Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
[2013/07/19 14:48:30 | 000,163,029 | ---- | C] () -- J:\ProgramData\2433f433
[2013/07/19 14:48:30 | 000,163,003 | ---- | C] () -- J:\Users\anwender\AppData\Roaming\2433f433
[2013/07/19 14:48:30 | 000,162,989 | ---- | C] () -- J:\Users\anwender\AppData\Local\2433f433
[2013/01/14 14:54:36 | 095,023,320 | ---- | C] () -- J:\ProgramData\dsgsdgdsgdsgw.pad
O4 - HKU\anwender_ON_J..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] J:\Users\anwender\AppData\Local\Temp\giunxuxepjofverut.exe (Cisco Systems, Inc.)
O4 - HKU\anwender_ON_J..\Run: [capmasxihyzu] J:\Users\anwender\capmasxihyzu.exe ()
[2013/07/19 14:48:36 | 000,000,000 | ---D | C] -- J:\Users\anwender\AppData\Roaming\Lyquma
[2013/07/19 14:48:36 | 000,000,000 | ---D | C] -- J:\Users\anwender\AppData\Roaming\Fage
[2013/07/19 14:48:36 | 000,000,000 | ---D | C] -- J:\Users\anwender\AppData\Roaming\Cayhna
IE - HKU\anwender_ON_J\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=0A65F80F4119EDAE
@Alternate Data Stream - 141 bytes -> J:\ProgramData\Temp:798A3728
@Alternate Data Stream - 139 bytes -> J:\ProgramData\Temp:E79EFDA4
@Alternate Data Stream - 135 bytes -> J:\ProgramData\Temp:C46995DA
@Alternate Data Stream - 135 bytes -> J:\ProgramData\Temp:5D458568
@Alternate Data Stream - 134 bytes -> J:\ProgramData\Temp:9B750A13
@Alternate Data Stream - 134 bytes -> J:\ProgramData\Temp:5925E400
@Alternate Data Stream - 131 bytes -> J:\ProgramData\Temp:8173A019
@Alternate Data Stream - 124 bytes -> J:\ProgramData\Temp:1D6686D8
@Alternate Data Stream - 118 bytes -> J:\ProgramData\Temp:2430E4FC

:files
J:\Users\anwender\AppData\Local\Temp\giunxuxepjofverut.dll

Klicke jetzt auf den Fix Button.
Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
Kopiere nun dessen Inhalt hier in deinen Thread.

Ruptin · 24.07.2013, 09:19

Hi Leo,

Rechner fährt ohne gvu-anzeigebild hoch... danke

Code:

ATTFilter

========== OTL ==========
J:\ProgramData\2433f433 moved successfully.
J:\Users\anwender\AppData\Roaming\2433f433 moved successfully.
J:\Users\anwender\AppData\Local\2433f433 moved successfully.
J:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
Registry key HKEY_USERS\anwender_ON_J\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
J:\Users\anwender\AppData\Local\Temp\giunxuxepjofverut.exe moved successfully.
Registry key HKEY_USERS\anwender_ON_J\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
J:\Users\anwender\capmasxihyzu.exe moved successfully.
J:\Users\anwender\AppData\Roaming\Lyquma folder moved successfully.
J:\Users\anwender\AppData\Roaming\Fage folder moved successfully.
J:\Users\anwender\AppData\Roaming\Cayhna folder moved successfully.
HKU\anwender_ON_J\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
ADS J:\ProgramData\Temp:798A3728 deleted successfully.
ADS J:\ProgramData\Temp:E79EFDA4 deleted successfully.
ADS J:\ProgramData\Temp:C46995DA deleted successfully.
ADS J:\ProgramData\Temp:5D458568 deleted successfully.
ADS J:\ProgramData\Temp:9B750A13 deleted successfully.
ADS J:\ProgramData\Temp:5925E400 deleted successfully.
ADS J:\ProgramData\Temp:8173A019 deleted successfully.
ADS J:\ProgramData\Temp:1D6686D8 deleted successfully.
ADS J:\ProgramData\Temp:2430E4FC deleted successfully.
========== FILES ==========
File\Folder J:\Users\anwender\AppData\Local\Temp\giunxuxepjofverut.dll not found.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 07242013_120449

aharonov · 24.07.2013, 12:42

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere es auf den Desktop.

Starte die FRST64.exe.
Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Ruptin · 24.07.2013, 16:20

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by anwender (administrator) on 24-07-2013 15:05:21
Running from C:\Users\anwender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I203DI6
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Dassault Systemes) D:\Programme\Catia\intel_a\code\bin\CATSysDemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Windows\system32\dmwu.exe
(Facebook) C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Babylon Ltd.) C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
(Ginger Software) C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Plus HD) C:\program files (x86)\plus-hd-2.5\plus-hd-2.5-bg.exe
(AOL Inc.) c:\program files (x86)\aol deutschland toolbar\aoldetbServer.exe
(Curse) C:\Users\anwender\AppData\Local\Apps\2.0\45O6OGPY.51A\A0TB5TB2.QVN\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\CurseClient.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Linksys Wireless Manager] - C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [1374336 2010-03-26] (Cisco Systems, Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKCU\...\Run: [Steam] - D:\Games\Steam\steam.exe [1631144 2013-03-29] (Valve Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-12] (Facebook Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [PCSpeedUp] - C:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe [188680 2012-06-05] ()
HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\anwender\AppData\Local\Temp\giunxuxepjofverut.exe [x] <===== ATTENTION
HKCU\...\Run: [capmasxihyzu] - C:\Users\anwender\capmasxihyzu.exe [x]
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2011-11-12] (Adobe Systems, Inc.)
HKCU\...\Command Processor: "C:\Users\anwender\AppData\Local\Temp\giunxuxepjofverut.exe" <======= ATTENTION
MountPoints2: {ace789d1-1854-11e1-a9f1-f80f4119edae} - L:\Setup.bat
HKLM-x32\...\Run: [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] - "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-19] ()
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM-x32\...\Run: [nmctxth] - "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Babylon Client] - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [3460760 2012-07-30] (Babylon Ltd.)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll  [2521040 2013-05-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: (No Name) - {66a449dc-6b1d-4187-a4f1-b335d3da5365} -  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1670F2BE-EB0D-48B5-9A03-D88486AD7CD9}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=adknowledge_de-ie&s_qt=sb&tb_uuid=B242D9DE91A543ADB2B0BB693D9DD178&tb_oid=24-07-2013&tb_mrud=24-07-2013
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1670F2BE-EB0D-48B5-9A03-D88486AD7CD9}
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQCQ724fp&i=26
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119556&babsrc=SP_ss_sps&mntrId=0A65F80F4119EDAE
SearchScopes: HKCU - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=adknowledge_de-ie&s_qt=sb&tb_uuid=B242D9DE91A543ADB2B0BB693D9DD178&tb_oid=24-07-2013&tb_mrud=24-07-2013
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQCQ724fp&i=26
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1670F2BE-EB0D-48B5-9A03-D88486AD7CD9}
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\anwender\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110323101908.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\anwender\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO-x32: Plus-HD-2.5 - {11111111-1111-1111-1111-110311341138} - C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-bho.dll (Plus HD)
BHO-x32: AOL Deutschland Toolbar Loader - {2d3b1910-86c2-4d4b-b1db-124b3ea35bef} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO-x32: Happy Lyrics - {59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - C:\Program Files (x86)\HappyLyrics\hppylrc.dll (Happy Productions)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110323101908.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - AOL Deutschland Toolbar - {567d4d94-8077-4682-b887-945f3d644116} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {567D4D94-8077-4682-B887-945F3D644116} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 10 C:\Windows\system32\d3dyaqc6m.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Path=Profiles\mn0xijhz.Standard-Benutzer
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: No Name - C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: No Name - C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js.orig
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKCU\...\Firefox\Extensions: [happylyrics@hpyproductions.net] C:\Program Files (x86)\HappyLyrics\FF\
FF Extension: No Name - C:\Program Files (x86)\HappyLyrics\FF\
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?affID=119556&babsrc=HP_ss_gin2g&mntrId=0A65F80F4119EDAE
CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=119556&babsrc=HP_ss_gin2g&mntrId=0A65F80F4119EDAE",  "hxxp://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=0A65F80F4119EDAE"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\npbrowserext.dll (Injovo)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Desktop) - C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Extension: (PriceGong) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0
CHR Extension: (YouTube) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Complitly plugin for chrome) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0
CHR Extension: (Web Assistant) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0
CHR Extension: (Plus-HD-2.5) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.8_0
CHR Extension: (Wajam) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (OneClickDownload) - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.2_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.3\pricegong.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\anwender\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\anwender\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\anwender\AppData\Local\Temp\YontooLayers.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 BBDemon; D:\Programme\Catia\intel_a\code\bin\CATSysDemon.exe [36864 2007-05-04] (Dassault Systemes)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
R2 LanmanWorkstation; C:\Windows\System32\aptwadhhv.dll [289280 2012-04-21] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-01-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [244840 2010-01-06] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [148520 2010-01-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 PCSUService; C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe [289544 2012-06-05] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-12-12] ()
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)
R2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-19] (Avira GmbH)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62416 2010-01-06] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-11-26] (DT Soft Ltd)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121504 2010-01-06] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [189880 2010-01-06] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [440688 2010-01-06] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [528232 2010-01-06] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75288 2010-01-06] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93840 2010-01-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [279752 2010-01-06] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-24 18:04 - 2013-07-24 18:04 - 00000000 ____D C:\_OTL
2013-07-24 15:04 - 2013-07-24 15:04 - 01779757 _____ (Farbar) C:\Users\anwender\Downloads\FRST64.exe
2013-07-24 15:04 - 2013-07-24 15:04 - 00000000 ____D C:\FRST
2013-07-24 15:02 - 2013-07-24 15:02 - 00004230 _____ C:\Windows\System32\Tasks\Plus-HD-2.5-codedownloader
2013-07-24 15:02 - 2013-07-24 15:02 - 00004226 _____ C:\Windows\System32\Tasks\Plus-HD-2.5-updater
2013-07-24 15:02 - 2013-07-24 15:02 - 00004130 _____ C:\Windows\System32\Tasks\Plus-HD-2.5-enabler
2013-07-24 15:02 - 2013-07-24 15:02 - 00001906 _____ C:\Windows\Tasks\Plus-HD-2.5-chromeinstaller.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00001832 _____ C:\Windows\Tasks\Plus-HD-2.5-firefoxinstaller.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00001200 _____ C:\Windows\Tasks\Plus-HD-2.5-codedownloader.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00001196 _____ C:\Windows\Tasks\Plus-HD-2.5-updater.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00001100 _____ C:\Windows\Tasks\Plus-HD-2.5-enabler.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00000000 ____D C:\Users\anwender\AppData\Local\VisualBeeExe
2013-07-24 15:02 - 2013-07-24 15:02 - 00000000 ____D C:\Users\anwender\AppData\Local\VisualBeeClient
2013-07-24 15:02 - 2013-07-24 15:02 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.5
2013-07-24 15:01 - 2013-07-24 15:02 - 00000000 ____D C:\ProgramData\VisualBee
2013-07-24 15:01 - 2013-07-24 15:01 - 00001236 _____ C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-07-24 15:01 - 2013-07-24 15:01 - 00000000 ____D C:\Users\anwender\AppData\Local\emaze
2013-07-24 15:01 - 2013-07-24 15:01 - 00000000 ____D C:\Users\anwender\AppData\Local\AOL Deutschland Toolbar
2013-07-24 15:01 - 2013-07-24 15:01 - 00000000 ____D C:\ProgramData\AOL Deutschland Toolbar
2013-07-24 15:01 - 2013-07-24 15:01 - 00000000 ____D C:\Program Files (x86)\AOL Deutschland Toolbar
2013-07-24 14:57 - 2013-07-24 15:01 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-07-24 14:57 - 2013-07-24 15:01 - 00000282 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-07-24 14:57 - 2013-07-24 14:57 - 00003328 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-07-24 14:57 - 2013-07-24 14:57 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-07-24 14:57 - 2013-07-24 14:57 - 00003034 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-07-24 14:57 - 2013-07-24 14:57 - 00002878 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-07-24 14:57 - 2013-07-24 14:57 - 00000290 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Users\anwender\AppData\Roaming\Systweak
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\ProgramData\Systweak
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-07-24 14:57 - 2013-05-07 16:51 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-07-24 14:57 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-07-24 06:20 - 2013-07-24 06:20 - 00124510 _____ C:\OTL.Txt
2013-07-19 22:47 - 2013-07-24 12:09 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-18 12:06 - 2013-07-24 10:48 - 00001236 _____ C:\Users\anwender\Desktop\kontakte.txt
2013-07-16 17:10 - 2013-07-16 17:10 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-16 17:10 - 2013-07-16 17:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-16 17:10 - 2013-07-16 17:10 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-16 17:10 - 2013-07-16 17:10 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-16 17:10 - 2013-07-16 17:10 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-16 17:10 - 2013-07-16 17:10 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-16 17:10 - 2013-07-16 17:10 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-16 17:10 - 2013-07-16 17:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-16 17:10 - 2013-07-16 17:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-16 17:10 - 2013-07-16 17:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-16 17:10 - 2013-07-16 17:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-16 17:08 - 2013-07-16 17:13 - 00009534 _____ C:\Windows\IE10_main.log
2013-07-11 14:51 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 14:51 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 14:51 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 14:51 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 14:51 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 14:51 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 14:51 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 13:12 - 2013-07-11 13:15 - 00000000 ____D C:\ProgramData\BewerbungsMaster
2013-07-11 13:12 - 2013-07-11 13:14 - 00000000 ____D C:\Users\anwender\Documents\BewerbungsMaster
2013-07-11 13:11 - 2013-07-11 13:14 - 00000000 ____D C:\Program Files (x86)\BEWERBUNGSMASTER
2013-07-11 13:11 - 2013-07-11 13:11 - 00266240 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-07-11 13:11 - 2013-07-11 13:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-07-11 13:11 - 2013-07-11 13:11 - 00000000 ____D C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2013-07-09 00:42 - 2013-07-09 00:42 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 00:42 - 2013-07-09 00:42 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-05 21:35 - 2013-07-05 21:35 - 00000312 _____ C:\Users\anwender\Desktop\Curse Client.appref-ms
2013-07-05 21:35 - 2013-07-05 21:35 - 00000000 ____D C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-07-05 21:33 - 2013-07-24 12:30 - 00000366 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-07-05 21:33 - 2013-07-24 12:09 - 00000000 ____D C:\Program Files (x86)\PC Beschleunigen
2013-07-05 21:33 - 2013-07-05 21:33 - 00401760 _____ () C:\Users\anwender\Downloads\curse-client(1).exe
2013-07-05 21:33 - 2013-07-05 21:33 - 00002746 _____ C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2013-07-05 21:33 - 2013-07-05 21:33 - 00001091 _____ C:\Users\anwender\Desktop\PC Beschleunigen.lnk
2013-07-05 21:33 - 2013-07-05 21:33 - 00000000 ____D C:\Users\anwender\Documents\PCSpeedUp
2013-07-02 12:40 - 2013-07-04 14:53 - 00000000 ____D C:\Users\anwender\Desktop\Bewerbungen

==================== One Month Modified Files and Folders =======

2013-07-24 18:04 - 2013-07-24 18:04 - 00000000 ____D C:\_OTL
2013-07-24 18:04 - 2011-11-11 15:42 - 00000000 ____D C:\Users\anwender
2013-07-24 15:04 - 2013-07-24 15:04 - 01779757 _____ (Farbar) C:\Users\anwender\Downloads\FRST64.exe
2013-07-24 15:04 - 2013-07-24 15:04 - 00000000 ____D C:\FRST
2013-07-24 15:02 - 2013-07-24 15:02 - 00004230 _____ C:\Windows\System32\Tasks\Plus-HD-2.5-codedownloader
2013-07-24 15:02 - 2013-07-24 15:02 - 00004226 _____ C:\Windows\System32\Tasks\Plus-HD-2.5-updater
2013-07-24 15:02 - 2013-07-24 15:02 - 00004130 _____ C:\Windows\System32\Tasks\Plus-HD-2.5-enabler
2013-07-24 15:02 - 2013-07-24 15:02 - 00001906 _____ C:\Windows\Tasks\Plus-HD-2.5-chromeinstaller.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00001832 _____ C:\Windows\Tasks\Plus-HD-2.5-firefoxinstaller.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00001200 _____ C:\Windows\Tasks\Plus-HD-2.5-codedownloader.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00001196 _____ C:\Windows\Tasks\Plus-HD-2.5-updater.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00001100 _____ C:\Windows\Tasks\Plus-HD-2.5-enabler.job
2013-07-24 15:02 - 2013-07-24 15:02 - 00000000 ____D C:\Users\anwender\AppData\Local\VisualBeeExe
2013-07-24 15:02 - 2013-07-24 15:02 - 00000000 ____D C:\Users\anwender\AppData\Local\VisualBeeClient
2013-07-24 15:02 - 2013-07-24 15:02 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.5
2013-07-24 15:02 - 2013-07-24 15:01 - 00000000 ____D C:\ProgramData\VisualBee
2013-07-24 15:02 - 2011-11-11 16:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-24 15:01 - 2013-07-24 15:01 - 00001236 _____ C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-07-24 15:01 - 2013-07-24 15:01 - 00000000 ____D C:\Users\anwender\AppData\Local\emaze
2013-07-24 15:01 - 2013-07-24 15:01 - 00000000 ____D C:\Users\anwender\AppData\Local\AOL Deutschland Toolbar
2013-07-24 15:01 - 2013-07-24 15:01 - 00000000 ____D C:\ProgramData\AOL Deutschland Toolbar
2013-07-24 15:01 - 2013-07-24 15:01 - 00000000 ____D C:\Program Files (x86)\AOL Deutschland Toolbar
2013-07-24 15:01 - 2013-07-24 14:57 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-07-24 15:01 - 2013-07-24 14:57 - 00000282 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-07-24 14:57 - 2013-07-24 14:57 - 00003328 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-07-24 14:57 - 2013-07-24 14:57 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-07-24 14:57 - 2013-07-24 14:57 - 00003034 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-07-24 14:57 - 2013-07-24 14:57 - 00002878 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-07-24 14:57 - 2013-07-24 14:57 - 00000290 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Users\anwender\AppData\Roaming\Systweak
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\ProgramData\Systweak
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-24 14:57 - 2013-07-24 14:57 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-07-24 14:57 - 2011-11-11 15:42 - 00000000 ___RD C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-24 14:23 - 2012-08-12 14:18 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA.job
2013-07-24 14:23 - 2012-08-12 14:18 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core.job
2013-07-24 14:13 - 2012-10-02 18:30 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 14:10 - 2012-03-17 11:00 - 00000000 ____D C:\ProgramData\Babylon
2013-07-24 12:30 - 2013-07-05 21:33 - 00000366 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-07-24 12:17 - 2011-07-25 17:05 - 01821738 _____ C:\Windows\WindowsUpdate.log
2013-07-24 12:17 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 12:17 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 12:13 - 2013-06-15 12:23 - 00000394 _____ C:\Windows\Tasks\Happy Lyrics Update.job
2013-07-24 12:09 - 2013-07-19 22:47 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-24 12:09 - 2013-07-05 21:33 - 00000000 ____D C:\Program Files (x86)\PC Beschleunigen
2013-07-24 12:09 - 2012-10-02 18:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 12:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 12:08 - 2009-07-14 06:51 - 00159743 _____ C:\Windows\setupact.log
2013-07-24 10:48 - 2013-07-18 12:06 - 00001236 _____ C:\Users\anwender\Desktop\kontakte.txt
2013-07-24 06:20 - 2013-07-24 06:20 - 00124510 _____ C:\OTL.Txt
2013-07-24 06:17 - 2011-10-06 13:35 - 00000000 ____D C:\Users\Gast
2013-07-19 22:30 - 2010-11-21 05:47 - 00320540 _____ C:\Windows\PFRO.log
2013-07-19 01:12 - 2012-02-04 15:35 - 00000000 ____D C:\Users\anwender\AppData\Roaming\TS3Client
2013-07-16 22:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-16 19:31 - 2011-11-11 15:42 - 00001417 _____ C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-16 19:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-16 17:13 - 2013-07-16 17:08 - 00009534 _____ C:\Windows\IE10_main.log
2013-07-16 17:10 - 2013-07-16 17:10 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-16 17:10 - 2013-07-16 17:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-16 17:10 - 2013-07-16 17:10 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-16 17:10 - 2013-07-16 17:10 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-16 17:10 - 2013-07-16 17:10 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-16 17:10 - 2013-07-16 17:10 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-16 17:10 - 2013-07-16 17:10 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-16 17:10 - 2013-07-16 17:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-16 17:10 - 2013-07-16 17:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-16 17:10 - 2013-07-16 17:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-16 17:10 - 2013-07-16 17:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-16 17:10 - 2013-07-16 17:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-16 17:10 - 2013-07-16 17:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-14 19:08 - 2012-10-02 18:30 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-14 19:08 - 2012-10-02 18:30 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 11:01 - 2009-07-14 06:45 - 00360792 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 11:00 - 2013-03-14 01:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 11:00 - 2011-03-23 19:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 11:00 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 11:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 11:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 02:41 - 2011-07-26 02:57 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-07-12 02:41 - 2011-07-26 02:57 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-07-12 02:41 - 2009-07-14 07:13 - 01519798 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 02:40 - 2011-12-12 19:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 13:15 - 2013-07-11 13:12 - 00000000 ____D C:\ProgramData\BewerbungsMaster
2013-07-11 13:14 - 2013-07-11 13:12 - 00000000 ____D C:\Users\anwender\Documents\BewerbungsMaster
2013-07-11 13:14 - 2013-07-11 13:11 - 00000000 ____D C:\Program Files (x86)\BEWERBUNGSMASTER
2013-07-11 13:11 - 2013-07-11 13:11 - 00266240 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-07-11 13:11 - 2013-07-11 13:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-07-11 13:11 - 2013-07-11 13:11 - 00000000 ____D C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2013-07-09 00:42 - 2013-07-09 00:42 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 00:42 - 2013-07-09 00:42 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-07 21:07 - 2013-06-15 12:23 - 00000000 _____ C:\END
2013-07-05 22:38 - 2011-11-11 21:11 - 00000000 ____D C:\Users\anwender\AppData\Local\Deployment
2013-07-05 21:35 - 2013-07-05 21:35 - 00000312 _____ C:\Users\anwender\Desktop\Curse Client.appref-ms
2013-07-05 21:35 - 2013-07-05 21:35 - 00000000 ____D C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-07-05 21:33 - 2013-07-05 21:33 - 00401760 _____ () C:\Users\anwender\Downloads\curse-client(1).exe
2013-07-05 21:33 - 2013-07-05 21:33 - 00002746 _____ C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2013-07-05 21:33 - 2013-07-05 21:33 - 00001091 _____ C:\Users\anwender\Desktop\PC Beschleunigen.lnk
2013-07-05 21:33 - 2013-07-05 21:33 - 00000000 ____D C:\Users\anwender\Documents\PCSpeedUp
2013-07-05 21:33 - 2013-06-15 12:22 - 00190592 _____ C:\Users\anwender\Downloads\Curse Client.exe
2013-07-04 14:53 - 2013-07-02 12:40 - 00000000 ____D C:\Users\anwender\Desktop\Bewerbungen
2013-07-02 12:47 - 2012-07-23 23:48 - 00000000 ____D C:\Users\anwender\Documents\Bewerbungszeug
2013-06-29 12:21 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 12:29

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2013
Ran by anwender at 2013-07-24 15:55:54
Running from C:\Users\anwender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I203DI6
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
1912 Titanic Mystery (x32)
1ClickDownloader (x32 Version: 2.7 Build 26473)
7-Zip 9.20 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acer eRecovery Management (x32 Version: 5.00.3002)
Acer GameZone Console (x32 Version: 6.1.0.40497)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0825.2010)
Acer Updater (x32 Version: 1.02.3005)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Advanced System Protector (x32 Version: 2.1.1000.10905)
AOL Deutschland Toolbar (HKCU)
AOL Deutschland Toolbar (x32)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Assassin's Creed III 1.01 (x32 Version: 1.01)
Audacity 2.0.2 (x32 Version: 2.0.2)
Avira Free Antivirus (x32 Version: 12.1.9.2400)
AVS Audio Converter 7 (x32)
AVS Update Manager 1.0 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Babylon (x32)
Babylon toolbar on IE (x32)
be Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Bejeweled 2 Deluxe (x32)
Belles Beauty Boutique (x32)
BEWERBUNGSMASTER (x32)
Bing Bar (x32 Version: 7.0.610.0)
Bonjour (Version: 3.0.0.10)
BrowserDefender (x32)
Chicken Invaders 3 (x32)
clear.fi (x32 Version: 1.0.1422.15)
clear.fi (x32 Version: 9.0.7418)
clear.fi Client (x32 Version: 1.00.3009)
Complitly (x32)
Counter-Strike: Global Offensive (x32)
Counter-Strike: Source (x32 Version: 1.0.0.0)
Curse Client (HKCU Version: 4.0.1.286)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Pro (x32 Version: 4.41.0315.0262)
Dassault Systemes Software B18
Dassault Systemes Software Prerequisites x86-x64 (Version: 8.0.2)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Delta Chrome Toolbar (x32)
Delta toolbar   (x32 Version: 1.8.21.5)
Dishonored (x32 Version: 1.0)
DivX-Setup (x32 Version: 2.6.1.9)
Download Updater (AOL Inc.) (x32)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0901)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
Farm Frenzy 3 Ice Age (x32)
Flip Words (x32)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Free M4a to MP3 Converter 7.1 (x32)
Full Tilt Poker.Eu (x32 Version: 4.57.7.WIN.FullTilt.EU)
Galapago (x32)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
Grand Theft Auto Vice City (x32 Version: 1.00.000)
Happy Lyrics (x32)
Hotkey Utility (x32 Version: 2.05.3014)
IB Updater Service (x32 Version: 3.0.4.6)
Identity Card (x32 Version: 1.00.3006)
Incredibar Toolbar  on IE (x32)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004)
iTunes (Version: 11.0.2.26)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 13 (x32 Version: 7.0.130)
Java Auto Updater (x32 Version: 2.1.9.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
League of Legends (x32 Version: 1.3)
Linksys Wireless Manager (Version: 4.9.10084.0)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
MediaEspresso (x32 Version: 1.0.1423_35858)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 15.0.1 (x86 de) (x32 Version: 15.0.1)
Mozilla Maintenance Service (x32 Version: 15.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPC Backup  (Version: )
MyWinLocker (Version: 4.0.14.11)
MyWinLocker 4 (x32 Version: 4.0.14.11)
MyWinLocker Suite (x32 Version: 4.0.14.11)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Express 10 (x32 Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 1.0.0018)
newsXpresso (x32 Version: 1.0.0.40)
Norton Online Backup (x32 Version: 2.1.17869)
NVIDIA Grafiktreiber 267.02 (Version: 267.02)
NVIDIA HD-Audiotreiber 1.1.13.1 (Version: 1.1.13.1)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA PhysX (x32 Version: 9.11.1111)
NVIDIA Systemsteuerung 267.02 (Version: 267.02)
PC Beschleunigen - Vollständige Deinstallation (Version: 3.1.2)
Plus-HD-2.5 (x32 Version: 1.27.153.5)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PriceGong 2.6.3 (x32 Version: 2.6.3)
PunkBuster Services (x32 Version: 0.987)
Pure Networks Platform (x32 Version: 11.2.09195.1)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6194)
RegClean Pro (x32 Version: 6.21)
Return to Castle Wolfenstein DEMO (x32 Version: DEMO)
Rosetta Stone Ltd Services (x32 Version: 3.2.18)
Shredder (Version: 2.0.8.7)
Shredder (x32 Version: 2.0.8.7)
Skype™ 6.3 (x32 Version: 6.3.107)
Sprill and Ritchie (x32)
StarCraft II (x32 Version: 2.0.5.25092)
Steam (x32 Version: 1.0.0.0)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007)
SweetPacks bundle uninstaller (x32 Version: 1.0.0000)
TeamSpeak 3 Client (x32 Version: 3.0.10.1)
Uncompressor (HKCU)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
Uplay (x32 Version: 2.0)
VBA (3821b) (x32 Version: 6.01.00.1234)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VisualBee for Microsoft PowerPoint (HKCU Version: V3.9)
Wajam (x32 Version: 1.80)
Web Assistant 2.0.0.572 (Version: 2.0.0.572)
Welcome Center (x32 Version: 1.02.3102)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Wolfenstein (x32 Version: 1.0)
World of Goo (x32)
World of Warcraft (x32 Version: 5.3.0.17128)
WPT Poker (x32)
Yontoo 1.10.02 (Version: 1.10.02)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

24-07-2013 13:01:24 RegClean Pro Mi, Jul 24, 13  15:01

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00900352-C2F0-452E-B317-BB494CC833CC} - System32\Tasks\Plus-HD-2.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-firefoxinstaller.exe [2013-07-24] (Plus HD)
Task: {03EC0D56-75C5-47A4-87A0-883ACA208C20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: {121296AC-57F5-4898-A8AE-3E0AB5C83EC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {180225BD-7BA3-4DB4-B301-E83C8D52945E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {261A893A-20C5-4EA1-BD2B-DC01FB74AA1A} - System32\Tasks\Plus-HD-2.5-updater => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-updater.exe [2013-07-24] (Plus HD)
Task: {281B0CED-345A-4504-83D7-620FE99D45C8} - System32\Tasks\{42604D0D-B0D9-400D-B89A-91CB2C9698F5} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-09-06] (Mozilla Corporation)
Task: {2E548B6A-8FB8-408A-853B-350EBFB46F27} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-07] (Systweak Inc)
Task: {3195A949-FED2-4A0F-89CE-4AA009E3515E} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-07] (Systweak Inc)
Task: {456EECF8-5CD5-40A3-9616-30C96DCA66B4} - System32\Tasks\Plus-HD-2.5-enabler => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-enabler.exe [2013-07-24] (Plus HD)
Task: {4FB4D771-9563-46B4-BE3F-932291622F99} - System32\Tasks\{BB11C9B1-61F2-4759-8A38-BCC0EC22DA59} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-09-06] (Mozilla Corporation)
Task: {504666F4-84A9-46F6-84E9-6DC8A6180262} - System32\Tasks\Plus-HD-2.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-chromeinstaller.exe [2013-07-24] (Plus HD)
Task: {5D90D402-C26F-4E49-A19A-D4EAD8CEEE92} - System32\Tasks\{A854C9A6-A28B-4061-A69C-98C5DED2C349} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-09-06] (Mozilla Corporation)
Task: {6DCF8853-6EE2-4A50-BFD1-4E6D91A7DB7B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA => C:\Users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-12] (Facebook Inc.)
Task: {735F5F81-C3E9-4904-A31C-2A00AD232454} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: {77CA1564-6274-4195-9550-1A4C32BDC288} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {870FEFCB-5E4C-42D5-8798-8A132AB33A52} - System32\Tasks\{64A69846-927B-4373-A19B-DB577B8FBD28} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-09-06] (Mozilla Corporation)
Task: {87D39FD9-C3CE-4324-9D1D-38A76ACDAEBB} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-05-24] (Systweak)
Task: {90E0603B-CE37-499D-855A-8DE17BE1F985} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {90F73C40-96A9-426F-850C-A13CAC5AB531} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {B64CE536-26BC-46B8-AC22-AE0441E2E5FA} - System32\Tasks\Happy Lyrics Update => C:\Program Files (x86)\HappyLyrics\HLUpdater.exe [2013-06-04] (Happy Productions)
Task: {C6CF9E5E-6E2F-4A62-BFAE-D513E93F51D0} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {CA6961B6-74CF-42E1-ABCE-70E51C99A860} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {D221D8C8-B2E6-44BD-AAC2-A48C421FB6E3} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-07] (Systweak Inc)
Task: {D970689E-9DE1-45B8-8FEE-8A161B509552} - System32\Tasks\Plus-HD-2.5-codedownloader => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-codedownloader.exe [2013-07-24] (Plus HD)
Task: {DDD5BDAC-AC90-45D7-8620-57104112D25B} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2012-09-17] (Systweak Inc                                                )
Task: {DEFD41F3-E7CE-494C-BB2F-EDD110927CCD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core => C:\Users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-12] (Facebook Inc.)
Task: {E11C24C4-BD53-4FD5-826E-E088D4EA406C} - System32\Tasks\EPUpdater => C:\Users\anwender\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {F7E7DFD4-6DD8-4520-9625-883C5554E9CE} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Beschleunigen\PCSUSD.exe [2012-06-05] ()
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core.job => C:\Users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA.job => C:\Users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Happy Lyrics Update.job => C:\Program Files (x86)\HappyLyrics\HLUpdater.exe
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Beschleunigen\PCSUSD.exe
Task: C:\Windows\Tasks\Plus-HD-2.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.5-enabler.job => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.5-updater.job => C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-updater.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2013 10:35:13 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/24/2013 00:09:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 00:09:36 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (07/19/2013 11:00:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2013 10:59:03 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (07/19/2013 10:56:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2013 10:55:23 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (07/19/2013 10:52:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2013 10:51:43 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: Der McShield-Scan-Service kann keine Konfiguration im Register finden.

Error: (07/19/2013 10:49:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/24/2013 00:42:45 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.

Error: (07/24/2013 00:17:20 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.

Error: (07/24/2013 00:10:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McShield" wurde mit folgendem dienstspezifischem Fehler beendet: %%5046.

Error: (07/24/2013 00:09:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2013 11:00:50 PM) (Source: DCOM) (User: )
Description: {64B00DAC-870D-4E6A-8D34-3A6E3E427A30}

Error: (07/19/2013 11:00:09 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/19/2013 11:00:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McShield" wurde mit folgendem dienstspezifischem Fehler beendet: %%5046.

Error: (07/19/2013 10:58:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2013 10:56:28 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/19/2013 10:56:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McShield" wurde mit folgendem dienstspezifischem Fehler beendet: %%5046.


Microsoft Office Sessions:
=========================
Error: (07/24/2013 10:35:13 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/24/2013 00:09:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 00:09:36 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (07/19/2013 11:00:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2013 10:59:03 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (07/19/2013 10:56:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2013 10:55:23 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (07/19/2013 10:52:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2013 10:51:43 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 

Error: (07/19/2013 10:49:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2012-09-20 20:20:59.221
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:59.206
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:36.083
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:36.063
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:31.217
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:31.201
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:27.666
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:27.650
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:23.371
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-09-20 20:20:23.343
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 8174 MB
Available physical RAM: 3525.31 MB
Total Pagefile: 16346.18 MB
Available Pagefile: 10966.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456.92 GB) (Free:344.56 GB) NTFS (Disk=0 Partition=3)
Drive d: (Data) (Fixed) (Total:456.92 GB) (Free:385.32 GB) NTFS (Disk=0 Partition=4)
Drive k: (SARA01) (Fixed) (Total:2794.52 GB) (Free:2409.51 GB) NTFS (Disk=6 Partition=1)
Drive n: (BMW) (Removable) (Total:7.83 GB) (Free:3.41 GB) FAT32 (Disk=7 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D4704A7E)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.

========================================================
Disk: 7 (Size: 8 GB) (Disk ID: 008CC635)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

aharonov · 24.07.2013, 20:47

Hi,

ja dieser Rechner ist wirklich unschön zugerichtet...

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
- 1ClickDownloader
- Advanced System Protector
- Babylon
- Babylon toolbar on IE
- BrowserDefender
- Complitly
- Delta Chrome Toolbar
- Delta toolbar
- Happy Lyrics
- IB Updater Service
- Incredibar Toolbar on IE
- MyPC Backup
- Plus-HD-2.5
- PriceGong 2.6.3
- RegClean Pro
- SweetIM for Messenger 3.7
- SweetPacks bundle uninstaller
- Wajam
- Web Assistant 2.0.0.572
- Yontoo 1.10.02
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 4

Falls noch nicht vorhanden, lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /600
C:\Windows\SysNative\*.dll /600
C:\Windows\SysWOW64\*.dll /600

Schliesse bitte nun alle anderen Programme.
Klicke nun auf den Quick Scan Button.
Kopiere danach den Inhalt von OTL.txt und Extras.txt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Log von Combofix
Logs von OTL

Ruptin · 25.07.2013, 12:55

HI Leo,

hat alles soweit funktioniert... nur dein customFix von OTL scheint nen error zu haben.

hier die Logs:

AdwCleaner[S1]

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 25/07/2013 um 12:55:09 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : anwender - MARTIN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\anwender\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\searchplugins\delta.xml
Datei Gelöscht : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\1ClickDownload
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Babylon
Ordner Gelöscht : C:\Program Files (x86)\I Want This
Ordner Gelöscht : C:\Program Files (x86)\incredibar.com
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Uncompressor
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\visualbee
Ordner Gelöscht : C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gelöscht : C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Ordner Gelöscht : C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Ordner Gelöscht : C:\Users\anwender\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\anwender\AppData\Local\Temp\BabylonToolbar
Ordner Gelöscht : C:\Users\anwender\AppData\Local\visualbeeexe
Ordner Gelöscht : C:\Users\anwender\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\anwender\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\anwender\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\anwender\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\anwender\AppData\Roaming\Complitly
Ordner Gelöscht : C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
Ordner Gelöscht : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\SweetPacksToolbarData
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b57d8dcb569e942
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\S-1-5-21-2427755593-2352214459-2442542287-501\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-21-2427755593-2352214459-2442542287-501\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKU\S-1-5-21-2427755593-2352214459-2442542287-501\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Datei : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\3ggi679f.default\prefs.js

C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\3ggi679f.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6PQCQ724fp&loc=FF_NT");user_p[...]

Datei : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\prefs.js

C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.babTrack", "affID=109986");
Gelöscht : user_pref("extensions.delta.bbDpng", "25");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.hdrMd5", "CCF137A8FA57D12FFF7AA6F43BF84821");
Gelöscht : user_pref("extensions.delta.id", "0a651e53000000000000f80f4119edae");
Gelöscht : user_pref("extensions.delta.instlDay", "15871");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.512:23:32");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "azb");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.512:23:32");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119556");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("extensions.wajam.affiliate_id", "1401");
Gelöscht : user_pref("extensions.wajam.firstrun", "false");
Gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\[...]
Gelöscht : user_pref("extensions.wajam.no_trace", "false");
Gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Gelöscht : user_pref("extensions.wajam.supported_sites.ask.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'waja[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.trace_log", "1371672835129 - processSiteLookup - getMatchingSiteName ret[...]
Gelöscht : user_pref("extensions.wajam.unique_id", "270DAC5D4235852BEB8B1997113804A2");
Gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gelöscht : user_pref("extensions.wajam.version", "1.26");
Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "none");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{1670F2BE-EB0D-48B5-9A03-D88486AD7CD9}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Datei : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\otjyfpu2.default\prefs.js

C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\otjyfpu2.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\r27lg4s0.default\prefs.js

C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\r27lg4s0.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\vogpd09a.default\prefs.js

C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\vogpd09a.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\wdvy0hzk.default\prefs.js

C:\Users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\wdvy0hzk.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [22605 octets] - [25/07/2013 12:55:09]

########## EOF - C:\AdwCleaner[S1].txt - [22666 octets] ##########

ComboFix

Code:

ATTFilter

ComboFix 13-07-24.03 - anwender 25.07.2013  13:03:24.1.8 - x64
ausgeführt von:: c:\users\anwender\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\anwender\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4EF2BFD5-ACDD-4E74-BA4B-316644142570}.xps
c:\users\anwender\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4FECAACE-B167-4EB2-8E67-0926EBEA2730}.xps
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
K:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-25 bis 2013-07-25  ))))))))))))))))))))))))))))))
.
.
2013-07-25 10:19 . 2013-07-25 10:19	96168	------w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-25 10:03 . 2013-07-25 10:10	1672	----a-w-	c:\windows\system32\ASOROSet.bin
2013-07-24 16:04 . 2013-07-24 16:04	--------	d-----w-	C:\_OTL
2013-07-24 13:04 . 2013-07-24 13:04	--------	d-----w-	C:\FRST
2013-07-24 13:02 . 2013-07-24 13:02	--------	d-----w-	c:\users\anwender\AppData\Local\VisualBeeClient
2013-07-24 13:01 . 2013-07-24 13:01	--------	d-----w-	c:\users\anwender\AppData\Local\emaze
2013-07-24 12:57 . 2013-07-25 10:15	--------	d-----w-	c:\program files (x86)\MyPC Backup
2013-07-24 12:57 . 2013-07-25 10:03	--------	d-----w-	c:\users\anwender\AppData\Roaming\Systweak
2013-07-24 12:57 . 2013-05-07 14:51	20312	----a-w-	c:\windows\system32\roboot64.exe
2013-07-24 12:56 . 2013-07-24 12:56	--------	d-----w-	c:\users\anwender\AppData\Local\Programs
2013-07-24 10:16 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6972A5BF-EBD1-473F-9168-44930AA2F9E8}\mpengine.dll
2013-07-11 12:51 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-11 11:12 . 2013-07-11 11:15	--------	d-----w-	c:\programdata\BewerbungsMaster
2013-07-11 11:11 . 2013-07-25 10:29	--------	d-----w-	c:\program files (x86)\BEWERBUNGSMASTER
2013-07-11 11:11 . 2013-07-11 11:11	266240	------w-	c:\windows\Setup1.exe
2013-07-11 11:11 . 2013-07-11 11:11	74752	----a-w-	c:\windows\ST6UNST.EXE
2013-07-08 22:42 . 2013-07-08 22:42	--------	d-----w-	c:\windows\SysWow64\searchplugins
2013-07-08 22:42 . 2013-07-08 22:42	--------	d-----w-	c:\windows\SysWow64\Extensions
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-25 10:19 . 2012-10-16 12:30	867240	------w-	c:\windows\SysWow64\npDeployJava1.dll
2013-07-25 10:19 . 2012-10-16 12:30	789416	------w-	c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-12 17:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 17:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 17:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 17:51	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 17:51	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 17:51	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 17:51	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 17:51	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 17:51	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 17:51	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 17:51	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 17:51	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 17:51	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 12:34 . 2013-05-02 12:34	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
"Steam"="d:\games\Steam\steam.exe" [2013-03-29 1631144]
"Facebook Update"="c:\users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-12 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BBDemon;Backbone Service;d:\programme\Catia\intel_a\code\bin\CATSysDemon.exe;d:\programme\Catia\intel_a\code\bin\CATSysDemon.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 17:13	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core.job
- c:\users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-12 12:18]
.
2013-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA.job
- c:\users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-12 12:18]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-02 16:30]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-02 16:30]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\anwender\AppData\Roaming\Mozilla\Firefox\Profiles\wdvy0hzk.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-VisualBee for Microsoft PowerPoint - c:\users\anwender\AppData\Local\VisualBeeExe\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-25  13:13:35
ComboFix-quarantined-files.txt  2013-07-25 11:13
.
Vor Suchlauf: 10 Verzeichnis(se), 401.248.419.840 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 416.804.118.528 Bytes frei
.
- - End Of File - - C718D1A9197ED2A5FAC6D8141254B3CE
D41D8CD98F00B204E9800998ECF8427E

OTL CustomFix

Code:

ATTFilter

Error: Unable to interpret <HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\*.tsp> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\*.tsp /64> in the current context!
Error: Unable to interpret <C:\Windows\system32\*.dll /600> in the current context!
Error: Unable to interpret <C:\Windows\SysNative\*.dll /600> in the current context!
Error: Unable to interpret <C:\Windows\SysWOW64\*.dll /600> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 07252013_133010

OTL Scan

Code:

ATTFilter

OTL logfile created on: 25.07.2013 13:32:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\anwender\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 75,05% Memory free
15,96 Gb Paging File | 13,82 Gb Available in Paging File | 86,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,92 Gb Total Space | 388,27 Gb Free Space | 84,98% Space Free | Partition Type: NTFS
Drive D: | 456,92 Gb Total Space | 385,32 Gb Free Space | 84,33% Space Free | Partition Type: NTFS
Drive K: | 2794,52 Gb Total Space | 2409,51 Gb Free Space | 86,22% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN | User Name: anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.25 13:29:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\anwender\Downloads\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.29 21:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
PRC - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012.08.08 21:33:21 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:48:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:48:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.17 09:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2011.08.17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2007.05.04 15:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) -- D:\Programme\Catia\intel_a\code\bin\CATSysDemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.15 14:31:32 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e937e3331234e8da935e71172e46ba17\IAStorUtil.ni.dll
MOD - [2013.07.15 14:31:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll
MOD - [2013.07.12 11:07:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013.07.12 11:07:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.12 11:07:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.12 11:07:23 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013.07.12 11:07:19 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.12 11:07:17 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.12 11:07:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.12 11:07:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.03.29 21:53:56 | 001,114,024 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll
MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- D:\Games\Steam\SDL2.dll
MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- D:\Games\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- D:\Games\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- D:\Games\Steam\bin\avutil-51.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.26 02:56:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.21 16:14:56 | 000,289,280 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\aptwadhhv.dll -- (LanmanWorkstation)
SRV:64bit: - [2010.01.06 03:04:02 | 000,244,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010.01.06 03:04:02 | 000,199,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 16:48:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 16:48:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.15 14:47:07 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010.01.06 03:04:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.04 15:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Running] -- D:\Programme\Catia\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.08 16:48:59 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:48:59 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.26 19:44:36 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.12 09:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.26 01:36:39 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.01.06 03:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010.01.06 03:04:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010.01.06 03:04:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=adknowledge_de-ie&s_qt=sb&tb_uuid=B242D9DE91A543ADB2B0BB693D9DD178&tb_oid=24-07-2013&tb_mrud=24-07-2013
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.15 19:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.15 19:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.15 13:09:37 | 000,000,000 | ---D | M]
 
[2012.10.15 19:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Extensions
[2013.07.25 12:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.07.25 12:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\3ggi679f.default\extensions
[2013.07.25 12:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\otjyfpu2.default\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\r27lg4s0.default\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\vogpd09a.default\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\wdvy0hzk.default\extensions
[2013.07.25 12:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=119556&babsrc=HP_ss_gin2g&mntrId=0A65F80F4119EDAE
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.07.25 13:11:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110323101908.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110323101908.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\d3dyaqc6m.dll File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D497E3D-B233-4196-B23D-F845EE00F42E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BEE1E24-0813-4421-97C9-A20654654E26}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.25 18:05:32 | 000,000,000 | R--D | M] - K:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.25 13:18:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.25 13:13:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.25 13:13:37 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Local\temp
[2013.07.25 13:01:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.25 13:01:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.25 13:01:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.25 13:01:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.25 13:01:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.24 18:04:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.07.24 15:04:55 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.24 15:02:13 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Local\VisualBeeClient
[2013.07.24 15:01:54 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Local\emaze
[2013.07.24 14:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013.07.24 14:57:02 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.07.24 14:57:02 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Roaming\Systweak
[2013.07.24 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Local\Programs
[2013.07.11 13:12:39 | 000,000,000 | ---D | C] -- C:\Users\anwender\Documents\BewerbungsMaster
[2013.07.11 13:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BewerbungsMaster
[2013.07.11 13:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
[2013.07.11 13:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEWERBUNGSMASTER
[2013.07.09 00:42:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.07.09 00:42:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.07.05 21:35:25 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2013.07.02 12:40:03 | 000,000,000 | ---D | C] -- C:\Users\anwender\Desktop\Bewerbungen
[1 C:\Users\anwender\Desktop\*.tmp files -> C:\Users\anwender\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.25 13:26:39 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.25 13:26:39 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.25 13:18:35 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.25 13:18:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.25 13:18:18 | 2133,327,871 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.25 13:13:03 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.25 13:11:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.25 12:52:56 | 000,000,886 | ---- | M] () -- C:\Users\anwender\Desktop\World of Warcraft.lnk
[2013.07.25 12:10:59 | 000,001,672 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013.07.25 11:38:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.25 11:38:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.25 11:38:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.25 11:38:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.25 11:38:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.25 02:23:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA.job
[2013.07.24 14:23:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core.job
[2013.07.16 17:10:07 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.16 17:10:07 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.12 11:01:50 | 000,360,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.05 21:35:25 | 000,000,312 | ---- | M] () -- C:\Users\anwender\Desktop\Curse Client.appref-ms
[1 C:\Users\anwender\Desktop\*.tmp files -> C:\Users\anwender\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.25 13:01:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.25 13:01:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.25 13:01:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.25 13:01:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.25 13:01:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.25 12:52:56 | 000,000,886 | ---- | C] () -- C:\Users\anwender\Desktop\World of Warcraft.lnk
[2013.07.25 12:03:26 | 000,001,672 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2013.07.24 15:01:54 | 000,001,236 | ---- | C] () -- C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013.07.16 17:10:07 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.16 17:10:07 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.05 21:35:25 | 000,000,312 | ---- | C] () -- C:\Users\anwender\Desktop\Curse Client.appref-ms
[2011.11.11 21:18:41 | 000,000,185 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.21 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\.minecraft
[2012.10.20 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Audacity
[2011.11.11 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Bassic Technologies
[2011.11.26 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\DAEMON Tools Pro
[2011.11.26 19:46:34 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\DassaultSystemes
[2013.01.14 20:49:22 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Dysios
[2011.11.12 14:16:22 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\LolClient
[2012.05.24 13:50:23 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\LolClient2
[2011.11.11 15:42:34 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\OEM
[2013.07.25 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Systweak
[2013.07.25 03:26:28 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\TS3Client
[2013.01.12 03:55:09 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Uvurne
 
========== Purity Check ==========
 
 

< End of report >

OTL Extras
im nächsten post, da zeichen überschritten und für anhang zu groß

Ruptin · 25.07.2013, 12:55

OTL Extras

Code:

ATTFilter

OTL Extras logfile created on: 25.07.2013 13:32:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\anwender\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 75,05% Memory free
15,96 Gb Paging File | 13,82 Gb Available in Paging File | 86,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,92 Gb Total Space | 388,27 Gb Free Space | 84,98% Space Free | Partition Type: NTFS
Drive D: | 456,92 Gb Total Space | 385,32 Gb Free Space | 84,33% Space Free | Partition Type: NTFS
Drive K: | 2794,52 Gb Total Space | 2409,51 Gb Free Space | 86,22% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN | User Name: anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072B8406-B83F-4A7E-A5AE-F9F21955FCE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0DE37DA9-3163-4F06-A765-55198808F4A0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{200053E4-4E7F-4E43-8A73-470EF5594F71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{226241E9-6590-4036-A6D5-907CE5F69675}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{244CDAD6-D7C8-436F-8538-46649AAC246B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3BF890C8-1DA6-4E2E-8E0F-530340B09375}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4C39E2A2-6BF0-4119-9206-FC4EE26969D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{562FDBB1-A669-4C13-AE03-923DC4A38AA3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5AD358E7-351F-40BB-A259-DBA7E796A551}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62E98EBE-96EB-434D-8E9F-8589CF692509}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{694D7CB6-C89D-44A2-B72E-F2D4BEB8CB41}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{71B8CBD1-AC81-4336-8DBE-5AE69E3C62E7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{726142A6-CDF8-4AAD-87C4-36F0808BB1F0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{72865C9C-D72D-4647-A7B0-7E8DDA9D3E16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{78E75A00-6F1A-4950-9B33-520B2BB8A978}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F26E331-29FC-4B99-8421-C93B8477A306}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{81E6E20F-156A-4946-85DB-1D8ACBF1746E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8AC33625-DE00-4BD1-80CE-8ABB8BA4AA6A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{925147F2-7186-4FD6-A11E-16A3C16E8BF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9767E000-7FCF-4F00-B4B6-88BA34565FBB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9D596168-3816-4CA4-9319-7A4D91530B50}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A970107D-AF53-405D-BD4E-26FE908EE542}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B018C868-E012-40B8-999E-A011F2AEF33E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B7BAC015-AEB7-43B8-AAC4-84D5A4E4C0AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BCCA4653-CC18-4CF4-938F-F1D091F72BF6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D574FD64-EEBF-47A9-B919-AD9E09EC2E6B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E00476CD-CBD6-4C13-B4D3-D86EAF2FE98C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E042CBCC-DFC2-47CE-8874-5B7C570C3F7A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E2DFCEC5-2291-4AA6-BB81-8DC99D1429BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4845D23-296C-4E46-9C7B-2ED03DE7BE71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9EB287E-BA2C-44F1-9BD3-7DA1F6BDC6D8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F311289E-89D2-4475-894A-3B3639878703}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FBBECEAD-86CD-4E31-B109-43B2E1F2E2B7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D5DA4-506C-4F0C-A046-42A70E86DDAF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{00BA68BE-58B9-4C59-98EA-3C720A5BDE98}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0680FFD2-3518-4C57-A1FD-041DBE84030B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{07027780-5C0F-4906-89E9-00A1ECE4D0B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0C3E540B-FCD6-4CA7-9A0F-5E154D741CE1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0D3C590E-299E-4448-8124-BCDDABBE72A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{16E7538C-09EB-4869-93B7-A0517C9B25A2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{1A512AC4-1173-4547-AD85-EC698642B224}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{1A5E5D19-AC79-4A65-87E9-3CC6ED610638}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1A746688-0F21-4E77-BA65-0AA8177351A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1AEB573A-BEF4-42BE-9F87-7F3A2BE74569}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{1D7F2C41-1A2D-4746-8925-E1802BC5A158}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2D83BD22-052F-4AA8-B808-7D1F8673DED7}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{2EEDF5C1-FD52-4A24-ABA7-24075AAA44B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{305EA4D8-11BD-498A-B62A-FBD4B5122D64}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{360029C7-72C8-4EF6-9620-7FB3F198151E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{372CDDFB-C474-47D2-9879-0F8942FE9443}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37D45696-1192-415B-ABA5-B7E217CD8613}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{39D37C18-0DC9-42DC-A4E2-B6014ACB1480}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3AAD30AA-F0FC-4C28-A0FF-044A7ABD61AE}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe | 
"{41B03440-112D-47AC-A86F-05C1B4AE8E06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{41EC95ED-5B42-4A46-870F-5820B3A51DB5}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\ruptin\counter-strike source\hl2.exe | 
"{44CECE8F-3855-4BEE-9F83-7A9CCA550F87}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{46C04CD1-18E3-4A14-9218-14701AF5EFE8}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{497E27D2-40FC-4F30-ABCC-88C9DC29767B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{4BBFF21E-2BE3-4845-8B91-96D05837428B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D7E0C77-57F1-4486-A981-696F6E7D3C72}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe | 
"{4F1A50A7-26D1-4A97-88AE-E00C1B02F919}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5169063C-D719-4BA7-B3D6-731096B4FD1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{519C6A25-47C8-4127-A073-921713B65D13}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{5635F320-98FC-49E5-868A-F3B123C95D37}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{59FB779C-96AD-40B7-9790-988F14056138}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5C11114B-69F6-4300-9442-999EF3CE93BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5D48940F-5E5C-4583-B630-C64B80D1614A}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{5D5AADAB-AFAF-437C-879E-C79844707C3A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{5E222B71-A05F-4AC6-9B97-2176F70081D9}" = protocol=6 | dir=out | app=system | 
"{5FB9204F-190F-475D-BE3C-256AF2E12FEE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{65655C7A-D05F-4B7C-A614-031CE549EF7A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{6681E19F-E043-4462-985C-2329CDB3EDAF}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe | 
"{6693D507-B5FF-4619-A9AB-41276533DBCF}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{66D4C6AD-B2E9-48BA-8ED6-5491A65A4C4C}" = protocol=17 | dir=in | app=c:\users\anwender\appdata\local\apps\2.0\45o6ogpy.51a\a0tb5tb2.qvn\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\curseclient.exe | 
"{67A6E681-E142-4A43-805D-EB5287DBAF4F}" = protocol=6 | dir=in | app=c:\users\anwender\appdata\local\apps\2.0\45o6ogpy.51a\a0tb5tb2.qvn\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\curseclient.exe | 
"{6A5E77C0-10E9-4B6C-9998-20633A14729D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{6E972917-46C9-4DB1-A79E-22B01561A621}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{71566BC5-514E-462A-8247-F57A837EABA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{74650A4E-1276-41BF-86EA-DF28619A7B2C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{76BD8240-1522-4972-BE73-0918E089BD2A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7C7BBADB-6392-41F3-962B-55F2D34A13F8}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{834A8E42-8457-453B-B766-B97A419320B5}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{8870F19A-D10E-408D-97A4-9CEFA9709C55}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{88E1FB9A-678B-450A-85D5-D3A44CB7B9A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{8A139036-FC4E-4584-A1AA-3CE539F1E538}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{8EB035C2-DA5B-44E1-A295-6F96BF3D5C28}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9004810E-1DD6-4094-9354-392FEB6387C9}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii public test.exe | 
"{914F1114-EB7B-440D-9DF2-DA547CFDC4E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{91BEC6C4-6D72-4F3A-B59C-DBAD606A496C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{92AA717F-EAF6-47C8-ACD7-0E5003C9848D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{96F41E7A-8A63-40CF-9C1F-F7C2B1BA5C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DE6976A-D27A-4A7E-A4ED-F619F2B79EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A1184724-B56A-4843-A541-AE2602E5D493}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A6772216-A16E-41D6-9132-63001A80B116}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A71EE4BE-A703-4094-88FE-E7856F22C5A6}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\ruptin\counter-strike source\hl2.exe | 
"{A7F79471-42D0-4B13-8999-E32D89DB2218}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A86AB2C3-346B-4535-B85D-A6C69442FAC8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{AB0BF5FA-16BA-426D-9917-32E6AEB2C9BB}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{ACDF14B5-840F-4514-BB6B-A63BCEDC758D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe | 
"{B107283D-0C30-4DB6-9BB1-F17E78452209}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{B21E294A-9BFF-45F1-A3AC-CAA31094C5C6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B61D88D2-462A-400C-8397-AFD5850228ED}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii public test.exe | 
"{B9344AC9-C8B7-4BE4-9A51-A99BB4421F48}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe | 
"{BAD22D0D-086B-4019-AD5E-95FBB7D01292}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{BBC8A84C-B7FC-4E5F-A995-6EA38181DD4E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{BEE692EE-CB95-4648-A65A-7503BD8FC964}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BFCB4F57-2024-4282-B69B-DD58C18B896B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{C2124E85-A358-4B80-B8C4-A3844C84A53B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C2A082BC-2765-4D9F-BB15-A6A2F143708B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{C31A7A7E-D740-4030-BEA3-2C24D1555665}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{C4BC6C0B-39E0-45F9-910B-3BEB5DE98E2D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{C5450570-276C-44E5-B861-6117EDF2657E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5FA198C-7E45-420B-80A1-95092BFFA301}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe | 
"{C6B0A68C-BA67-4AA2-B720-E5A15C0E46D3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{CA20D4D4-E22E-4282-8663-61DC0F1D488E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFC6B026-45FE-4BB0-BB35-45695B883B22}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D4E2CEF4-C3C8-4948-A700-687A52A83F46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{D7644C12-82FE-490F-A1C0-9DD743708DDF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D9711F5C-4F72-49C9-820E-0B82B018D1A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{DD305474-459B-4DB4-8136-82EA9CD40455}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DF70AB40-F9A3-4F87-A0E3-9DF749442962}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{DF947BA8-DEC9-4F74-AD66-ED18AE59EBC6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{E3B9AC86-3617-4A62-BE33-BCE6457673C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{E759EB84-4FDA-4B10-BFD8-F79EB2B1195F}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{EB93C61A-1C04-419A-A498-650B215C1947}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{1A18E838-CC75-4F7E-B5B3-033D06E87708}D:\games\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{3F4CDC81-1776-4D03-9E56-D046F6B7B46D}D:\programme\catia\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\programme\catia\intel_a\code\bin\orbixd.exe | 
"TCP Query User{4809ED1C-F11F-4411-ACFF-48FCD8C746A8}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{54863AA9-C3EF-408F-8FDC-40DA918F00E9}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"TCP Query User{6F71FB49-8707-4401-97E5-412FE955883B}D:\programme\catia\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\programme\catia\intel_a\code\bin\cnext.exe | 
"TCP Query User{770ACF87-259D-41B5-ACF3-0D874CF06A15}D:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{7DDDA279-4026-488F-897D-CF703B98E5FF}D:\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{92D4A9A7-7D32-41E4-AFF1-0C06C83A01CA}D:\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{B9F51B4D-962D-456D-AA58-07B7C7D4C05C}D:\games\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{C00E5D29-1DDB-413A-9D17-6589408E31C4}D:\games\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{C7A252E3-858D-479C-8E8F-56BA9065C10A}D:\games\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{CFE32D11-E33B-42B2-906D-A5D5DF2E8696}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{D9B6BBCE-66B1-42EC-9464-F76310B8775F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{DD455DB6-A5FC-4DCA-9E20-FED21B73158D}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{E0F3491F-06E0-431E-86EE-7EA6C0F19A9F}D:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{E30F234E-5696-4F0E-8234-61CA9974AC2A}D:\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{E4926918-CB71-4D02-B7D3-77C5B8BEFD86}D:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{0232D2CB-0810-41E4-9205-49D46A5AE073}D:\programme\catia\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\programme\catia\intel_a\code\bin\orbixd.exe | 
"UDP Query User{06A4348E-A9F7-4C66-9D3F-74B11B87B594}D:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{185FD49B-2436-45FC-B773-0E83C7B5B78F}D:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{1CC2C19F-5A83-42FB-B9BF-CF67316AF0B0}D:\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{33DAEFA8-88C3-40B3-88B1-33872CBB0857}D:\games\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{4E101ABB-4937-405C-9244-221C89693E99}D:\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{52214E7B-7157-449C-826A-FC58BF8A4E45}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{87DBA131-1468-4745-9EB2-C13FED011C39}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"UDP Query User{9E796D17-D994-44C9-8C0C-D27FF63B8AF3}D:\games\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{A4A7B84A-21C6-403D-AB90-05E9B0AA874A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{ACE93CE5-55B2-48D5-AB7B-6F7671D1D89E}D:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{B429FBD3-3D93-4EF4-8D58-2C114A5989C6}D:\games\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{B83EFDDC-0939-4D25-BA3F-B4C878FF345F}D:\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{C3C45CDC-4B50-430B-8EAC-E78EB4EBC0AF}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{C92F3554-9D8A-482C-958A-35AC698C7228}D:\games\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{CEBD0D36-6C9F-4461-BEAF-39B0223D1521}D:\programme\catia\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\programme\catia\intel_a\code\bin\cnext.exe | 
"UDP Query User{DAC7A6AC-2910-4875-937B-94527F74CCF6}D:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base21029\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{82B2394D-F5CC-42F0-8DC1-48B3CAA382CC}" = Dassault Systemes Software Prerequisites x86-x64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.SingleImage" = Microsoft Office Home and Student 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Setup" = DivX-Setup
"Google Chrome" = Google Chrome
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"StarCraft II" = StarCraft II
"Steam App 205100" = Dishonored
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2012 11:25:26 | Computer Name = Martin | Source = Application Hang | ID = 1002
Description = Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 12d4    Startzeit: 01cd603d682e677d    Endzeit: 3    Anwendungspfad: D:\Games\League
 of Legends\RADS\projects\lol_air_client\releases\0.0.0.165\deploy\LolClient.exe

Berichts-ID:
 cbd174e2-cc35-11e1-bfa5-f80f4119edae  
 
Error - 12.07.2012 11:37:41 | Computer Name = Martin | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 25.07.2013 06:26:04 | Computer Name = Martin | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 25.07.2013 06:27:09 | Computer Name = Martin | Source = Service Control Manager | ID = 7024
Description = Der Dienst "McShield" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%5046.
 
Error - 25.07.2013 06:56:47 | Computer Name = Martin | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 25.07.2013 06:57:54 | Computer Name = Martin | Source = Service Control Manager | ID = 7024
Description = Der Dienst "McShield" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%5046.
 
Error - 25.07.2013 07:01:30 | Computer Name = Martin | Source = Service Control Manager | ID = 7034
Description = Dienst "Update-Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 25.07.2013 07:07:30 | Computer Name = Martin | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.07.2013 07:10:58 | Computer Name = Martin | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 25.07.2013 07:11:36 | Computer Name = Martin | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.07.2013 07:18:31 | Computer Name = Martin | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 25.07.2013 07:19:34 | Computer Name = Martin | Source = Service Control Manager | ID = 7024
Description = Der Dienst "McShield" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%5046.
 
 
< End of report >

aharonov · 25.07.2013, 17:08

Hallo,

Zitat:

nur dein customFix von OTL scheint nen error zu haben.

Nein, hat er nicht, denn es ist kein Fix.

Kannst du den Schritt 4 bitte genau so wie in der Anleitung angegeben wiederholen? Also den Text aus der Codebox bei OTL einfügen, aber dann Quickscan drücken und nicht Fix!

Ruptin · 25.07.2013, 18:28

jap, hast natürlich recht.
hab mich da wohl verhaspelt

wurde allerdings kein extra.txt erstellt...
oder brauchst den?!

OTL

Code:

ATTFilter

OTL logfile created on: 25.07.2013 19:14:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\anwender\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,77 Gb Available Physical Memory | 72,32% Memory free
15,96 Gb Paging File | 13,45 Gb Available in Paging File | 84,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,92 Gb Total Space | 388,27 Gb Free Space | 84,98% Space Free | Partition Type: NTFS
Drive D: | 456,92 Gb Total Space | 385,32 Gb Free Space | 84,33% Space Free | Partition Type: NTFS
Drive K: | 2794,52 Gb Total Space | 2409,51 Gb Free Space | 86,22% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN | User Name: anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.25 13:29:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\anwender\Downloads\OTL.exe
PRC - [2013.06.05 12:21:59 | 009,424,872 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.29 21:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
PRC - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012.09.06 03:24:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.08 21:33:21 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:48:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:48:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.17 09:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2011.08.17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2007.05.04 15:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) -- D:\Programme\Catia\intel_a\code\bin\CATSysDemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.15 14:31:32 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e937e3331234e8da935e71172e46ba17\IAStorUtil.ni.dll
MOD - [2013.07.15 14:31:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll
MOD - [2013.07.12 11:07:56 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dcc781ebbddf98a9cf6dd4f3b17f1063\System.Web.ni.dll
MOD - [2013.07.12 11:07:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013.07.12 11:07:51 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\2624e0141c2ef030ca77ff2d63812ea7\System.Data.ni.dll
MOD - [2013.07.12 11:07:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.12 11:07:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.12 11:07:23 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013.07.12 11:07:19 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.12 11:07:17 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.12 11:07:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.12 11:07:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.06.05 12:21:59 | 000,237,032 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
MOD - [2013.06.05 12:21:59 | 000,230,376 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
MOD - [2013.03.29 21:53:56 | 001,114,024 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll
MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- D:\Games\Steam\SDL2.dll
MOD - [2013.03.10 17:39:06 | 000,431,080 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
MOD - [2013.03.10 17:39:06 | 000,159,208 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- D:\Games\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- D:\Games\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- D:\Games\Steam\bin\avutil-51.dll
MOD - [2012.09.06 03:25:12 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.11.12 01:55:36 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.26 02:56:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.21 16:14:56 | 000,289,280 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\aptwadhhv.dll -- (LanmanWorkstation)
SRV:64bit: - [2010.01.06 03:04:02 | 000,244,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010.01.06 03:04:02 | 000,199,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 16:48:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 16:48:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.15 14:47:07 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010.01.06 03:04:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.04 15:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Running] -- D:\Programme\Catia\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.08 16:48:59 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:48:59 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.26 19:44:36 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.12 09:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.26 01:36:39 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.01.06 03:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010.01.06 03:04:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010.01.06 03:04:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010.01.06 03:04:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=adknowledge_de-ie&s_qt=sb&tb_uuid=B242D9DE91A543ADB2B0BB693D9DD178&tb_oid=24-07-2013&tb_mrud=24-07-2013
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.15 19:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.15 19:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.15 13:09:37 | 000,000,000 | ---D | M]
 
[2012.10.15 19:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Extensions
[2013.07.25 12:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.07.25 12:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\3ggi679f.default\extensions
[2013.07.25 12:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\mn0xijhz.Standard-Benutzer\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\otjyfpu2.default\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\r27lg4s0.default\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\vogpd09a.default\extensions
[2013.07.25 12:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anwender\AppData\Roaming\mozilla\Firefox\Profiles\wdvy0hzk.default\extensions
[2013.07.25 12:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=119556&babsrc=HP_ss_gin2g&mntrId=0A65F80F4119EDAE
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.07.25 13:11:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110323101908.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110323101908.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\anwender\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\anwender\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\d3dyaqc6m.dll File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D497E3D-B233-4196-B23D-F845EE00F42E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BEE1E24-0813-4421-97C9-A20654654E26}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.25 18:05:32 | 000,000,000 | R--D | M] - K:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.25 13:18:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.25 13:13:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.25 13:13:37 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Local\temp
[2013.07.25 13:01:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.25 13:01:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.25 13:01:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.25 13:01:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.25 13:01:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.24 18:04:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.07.24 15:04:55 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.24 15:02:13 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Local\VisualBeeClient
[2013.07.24 15:01:54 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Local\emaze
[2013.07.24 14:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013.07.24 14:57:02 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.07.24 14:57:02 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Roaming\Systweak
[2013.07.24 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Local\Programs
[2013.07.11 13:12:39 | 000,000,000 | ---D | C] -- C:\Users\anwender\Documents\BewerbungsMaster
[2013.07.11 13:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BewerbungsMaster
[2013.07.11 13:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
[2013.07.11 13:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEWERBUNGSMASTER
[2013.07.09 00:42:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.07.09 00:42:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.07.05 21:35:25 | 000,000,000 | ---D | C] -- C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2013.07.02 12:40:03 | 000,000,000 | ---D | C] -- C:\Users\anwender\Desktop\Bewerbungen
[1 C:\Users\anwender\Desktop\*.tmp files -> C:\Users\anwender\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.25 19:13:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.25 19:13:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.25 17:43:42 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.25 17:43:42 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.25 17:35:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.25 17:35:22 | 2133,327,871 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.25 14:23:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA.job
[2013.07.25 14:23:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core.job
[2013.07.25 14:01:15 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.25 14:01:15 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.25 14:01:15 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.25 14:01:15 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.25 14:01:15 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.25 13:11:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.25 12:52:56 | 000,000,886 | ---- | M] () -- C:\Users\anwender\Desktop\World of Warcraft.lnk
[2013.07.25 12:10:59 | 000,001,672 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013.07.16 17:10:07 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.16 17:10:07 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.12 11:01:50 | 000,360,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.05 21:35:25 | 000,000,312 | ---- | M] () -- C:\Users\anwender\Desktop\Curse Client.appref-ms
[1 C:\Users\anwender\Desktop\*.tmp files -> C:\Users\anwender\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.25 13:01:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.25 13:01:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.25 13:01:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.25 13:01:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.25 13:01:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.25 12:52:56 | 000,000,886 | ---- | C] () -- C:\Users\anwender\Desktop\World of Warcraft.lnk
[2013.07.25 12:03:26 | 000,001,672 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2013.07.24 15:01:54 | 000,001,236 | ---- | C] () -- C:\Users\anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013.07.16 17:10:07 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.16 17:10:07 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.05 21:35:25 | 000,000,312 | ---- | C] () -- C:\Users\anwender\Desktop\Curse Client.appref-ms
[2011.11.11 21:18:41 | 000,000,185 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.21 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\.minecraft
[2012.10.20 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Audacity
[2011.11.11 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Bassic Technologies
[2011.11.26 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\DAEMON Tools Pro
[2011.11.26 19:46:34 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\DassaultSystemes
[2013.01.14 20:49:22 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Dysios
[2011.11.12 14:16:22 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\LolClient
[2012.05.24 13:50:23 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\LolClient2
[2011.11.11 15:42:34 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\OEM
[2013.07.25 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Systweak
[2013.07.25 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\TS3Client
[2013.01.12 03:55:09 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Uvurne
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{5D497E3D-B233-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{5D497E3D-B233-4196 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.21 05:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\aptwadhhv.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.21 05:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.21 05:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp
[2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp
[2010.11.21 05:24:28 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2012.01.11 17:04:02 | 001,414,656 | ---- | M] () -- C:\Windows\SysNative\xpt4ty98.tsp
 
< C:\Windows\system32\*.dll /600 >
[2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apisetschema.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll
[2013.05.13 06:45:55 | 001,160,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll
[2013.05.13 06:45:55 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2013.07.25 12:19:33 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2013.07.16 17:10:07 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2013.07.16 17:10:07 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.07.16 17:10:08 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\elshyph.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2012.08.21 14:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\GEARAspi.dll
[2013.07.16 17:10:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2013.07.16 17:10:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2013.07.16 17:10:07 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2013.07.16 17:10:07 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.07.16 17:10:07 | 013,760,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.07.16 17:10:08 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2013.07.16 17:10:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.07.16 17:10:08 | 002,046,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.07.16 17:10:07 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2013.07.16 17:10:08 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2013.07.16 17:10:08 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2013.07.16 17:10:08 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2013.07.16 17:10:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2013.07.16 17:10:08 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.07.16 17:10:08 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.07.16 17:10:08 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2012.03.26 13:27:24 | 011,137,024 | ---- | M] (Intel Corporation) -- C:\Windows\system32\libmfxsw32.dll
[2013.07.16 17:10:07 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2013.07.16 17:10:08 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.07.16 17:10:08 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.07.16 17:10:08 | 014,329,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.07.16 17:10:08 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2013.07.16 17:10:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2013.07.16 17:10:08 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.07.16 17:10:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2013.07.16 17:10:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2013.07.25 12:19:33 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2013.07.16 17:10:08 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2013.07.16 17:10:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2013.06.04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll
[2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2011.12.15 14:47:07 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
[2013.07.16 17:10:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.07.16 17:10:08 | 001,141,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.07.16 17:10:08 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2013.07.16 17:10:08 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.07.25 12:19:33 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge-32.dll
[2013.04.17 09:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2013.07.16 17:10:08 | 001,767,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.05.06 06:56:35 | 001,620,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.12 14:18:49 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001Core.job
[2012.08.12 14:18:50 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2427755593-2352214459-2442542287-1001UA.job
[2012.10.02 18:30:14 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.10.02 18:30:15 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< C:\Windows\SysNative\*.dll /600 >
[2013.02.15 08:02:26 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 07:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 22:35:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 22:32:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 22:35:31 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 22:31:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 22:35:31 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 22:31:40 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 22:31:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 07:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appinfo.dll
[2012.04.21 16:14:56 | 000,289,280 | ---- | M] () -- C:\Windows\SysNative\aptwadhhv.dll
[2012.12.16 16:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 19:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.02.27 07:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013.05.13 07:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.05.13 07:51:00 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.05.10 07:49:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.05.13 07:51:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.05.13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.01.13 21:10:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.01.13 21:20:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.01.13 21:38:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.01.13 21:24:33 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.01.13 21:51:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.01.13 21:20:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.01.13 21:38:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.01 00:52:16 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2012.10.21 11:42:35 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.09 20:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.10.09 20:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.02 07:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.04.03 00:51:57 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.01.13 21:49:17 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.07.16 17:10:07 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.07.16 17:10:07 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.07.16 17:10:08 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.01.13 21:58:28 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2012.12.07 15:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012.08.21 14:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2013.07.16 17:10:07 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.07.16 17:10:07 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.07.16 17:10:07 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.07.16 17:10:07 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2013.07.16 17:10:07 | 015,404,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2013.07.16 17:10:07 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.07.16 17:10:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.16 17:10:07 | 002,648,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2013.07.16 17:10:07 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.16 17:10:07 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.16 17:10:07 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.07.16 17:10:07 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.07.16 17:10:07 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.03 19:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll
[2013.07.16 17:10:07 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.16 17:10:07 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.16 17:10:07 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.08.11 02:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2012.11.30 07:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.30 07:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.07.16 17:10:07 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.07.16 17:10:07 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.16 17:10:07 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2013.07.16 17:10:07 | 019,238,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2013.07.16 17:10:07 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.07.16 17:10:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.07.16 17:10:07 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.07.16 17:10:07 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.01.04 08:11:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.07.16 17:10:07 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.02.15 08:06:11 | 003,717,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.02.05 09:25:00 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2013.02.05 09:25:00 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.11.01 07:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.11.01 07:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.11.20 07:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.03 19:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.10.03 19:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.10.03 19:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.10.03 19:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlaapi.dll
[2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlasvc.dll
[2012.10.21 11:42:35 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.11.30 07:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.07.16 17:10:07 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.07.16 17:10:07 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2013.06.04 08:00:13 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.02 07:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2013.02.27 07:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.26 00:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.02.15 08:08:40 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.11.09 07:45:09 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2013.01.13 21:24:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.07.16 17:10:07 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.07.16 17:10:07 | 001,365,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.12.13 14:50:38 | 006,112,864 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012.11.22 07:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.07.16 17:10:07 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.07.26 04:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.07.16 17:10:07 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webcheck.dll
[2013.04.26 07:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.04.17 08:24:46 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.01.13 21:25:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.07.16 17:10:07 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2013.01.04 07:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.08.24 20:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll
[2013.01.13 20:32:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.05.06 08:03:49 | 001,887,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012.11.30 07:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.30 07:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.30 07:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.07 15:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.26 05:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.07.26 05:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.07.26 05:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFSvc.dll
[2012.07.26 05:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.03.19 07:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.03.19 07:53:58 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll
[2013.01.13 20:09:52 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.01.13 19:05:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
 
< C:\Windows\SysWOW64\*.dll /600 >
[2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\aaclient.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apisetschema.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWOW64\atmlib.dll
[2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\certenc.dll
[2013.05.13 06:45:55 | 001,160,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptdlg.dll
[2013.05.13 06:45:55 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll
[2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll
[2013.07.25 12:19:33 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
[2013.07.16 17:10:07 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll
[2013.07.16 17:10:07 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll
[2013.07.16 17:10:08 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\elshyph.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll
[2012.08.21 14:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWOW64\GEARAspi.dll
[2013.07.16 17:10:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icardie.dll
[2013.07.16 17:10:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IEAdvpack.dll
[2013.07.16 17:10:07 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll
[2013.07.16 17:10:07 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iedkcs32.dll
[2013.07.16 17:10:07 | 013,760,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2013.07.16 17:10:08 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll
[2013.07.16 17:10:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iernonce.dll
[2013.07.16 17:10:08 | 002,046,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2013.07.16 17:10:07 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesetup.dll
[2013.07.16 17:10:08 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesysprep.dll
[2013.07.16 17:10:08 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
[2013.07.16 17:10:08 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll
[2013.07.16 17:10:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inseng.dll
[2013.07.16 17:10:08 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2013.07.16 17:10:08 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll
[2013.07.16 17:10:08 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
[2012.03.26 13:27:24 | 011,137,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\libmfxsw32.dll
[2013.07.16 17:10:07 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\licmgr10.dll
[2013.07.16 17:10:08 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2013.07.16 17:10:08 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeedsbs.dll
[2013.07.16 17:10:08 | 014,329,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2013.07.16 17:10:08 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2013.07.16 17:10:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmler.dll
[2013.07.16 17:10:08 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2013.07.16 17:10:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
[2013.07.16 17:10:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll
[2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mstscax.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netevent.dll
[2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
[2013.07.25 12:19:33 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npDeployJava1.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
[2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll
[2013.07.16 17:10:08 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\occache.dll
[2013.07.16 17:10:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll
[2013.06.04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qedit.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
[2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll
[2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tsgqec.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll
[2011.12.15 14:47:07 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\SysWOW64\UpdSvc.dll
[2013.07.16 17:10:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2013.07.16 17:10:08 | 001,141,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
[2013.07.16 17:10:08 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2013.07.16 17:10:08 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webcheck.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2013.07.25 12:19:33 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
[2013.04.17 09:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll
[2013.07.16 17:10:08 | 001,767,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll
[2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMPhoto.dll
[2013.05.06 06:56:35 | 001,620,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMVDECOD.DLL
[2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsPrint.dll

< End of report >

aharonov · 27.07.2013, 16:12

Ok, so weiter bitte:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2012.04.21 16:14:56 | 000,289,280 | ---- | M] () -- C:\Windows\SysNative\aptwadhhv.dll
[2012.01.11 17:04:02 | 001,414,656 | ---- | M] () -- C:\Windows\SysNative\xpt4ty98.tsp
[2013.01.14 20:49:22 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Dysios
[2013.01.12 03:55:09 | 000,000,000 | ---D | M] -- C:\Users\anwender\AppData\Roaming\Uvurne
SRV - [2011.12.15 14:47:07 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)

:files
regsvr32 wkssvc.dll /c

:reg
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service=-
"Update-Service"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Bitte downloade dir LSPFix und speichere es auf den Desktop.

Starte die LSPFix.exe.
Windows Vista und 7 User mit Rechtsklick -> als Administrator ausführen.
Setze den Haken bei I know what I'm doing.
In der Keep Box solltest du die Datei d3dyaqc6m.dll aufgeführt finden.
Markiere diese d3dyaqc6m.dll und verschiebe sie in die Remove Box, indem du den Button >> drückst.
Klicke danach auf Finish >>.

Schritt 3

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /600
C:\Windows\SysNative\*.dll /600
C:\Windows\SysWOW64\*.dll /600

Schliesse bitte alle anderen Programme.
Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von OTL

aharonov · 03.08.2013, 00:46

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

aharonov · 12.08.2013, 19:47

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.