Sytem Care Anti-Virus Restlos entfernen

Domi77 · 25.07.2013, 18:43

Hallo zusammen,

hab mir gestern den System Care AntiVirus eingefangen. Ich habe jetzt mal Malewarebytes Anti Malware drüber laufen lassen. Der hat den auch Oberflächlich entfernt. Ich bin mir jetzt nur nicht sicher ob da noch was mit dran hängt.

Über eure Hilfe währe ich sehr dankbar, da es sich um meine Firmenrechner handelt wo viele Kundenstammdaten und Aufträge gespeichert sind.

Vielen Dank schon mal,

Domi

cosinus · 25.07.2013, 19:06

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Domi77 · 25.07.2013, 19:18

Hallo,

und danke für die schnelle Antwort.

Ich habe 5 Logs in Malewarebytes.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.24.07

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 10.0.9200.16635
Dominik :: RUSHERSTATION2 [Administrator]

Schutz: Deaktiviert

24.07.2013 21:26:05
mbam-log-2013-07-24 (21-26-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 249270
Laufzeit: 41 Minute(n), 4 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|A044A3D7C7D28F620000A044039C9836 (Trojan.FakeAlert) -> Daten: C:\ProgramData\A044A3D7C7D28F620000A044039C9836\A044A3D7C7D28F620000A044039C9836.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\A044A3D7C7D28F620000A044039C9836\A044A3D7C7D28F620000A044039C9836.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.24.07

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 10.0.9200.16635
Dominik :: RUSHERSTATION2 [Administrator]

Schutz: Deaktiviert

24.07.2013 22:07:52
mbam-log-2013-07-24 (22-07-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 46130
Laufzeit: 40 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.24.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Dominik :: RUSHERSTATION2 [Administrator]

Schutz: Aktiviert

24.07.2013 22:16:14
mbam-log-2013-07-24 (22-16-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 547591
Laufzeit: 1 Stunde(n), 33 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Dominik\AppData\Local\Zylom Games\Monopoly Deluxe\monopoly.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\20ff7ed-28110184 (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\Desktop\Monopoly_2008_German.rar (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\Documents\Downloads\monopoly_deluxe_1_00.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

2013/07/24 22:09:57 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting protection
2013/07/24 22:09:57 +0200	RUSHERSTATION2	Dominik	MESSAGE	Protection started successfully
2013/07/24 22:09:57 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting IP protection
2013/07/24 22:10:02 +0200	RUSHERSTATION2	Dominik	MESSAGE	IP Protection started successfully
2013/07/24 22:13:22 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting database refresh
2013/07/24 22:13:22 +0200	RUSHERSTATION2	Dominik	MESSAGE	Stopping IP protection
2013/07/24 22:13:22 +0200	RUSHERSTATION2	Dominik	MESSAGE	IP Protection stopped successfully
2013/07/24 22:13:25 +0200	RUSHERSTATION2	Dominik	MESSAGE	Database refreshed successfully
2013/07/24 22:13:25 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting IP protection
2013/07/24 22:13:30 +0200	RUSHERSTATION2	Dominik	MESSAGE	IP Protection started successfully
2013/07/24 22:15:06 +0200	RUSHERSTATION2	Dominik	MESSAGE	Executing scheduled update:  Daily
2013/07/24 22:15:07 +0200	RUSHERSTATION2	Dominik	ERROR	Scheduled update failed:  No address found failed with error code 0

Code:

ATTFilter

2013/07/25 06:20:35 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting protection
2013/07/25 06:20:35 +0200	RUSHERSTATION2	Dominik	MESSAGE	Protection started successfully
2013/07/25 06:20:35 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting IP protection
2013/07/25 06:20:40 +0200	RUSHERSTATION2	Dominik	MESSAGE	IP Protection started successfully
2013/07/25 11:02:37 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting protection
2013/07/25 11:02:38 +0200	RUSHERSTATION2	Dominik	MESSAGE	Protection started successfully
2013/07/25 11:02:38 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting IP protection
2013/07/25 11:02:44 +0200	RUSHERSTATION2	Dominik	MESSAGE	IP Protection started successfully
2013/07/25 11:14:59 +0200	RUSHERSTATION2	Dominik	MESSAGE	Executing scheduled update:  Daily
2013/07/25 11:15:06 +0200	RUSHERSTATION2	Dominik	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.07.24.08 to version v2013.07.25.02
2013/07/25 11:15:06 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting database refresh
2013/07/25 11:15:06 +0200	RUSHERSTATION2	Dominik	MESSAGE	Stopping IP protection
2013/07/25 11:15:06 +0200	RUSHERSTATION2	Dominik	MESSAGE	IP Protection stopped successfully
2013/07/25 11:15:09 +0200	RUSHERSTATION2	Dominik	MESSAGE	Database refreshed successfully
2013/07/25 11:15:09 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting IP protection
2013/07/25 11:15:13 +0200	RUSHERSTATION2	Dominik	MESSAGE	IP Protection started successfully
2013/07/25 16:49:07 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting protection
2013/07/25 16:49:07 +0200	RUSHERSTATION2	Dominik	MESSAGE	Protection started successfully
2013/07/25 16:49:07 +0200	RUSHERSTATION2	Dominik	MESSAGE	Starting IP protection
2013/07/25 16:49:12 +0200	RUSHERSTATION2	Dominik	MESSAGE	IP Protection started successfully

Hier noch die Logs von Avira

Code:

ATTFilter

Exportierte Ereignisse:

24.07.2013 20:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Dominik\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\CBUB28D1\executing-accorded-some-feedback[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'JS/Blacole.GB.85' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '40c2a7c5.qua' 
      verschoben!

24.07.2013 20:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Dominik\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Content.IE5\5L0UADSC\q[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'JS/Blacole.GB.109' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0c0e8bac.qua' 
      verschoben!

24.07.2013 20:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Dominik\AppData\Local\Microsoft\Windows Live Mail\Gmx 
      (maler- 923\Deleted Items\623E606F-000000DE.eml'
      enthielt einen Virus oder unerwünschtes Programm 'BDS/Androm.AD.2' [backdoor].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7a2bb8e0.qua' 
      verschoben!

24.07.2013 20:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Dominik\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\WPAW9YYP\32size_font[1].eot'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2011-3402.B' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3fef95de.qua' 
      verschoben!

24.07.2013 20:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Dominik\AppData\Local\Temp\jar_cache3923096164249222688.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2012-1723.A.Gen' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e02ad99.qua' 
      verschoben!

24.07.2013 20:41 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Dominik\AppData\Local\Microsoft\Windows Live Mail\Gmx 
      (maler- 923\Deleted Items\795D596F-00000090.eml'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Matsnu.EB.111' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c1af719.qua' 
      verschoben!

24.07.2013 20:41 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Dominik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5dab5035-732
      ba727'
      enthielt einen Virus oder unerwünschtes Programm 'JAVA/Jogek.MO' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56a6823b.qua' 
      verschoben!

24.07.2013 10:25 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Dominik\AppData\Local\Temp\6D45.tmp'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Grüße

Domi

cosinus · 25.07.2013, 19:55

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Domi77 · 25.07.2013, 20:09

Hallo Cosinus,

wieder danke für die prompte Antwort. Geht ja echt fix bei euch.

Hier die gewünschten Log´s:

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013
Ran by Dominik (administrator) on 25-07-2013 21:03:08
Running from C:\Users\Dominik\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Eigene Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Eigene Programme\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Eigene Programme\PC-Suite \SupServ.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Eigene Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Eigene Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Eigene Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Eigene Programme\HP\Digital Imaging\bin\HpqSRmon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Safer-Networking Ltd.) C:\Eigene Programme\Spybot - Search & Destroy 2\SDTray.exe
(Geek Software GmbH) C:\Eigene Programme\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Eigene Programme\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Eigene Programme\itunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Avira Operations GmbH & Co. KG) C:\Eigene Programme\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1311312 2010-06-26] (Logitech, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] - C:\Eigene Programme\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] - C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [319488 2012-07-31] (May Software)
HKLM\...\Run: [SDTray] - C:\Eigene Programme\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [PDFPrint] - C:\Eigene Programme\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [avgnt] - C:\Eigene Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [334 2013-03-02] ()
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] - C:\Eigene Programme\itunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Eigene Programme\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
MountPoints2: {72d5851f-9675-11df-9c25-6c626d491dfd} - I:\laucher.exe
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKCU - {BF644AB2-B9AA-4251-B979-B924C3EC00E5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Eigene Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Eigene Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} hxxp://clients.futuremark.com/openapi/receivers/FMSI.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Eigene Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Eigene Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2010-07-24] (DATA BECKER GmbH & Co KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S3 Futuremark SystemInfo Service; C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [128928 2010-11-11] (Futuremark Corporation)
R3 hpqcxs08; C:\Eigene Programme\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Eigene Programme\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OMSI download service; C:\Eigene Programme\PC-Suite \SupServ.exe [90112 2009-04-30] ()
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SDScannerService; C:\Eigene Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Eigene Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Eigene Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37328 2010-03-18] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-23] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 21:02 - 2013-07-25 21:02 - 01220306 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2013-07-25 21:02 - 2013-07-25 21:02 - 00000000 ____D C:\FRST
2013-07-25 20:43 - 2013-07-25 20:43 - 00006302 _____ C:\Users\Dominik\Desktop\Ereignisse.txt
2013-07-25 20:04 - 2013-07-25 20:04 - 00602112 _____ (OldTimer Tools) C:\Users\Dominik\Desktop\OTL.exe
2013-07-25 20:01 - 2013-07-25 20:01 - 00000476 _____ C:\Users\Dominik\Desktop\defogger_disable.log
2013-07-25 20:01 - 2013-07-25 20:01 - 00000000 _____ C:\Users\Dominik\defogger_reenable
2013-07-25 19:55 - 2013-07-25 19:55 - 00050477 _____ C:\Users\Dominik\Desktop\Defogger.exe
2013-07-25 19:50 - 2013-07-25 19:53 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 21:23 - 2013-07-24 21:23 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-24 21:23 - 2013-07-24 21:23 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\Malwarebytes
2013-07-24 21:23 - 2013-07-24 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-24 21:23 - 2013-07-24 21:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-24 21:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-24 21:10 - 2013-07-24 21:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominik\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-24 20:49 - 2013-07-24 20:49 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-24 20:43 - 2013-07-25 16:48 - 00000336 _____ C:\Windows\setupact.log
2013-07-24 20:36 - 2013-07-25 20:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 10:26 - 2013-07-24 22:07 - 00000000 ____D C:\ProgramData\A044A3D7C7D28F620000A044039C9836
2013-07-24 09:33 - 2013-07-24 09:33 - 00000585 _____ C:\Users\Dominik\Desktop\Quick-Lohn.lnk
2013-07-24 09:33 - 2013-07-24 09:33 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quick-Lohn
2013-07-12 12:18 - 2013-07-12 12:20 - 00000000 ____D C:\Users\Dominik\Desktop\Jona Kindergarten orange Gruppe
2013-07-12 03:07 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:07 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:07 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:07 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:07 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:07 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:07 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 03:07 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:07 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 03:07 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:07 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 03:07 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 03:07 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 03:07 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 03:07 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 03:07 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:36 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 17:36 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 17:36 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 17:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 09:02 - 2013-07-06 09:02 - 00000000 ____D C:\Program Files\QuickTime
2013-07-04 17:37 - 2013-07-04 17:37 - 00010240 _____ C:\Users\Dominik\Documents\Unbenanntes Dokument.wps
2013-07-01 11:13 - 2013-07-05 12:53 - 00017408 _____ C:\Users\Dominik\Desktop\EÜR 2013 bis einschliesslich 30. 06. 2013.xls
2013-06-26 12:14 - 2013-07-25 21:00 - 00000000 ____D C:\Users\Dominik\Desktop\mp3

==================== One Month Modified Files and Folders =======

2013-07-25 21:02 - 2013-07-25 21:02 - 01220306 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2013-07-25 21:02 - 2013-07-25 21:02 - 00000000 ____D C:\FRST
2013-07-25 21:02 - 2010-07-22 17:44 - 00000000 ___RD C:\Users\Dominik\Desktop
2013-07-25 21:00 - 2013-06-26 12:14 - 00000000 ____D C:\Users\Dominik\Desktop\mp3
2013-07-25 20:59 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 20:59 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 20:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-25 20:43 - 2013-07-25 20:43 - 00006302 _____ C:\Users\Dominik\Desktop\Ereignisse.txt
2013-07-25 20:41 - 2013-07-24 20:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 20:34 - 2010-08-19 10:13 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 20:18 - 2010-07-22 17:43 - 01313042 _____ C:\Windows\WindowsUpdate.log
2013-07-25 20:04 - 2013-07-25 20:04 - 00602112 _____ (OldTimer Tools) C:\Users\Dominik\Desktop\OTL.exe
2013-07-25 20:02 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 20:01 - 2013-07-25 20:01 - 00000476 _____ C:\Users\Dominik\Desktop\defogger_disable.log
2013-07-25 20:01 - 2013-07-25 20:01 - 00000000 _____ C:\Users\Dominik\defogger_reenable
2013-07-25 20:01 - 2010-07-22 17:44 - 00000000 ____D C:\Users\Dominik
2013-07-25 19:55 - 2013-07-25 19:55 - 00050477 _____ C:\Users\Dominik\Desktop\Defogger.exe
2013-07-25 19:53 - 2013-07-25 19:50 - 00000000 ____D C:\Windows\system32\MRT
2013-07-25 19:49 - 2010-01-26 16:21 - 01519798 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 16:49 - 2012-05-17 11:11 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-07-25 16:48 - 2013-07-24 20:43 - 00000336 _____ C:\Windows\setupact.log
2013-07-25 16:48 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 06:20 - 2010-01-26 18:04 - 00188478 _____ C:\Windows\PFRO.log
2013-07-24 22:07 - 2013-07-24 10:26 - 00000000 ____D C:\ProgramData\A044A3D7C7D28F620000A044039C9836
2013-07-24 21:23 - 2013-07-24 21:23 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-24 21:23 - 2013-07-24 21:23 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\Malwarebytes
2013-07-24 21:23 - 2013-07-24 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-24 21:23 - 2013-07-24 21:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-24 21:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-24 21:10 - 2013-07-24 21:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dominik\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-24 20:49 - 2013-07-24 20:49 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-24 20:41 - 2010-07-23 18:53 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appz
2013-07-24 20:39 - 2011-03-20 11:45 - 00000000 ____D C:\Users\Dominik\Desktop\Maler Rauscher
2013-07-24 20:37 - 2010-08-19 10:12 - 00000000 ____D C:\Program Files\Google
2013-07-24 20:36 - 2012-06-09 09:57 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-24 20:36 - 2011-08-15 12:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-24 20:35 - 2010-07-23 10:17 - 00000000 ____D C:\Users\Dominik\AppData\Local\Adobe
2013-07-24 09:40 - 2012-10-01 16:58 - 00000000 ____D C:\QLohn
2013-07-24 09:33 - 2013-07-24 09:33 - 00000585 _____ C:\Users\Dominik\Desktop\Quick-Lohn.lnk
2013-07-24 09:33 - 2013-07-24 09:33 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quick-Lohn
2013-07-17 17:49 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-15 18:11 - 2010-08-19 10:13 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 12:20 - 2013-07-12 12:18 - 00000000 ____D C:\Users\Dominik\Desktop\Jona Kindergarten orange Gruppe
2013-07-12 03:28 - 2009-07-14 06:33 - 00441296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:27 - 2010-04-29 14:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:25 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 03:25 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 17:39 - 2012-10-07 13:48 - 00000000 ____D C:\Users\Dominik\Desktop\Angebote MR
2013-07-10 12:37 - 2013-02-26 16:21 - 00000000 ____D C:\QlOHNSICHERUNG
2013-07-06 09:02 - 2013-07-06 09:02 - 00000000 ____D C:\Program Files\QuickTime
2013-07-05 12:53 - 2013-07-01 11:13 - 00017408 _____ C:\Users\Dominik\Desktop\EÜR 2013 bis einschliesslich 30. 06. 2013.xls
2013-07-05 11:34 - 2010-07-26 19:06 - 00006192 _____ C:\Users\Dominik\AppData\Roaming\wklnhst.dat
2013-07-04 17:37 - 2013-07-04 17:37 - 00010240 _____ C:\Users\Dominik\Documents\Unbenanntes Dokument.wps
2013-07-01 09:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-06-30 12:58 - 2012-07-13 19:21 - 00000000 ____D C:\Users\Dominik\Desktop\Tupperdreck
2013-06-30 11:13 - 2010-08-01 13:46 - 00000224 _____ C:\Users\Dominik\Desktop\Comunio.url

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 17:48

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-07-2013
Ran by Dominik at 2013-07-25 21:03:32
Running from C:\Users\Dominik\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 6.1.1)
3DMark 11 (Version: 1.0.0)
3D-Viewer-innoPlus (Version: 12.00.0203)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader 9.4.7 - Deutsch (Version: 9.4.7)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.769.0)
Avira Free Antivirus (Version: 13.0.0.3884)
Bing Bar (Version: 7.0.791.0)
Bonjour (Version: 3.0.0.10)
Borland BDE 5.1
Brother MFL-Pro Suite MFC-7360N (Version: 1.0.9.0)
BufferChm (Version: 130.0.331.000)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.5.0.7)
Canon MOV Encoder (Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.1.9)
Canon Utilities CameraWindow (Version: 7.4.0.7)
Canon Utilities CameraWindow DC 8 (Version: 8.1.0.11)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities ZoomBrowser EX (Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
Catalyst Control Center Core Implementation (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full Existing (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full New (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Light (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0406.2133.36843)
Catalyst Control Center InstallProxy (Version: 2010.0406.2133.36843)
Catalyst Control Center Localization All (Version: 2010.0406.2133.36843)
CCC Help Danish (Version: 2010.0406.2132.36843)
CCC Help Dutch (Version: 2010.0406.2132.36843)
CCC Help English (Version: 2010.0406.2132.36843)
CCC Help Finnish (Version: 2010.0406.2132.36843)
CCC Help French (Version: 2010.0406.2132.36843)
CCC Help German (Version: 2010.0406.2132.36843)
CCC Help Italian (Version: 2010.0406.2132.36843)
CCC Help Japanese (Version: 2010.0406.2132.36843)
CCC Help Norwegian (Version: 2010.0406.2132.36843)
CCC Help Spanish (Version: 2010.0406.2132.36843)
CCC Help Swedish (Version: 2010.0406.2132.36843)
ccc-core-static (Version: 2010.0406.2133.36843)
ccc-utility (Version: 2010.0406.2133.36843)
CDBurnerXP (Version: 4.3.8.2474)
Command & Conquer Generals (Version: 0.50.0000)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Copy (Version: 130.0.428.000)
CorelDRAW Essentials 4 - Content (Version: 4.0)
CorelDRAW Essentials 4 - Draw (Version: 4.0)
CorelDRAW Essentials 4 - Extra Content
CorelDRAW Essentials 4 - Extra Content (Version: 4.0)
CorelDRAW Essentials 4 - Filters (Version: 4.0)
CorelDRAW Essentials 4 - ICA (Version: 4.0)
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0)
CorelDRAW Essentials 4 - Lang BR (Version: 4.0)
CorelDRAW Essentials 4 - Lang DE (Version: 4.0)
CorelDRAW Essentials 4 - Lang EN (Version: 4.0)
CorelDRAW Essentials 4 - Lang ES (Version: 4.0)
CorelDRAW Essentials 4 - Lang FR (Version: 4.0)
CorelDRAW Essentials 4 - Lang IT (Version: 4.0)
CorelDRAW Essentials 4 - Lang NL (Version: 4.0)
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0)
CorelDRAW Essentials 4 (Version: 4.0)
Counter-Strike: Source
CyberLink LabelPrint (Version: 2.5.2515)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDVD Copy (Version: 1.5.1306)
D83-Konverter (Version: 2.11.05)
DATA BECKER web to date 6.0 (Version: 6.0.0.2515)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
DivX-Setup (Version: 2.6.1.3)
DJ_AIO_03_F2200_Software_Min (Version: 130.0.365.000)
eDocPrintPro v3.17.7 (Version: 3.17.7)
ElsterFormular (Version: 14.1.20130301)
eReg (Version: 1.20.138.34)
F2200 (Version: 130.0.365.000)
Firebird SQL Server - MAGIX Edition (Version: 2.1.23.0)
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
Futuremark SystemInfo (Version: 3.51.1.1)
Google Chrome (Version: 28.0.1500.72)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.153)
GPBaseService2 (Version: 130.0.371.000)
gs_x86 (Version: 9.05)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iCloud (Version: 2.1.2.8)
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.0.2.1)
Java(TM) 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 14.0.8089.726)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech SetPoint 6.15 (Version: 6.15.25)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
MEDION Fotos auf CD & DVD SE Sued (Version: 8.0.3.4)
Medion Home Cinema (Version: 6.0.0000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Monopoly 1.0
Monopoly Deluxe (HKCU Version: 1.0.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Müller Foto
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA PhysX (Version: 9.10.0513)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PaperPort Image Printer (Version: 1.00.0001)
PDF24 Creator 5.2.0
PlayReady PC Runtime x86 (Version: 1.3.0)
Primo (Version: 1.00.0000)
Protect Disc License Helper 1.0.125 (IE) (HKCU Version: 1.0.125)
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
PS3 Media Server (Version: 1.72.0)
QuickTime (Version: 7.74.80.86)
Ravensburger tiptoi
Realtek High Definition Audio Driver (Version: 6.0.1.6083)
Remote Control USB Driver (Version: 2.3.2.317)
Rundum-Betrachter-innoPlus (Version: 12.00.0203)
Runes of Magic (Version: 3.0.5.2262.slim)
Runtime (Version: 1.00.0000)
Safari (Version: 5.34.57.2)
Scan (Version: 140.0.80.000)
Scansoft PDF Professional
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sony Ericsson PC Suite 6.011.00 (Version: 6.011.00)
Sony Picture Utility (Version: 4.2.00.11130)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 2.0.12)
Status (Version: 130.0.469.000)
Steam (Version: 1.0.0.0)
t@x 2012 (Version: 19.00.7304)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
TWinform 2.0 (Version: 2.0.0.30)
Uninstall 1.0.0.1
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update Service (Version: 2.10.7.15)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebReg (Version: 130.0.132.017)
WEKA VOB Stand 10.07 . (Version: .)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Winmail Opener 1.4 (Version: 1.4)
WinRAR
YoWindow
Zattoo4 4.0.5 (Version: 4.0.5)
 

==================== Restore Points  =========================

09-07-2013 09:08:46 Windows Update
12-07-2013 01:00:16 Windows Update
16-07-2013 08:43:55 Windows Update
23-07-2013 15:23:03 Windows Update
25-07-2013 17:47:03 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F272004-40E7-4B85-9C2A-7BBC4A959B8E} - System32\Tasks\User_Feed_Synchronization-{14DA7F9F-2109-456C-91DF-079D57FF1B58} => C:\Windows\system32\msfeedssync.exe [2013-03-16] (Microsoft Corporation)
Task: {128916E7-26B5-4822-A3F5-89C35DC6ED30} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-24] (Adobe Systems Incorporated)
Task: {3DCDBD2B-7B0A-4DFC-BCA8-6FED5D4A090E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {5D174CC2-8B36-40A2-B237-E4D0FCB4E7F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-19] (Google Inc.)
Task: {5D631FB8-DCAA-4006-A0B5-5084D4999CAC} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {88BA0E08-219D-4262-B773-E8A292F0BF87} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {9188A91F-8780-4A14-AECC-425137A0556F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {AAFCAABF-B59E-4144-96F2-FF4F6566F58B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-19] (Google Inc.)
Task: {C34E5D04-C160-4C0D-822A-28EF0420DADB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2013 04:51:33 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:33.324]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:32 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:32.295]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:31 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:31.281]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:30 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:30.267]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:29 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:29.253]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:28 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:28.239]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:27 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:27.225]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:26 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:26.211]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:25 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:25.197]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:24 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/07/25 16:51:24.183]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]


System errors:
=============
Error: (07/25/2013 06:19:12 AM) (Source: NetBT) (User: )
Description: Der Treiber konnte nicht erstellt werden.

Error: (07/25/2013 06:19:12 AM) (Source: NetBT) (User: )
Description: Der Treiber konnte nicht erstellt werden.

Error: (07/24/2013 10:13:09 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/24/2013 10:10:32 PM) (Source: Microsoft-Windows-Application-Experience) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (07/24/2013 10:09:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Routing und RAS" wurde mit folgendem dienstspezifischem Fehler beendet: %%11004.

Error: (07/24/2013 10:09:56 PM) (Source: RemoteAccess) (User: )
Description: Der momentan konfigurierte Authentifizierungsanbieter konnte nicht geladen und initialisiert werden. Der angeforderte Name ist gültig, es wurden jedoch keine Daten des angeforderten Typs gefunden.

Error: (07/24/2013 09:28:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/24/2013 09:28:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/24/2013 09:28:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/24/2013 09:25:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (07/25/2013 04:51:33 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:33.324]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:32 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:32.295]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:31 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:31.281]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:30 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:30.267]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:29 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:29.253]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:28 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:28.239]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:27 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:27.225]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:26 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:26.211]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:25 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:25.197]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/25/2013 04:51:24 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/07/25 16:51:24.183]: [00002328]: CUsbScnDev: DeviceIoControl Illegal response [0x0]


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3326.3 MB
Available physical RAM: 1738.27 MB
Total Pagefile: 6650.9 MB
Available Pagefile: 4894.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.65 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:807.84 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

Grüße,

Domi

cosinus · 25.07.2013, 20:15

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Domi77 · 25.07.2013, 21:00

Hi Cosinus,

habe beide Scans durchgeführt.

Nach dem beenden von Malewarebytes Anti-Rootkit kam die Meldung.

Scan finished. No Malware found.

Hier noch die Logdatei:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.25.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Dominik :: RUSHERSTATION2 [administrator]

25.07.2013 21:45:17
mbar-log-2013-07-25 (21-45-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 224340
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Grüße

Domi

cosinus · 25.07.2013, 21:09

Log von GMER fehlt

Domi77 · 25.07.2013, 21:10

Hier nich der Log von gmer:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-25 21:41:04
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000058 ST310005 rev.CC44 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\kfroipow.sys


---- System - GMER 2.1 ----

SSDT   9275C1C6                                  ZwCreateSection
SSDT   9275C1D0                                  ZwRequestWaitReplyPort
SSDT   9275C1CB                                  ZwSetContextThread
SSDT   9275C1D5                                  ZwSetSecurityObject
SSDT   9275C1DA                                  ZwSystemDebugControl
SSDT   9275C167                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D  832549F5 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2    8328E1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7       8329553C 4 Bytes  [C6, C1, 75, 92] {MOV CL, 0x75; XCHG EDX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553       83295898 4 Bytes  [D0, C1, 75, 92] {ROL CL, 0x1; JNZ 0xffffff96}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597       832958DC 4 Bytes  [CB, C1, 75, 92]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613       83295958 4 Bytes  [D5, C1, 75, 92] {AAD 0xc1; JNZ 0xffffff96}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667       832959AC 4 Bytes  [DA, C1, 75, 92] {FCMOVB ST0, ST1; JNZ 0xffffff96}
.text  ...                                       
.text  C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x93227000, 0x2F786C, 0xE8000020]
.vmp2  C:\Windows\system32\drivers\acedrv11.sys  entry point in ".vmp2" section [0xA40A269D]

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                     unknown MBR code

---- EOF - GMER 2.1 ----

cosinus · 25.07.2013, 21:11

Zitat:

Disk \Device\Harddisk0\DR0 unknown MBR code

ich denke wir sollten deinen MBR nochma genauer unter die Lupe nehmen

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Domi77 · 26.07.2013, 05:38

Hi Cosinus,

danke erstma noch für deine super hilfe.

Hier der Log von aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-25 22:45:21
-----------------------------
22:45:21.164    OS Version: Windows 6.1.7601 Service Pack 1
22:45:21.164    Number of processors: 4 586 0x502
22:45:21.164    ComputerName: RUSHERSTATION2  UserName: Dominik
22:45:22.536    Initialize success
22:45:48.339    AVAST engine defs: 13072500
22:46:06.373    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
22:46:06.373    Disk 0 Vendor: ST310005 CC44 Size: 953869MB BusType: 11
22:46:06.607    Disk 0 MBR read successfully
22:46:06.607    Disk 0 MBR scan
22:46:06.607    Disk 0 unknown MBR code
22:46:06.622    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:46:06.653    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       932263 MB offset 206848
22:46:06.685    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        20480 MB offset 1909481472
22:46:06.716    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 1951424512
22:46:06.731    Disk 0 scanning sectors +1953523120
22:46:07.075    Disk 0 scanning C:\Windows\system32\drivers
22:46:25.655    Service scanning
22:46:48.837    Modules scanning
22:46:53.439    Disk 0 trace - called modules:
22:46:53.454    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys halmacpi.dll amdsata.sys 
22:46:53.454    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868de1e8]
22:46:53.470    3 CLASSPNP.SYS[8c37259e] -> nt!IofCallDriver -> [0x86896468]
22:46:53.470    5 amdxata.sys[8bf897b6] -> nt!IofCallDriver -> \Device\00000058[0x86765370]
22:46:55.030    AVAST engine scan C:\Windows
22:47:00.365    AVAST engine scan C:\Windows\system32
22:50:33.992    AVAST engine scan C:\Windows\system32\drivers
22:50:51.620    AVAST engine scan C:\Users\Dominik
00:28:40.095    AVAST engine scan C:\ProgramData
00:31:54.613    Scan finished successfully
06:32:05.783    Disk 0 MBR has been saved successfully to "C:\Users\Dominik\Desktop\MBR.dat"
06:32:05.783    The log file has been saved successfully to "C:\Users\Dominik\Desktop\aswMBR.txt"

und hier noch von TDSSKiller

Code:

ATTFilter

06:32:32.0752 3776  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
06:32:32.0923 3776  ============================================================
06:32:32.0923 3776  Current date / time: 2013/07/26 06:32:32.0923
06:32:32.0923 3776  SystemInfo:
06:32:32.0923 3776  
06:32:32.0923 3776  OS Version: 6.1.7601 ServicePack: 1.0
06:32:32.0923 3776  Product type: Workstation
06:32:32.0923 3776  ComputerName: RUSHERSTATION2
06:32:32.0923 3776  UserName: Dominik
06:32:32.0923 3776  Windows directory: C:\Windows
06:32:32.0923 3776  System windows directory: C:\Windows
06:32:32.0923 3776  Processor architecture: Intel x86
06:32:32.0923 3776  Number of processors: 4
06:32:32.0923 3776  Page size: 0x1000
06:32:32.0923 3776  Boot type: Normal boot
06:32:32.0923 3776  ============================================================
06:32:34.0000 3776  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:32:34.0015 3776  ============================================================
06:32:34.0015 3776  \Device\Harddisk0\DR0:
06:32:34.0015 3776  MBR partitions:
06:32:34.0015 3776  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:32:34.0015 3776  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3800
06:32:34.0015 3776  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D06000, BlocksNum 0x2800000
06:32:34.0015 3776  ============================================================
06:32:34.0047 3776  C: <-> \Device\Harddisk0\DR0\Partition2
06:32:34.0093 3776  D: <-> \Device\Harddisk0\DR0\Partition3
06:32:34.0093 3776  ============================================================
06:32:34.0093 3776  Initialize success
06:32:34.0093 3776  ============================================================
06:32:55.0850 5292  ============================================================
06:32:55.0850 5292  Scan started
06:32:55.0850 5292  Mode: Manual; SigCheck; TDLFS; 
06:32:55.0850 5292  ============================================================
06:32:56.0723 5292  ================ Scan system memory ========================
06:32:56.0723 5292  System memory - ok
06:32:56.0723 5292  ================ Scan services =============================
06:32:56.0864 5292  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
06:32:56.0957 5292  1394ohci - ok
06:32:57.0004 5292  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
06:32:57.0051 5292  acedrv11 - ok
06:32:57.0098 5292  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
06:32:57.0129 5292  ACPI - ok
06:32:57.0129 5292  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
06:32:57.0176 5292  AcpiPmi - ok
06:32:57.0254 5292  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:32:57.0285 5292  AdobeFlashPlayerUpdateSvc - ok
06:32:57.0301 5292  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
06:32:57.0316 5292  adp94xx - ok
06:32:57.0332 5292  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
06:32:57.0347 5292  adpahci - ok
06:32:57.0363 5292  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
06:32:57.0379 5292  adpu320 - ok
06:32:57.0379 5292  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
06:32:57.0410 5292  AeLookupSvc - ok
06:32:57.0472 5292  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
06:32:57.0535 5292  AFD - ok
06:32:57.0566 5292  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
06:32:57.0581 5292  agp440 - ok
06:32:57.0597 5292  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
06:32:57.0613 5292  aic78xx - ok
06:32:57.0644 5292  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
06:32:57.0691 5292  ALG - ok
06:32:57.0737 5292  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
06:32:57.0769 5292  aliide - ok
06:32:57.0800 5292  [ 8570625CA5DBD8083BEA7CB73065B53D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
06:32:57.0893 5292  AMD External Events Utility - ok
06:32:57.0925 5292  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
06:32:57.0956 5292  amdagp - ok
06:32:57.0971 5292  [ 211FCE336502911EC03FC15A91344C98 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
06:32:57.0987 5292  amdide - ok
06:32:58.0003 5292  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
06:32:58.0049 5292  AmdK8 - ok
06:32:58.0174 5292  [ C22BDFCBED2596692096F85A9BF54358 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
06:32:58.0252 5292  amdkmdag - ok
06:32:58.0268 5292  [ CC6A16CE23DBC94A59F8E821558D5754 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
06:32:58.0315 5292  amdkmdap - ok
06:32:58.0346 5292  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
06:32:58.0393 5292  AmdPPM - ok
06:32:58.0408 5292  [ 6F64C768A9A48FAB7C6D6CEE1B30F97F ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
06:32:58.0439 5292  amdsata - ok
06:32:58.0486 5292  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
06:32:58.0533 5292  amdsbs - ok
06:32:58.0549 5292  [ E27866684780606BCCE640A57937D88A ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
06:32:58.0580 5292  amdxata - ok
06:32:58.0673 5292  [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Eigene Programme\Avira\AntiVir Desktop\sched.exe
06:32:58.0705 5292  AntiVirSchedulerService - ok
06:32:58.0736 5292  [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService  C:\Eigene Programme\Avira\AntiVir Desktop\avguard.exe
06:32:58.0767 5292  AntiVirService - ok
06:32:58.0814 5292  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
06:32:58.0939 5292  AppID - ok
06:32:58.0970 5292  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
06:32:59.0048 5292  AppIDSvc - ok
06:32:59.0063 5292  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
06:32:59.0126 5292  Appinfo - ok
06:32:59.0251 5292  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:32:59.0282 5292  Apple Mobile Device - ok
06:32:59.0313 5292  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
06:32:59.0329 5292  arc - ok
06:32:59.0344 5292  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
06:32:59.0360 5292  arcsas - ok
06:32:59.0375 5292  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
06:32:59.0438 5292  AsyncMac - ok
06:32:59.0453 5292  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
06:32:59.0453 5292  atapi - ok
06:32:59.0500 5292  [ C822C615B2F693EF4E5B355432976A81 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
06:32:59.0516 5292  AtiHdmiService - ok
06:32:59.0531 5292  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
06:32:59.0547 5292  AtiPcie - ok
06:32:59.0578 5292  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:32:59.0656 5292  AudioEndpointBuilder - ok
06:32:59.0656 5292  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
06:32:59.0687 5292  Audiosrv - ok
06:32:59.0719 5292  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
06:32:59.0734 5292  avgntflt - ok
06:32:59.0750 5292  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
06:32:59.0765 5292  avipbb - ok
06:32:59.0797 5292  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
06:32:59.0812 5292  avkmgr - ok
06:32:59.0859 5292  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
06:32:59.0937 5292  AxInstSV - ok
06:32:59.0968 5292  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
06:32:59.0984 5292  b06bdrv - ok
06:32:59.0999 5292  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
06:33:00.0015 5292  b57nd60x - ok
06:33:00.0077 5292  [ 483F1162EEEBD10BF77FBB32DB963370 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
06:33:00.0109 5292  BBSvc - ok
06:33:00.0140 5292  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
06:33:00.0155 5292  BBUpdate - ok
06:33:00.0171 5292  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
06:33:00.0202 5292  BDESVC - ok
06:33:00.0233 5292  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
06:33:00.0280 5292  Beep - ok
06:33:00.0327 5292  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
06:33:00.0358 5292  BFE - ok
06:33:00.0405 5292  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
06:33:00.0499 5292  BITS - ok
06:33:00.0514 5292  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
06:33:00.0530 5292  blbdrive - ok
06:33:00.0592 5292  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:33:00.0608 5292  Bonjour Service - ok
06:33:00.0639 5292  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
06:33:00.0686 5292  bowser - ok
06:33:00.0702 5292  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:33:00.0764 5292  BrFiltLo - ok
06:33:00.0764 5292  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:33:00.0795 5292  BrFiltUp - ok
06:33:00.0842 5292  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
06:33:00.0889 5292  Browser - ok
06:33:00.0920 5292  [ 7FDC0A90C231874253C0F4AC4343E288 ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
06:33:00.0936 5292  BrSerIb - ok
06:33:00.0951 5292  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
06:33:00.0998 5292  Brserid - ok
06:33:01.0014 5292  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
06:33:01.0029 5292  BrSerWdm - ok
06:33:01.0060 5292  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
06:33:01.0092 5292  BrUsbMdm - ok
06:33:01.0107 5292  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
06:33:01.0138 5292  BrUsbSer - ok
06:33:01.0185 5292  [ F5390255C73F8CB4995BDC687555FD19 ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
06:33:01.0201 5292  BrUsbSIb - ok
06:33:01.0232 5292  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
06:33:01.0248 5292  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
06:33:01.0248 5292  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
06:33:01.0263 5292  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
06:33:01.0279 5292  BTHMODEM - ok
06:33:01.0310 5292  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
06:33:01.0341 5292  bthserv - ok
06:33:01.0357 5292  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
06:33:01.0372 5292  cdfs - ok
06:33:01.0404 5292  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
06:33:01.0419 5292  cdrom - ok
06:33:01.0466 5292  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
06:33:01.0513 5292  CertPropSvc - ok
06:33:01.0528 5292  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
06:33:01.0544 5292  circlass - ok
06:33:01.0560 5292  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
06:33:01.0575 5292  CLFS - ok
06:33:01.0653 5292  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:33:01.0684 5292  clr_optimization_v2.0.50727_32 - ok
06:33:01.0747 5292  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:33:01.0778 5292  clr_optimization_v4.0.30319_32 - ok
06:33:01.0778 5292  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
06:33:01.0794 5292  CmBatt - ok
06:33:01.0825 5292  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
06:33:01.0825 5292  cmdide - ok
06:33:01.0856 5292  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
06:33:01.0887 5292  CNG - ok
06:33:01.0903 5292  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
06:33:01.0918 5292  Compbatt - ok
06:33:01.0934 5292  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
06:33:01.0965 5292  CompositeBus - ok
06:33:01.0965 5292  COMSysApp - ok
06:33:01.0981 5292  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
06:33:01.0996 5292  crcdisk - ok
06:33:02.0043 5292  [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
06:33:02.0090 5292  CryptSvc - ok
06:33:02.0137 5292  [ 48297BF3339BC56DD7D7524D7A1740AA ] DBService       C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
06:33:02.0168 5292  DBService ( UnsignedFile.Multi.Generic ) - warning
06:33:02.0168 5292  DBService - detected UnsignedFile.Multi.Generic (1)
06:33:02.0199 5292  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
06:33:02.0246 5292  DcomLaunch - ok
06:33:02.0277 5292  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
06:33:02.0355 5292  defragsvc - ok
06:33:02.0371 5292  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
06:33:02.0402 5292  DfsC - ok
06:33:02.0433 5292  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
06:33:02.0496 5292  Dhcp - ok
06:33:02.0511 5292  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
06:33:02.0542 5292  discache - ok
06:33:02.0574 5292  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
06:33:02.0574 5292  Disk - ok
06:33:02.0605 5292  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
06:33:02.0652 5292  Dnscache - ok
06:33:02.0683 5292  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
06:33:02.0714 5292  dot3svc - ok
06:33:02.0761 5292  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
06:33:02.0792 5292  Dot4 - ok
06:33:02.0839 5292  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:33:02.0870 5292  Dot4Print - ok
06:33:02.0901 5292  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
06:33:02.0932 5292  dot4usb - ok
06:33:02.0948 5292  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
06:33:03.0057 5292  DPS - ok
06:33:03.0073 5292  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
06:33:03.0088 5292  drmkaud - ok
06:33:03.0120 5292  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
06:33:03.0166 5292  DXGKrnl - ok
06:33:03.0182 5292  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
06:33:03.0213 5292  EapHost - ok
06:33:03.0307 5292  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
06:33:03.0385 5292  ebdrv - ok
06:33:03.0416 5292  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
06:33:03.0447 5292  EFS - ok
06:33:03.0494 5292  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
06:33:03.0572 5292  ehRecvr - ok
06:33:03.0588 5292  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
06:33:03.0634 5292  ehSched - ok
06:33:03.0666 5292  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
06:33:03.0681 5292  elxstor - ok
06:33:03.0712 5292  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
06:33:03.0728 5292  ErrDev - ok
06:33:03.0759 5292  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
06:33:03.0790 5292  EventSystem - ok
06:33:03.0806 5292  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
06:33:03.0837 5292  exfat - ok
06:33:03.0884 5292  Fabs - ok
06:33:03.0900 5292  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
06:33:03.0946 5292  fastfat - ok
06:33:03.0993 5292  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
06:33:04.0040 5292  Fax - ok
06:33:04.0056 5292  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
06:33:04.0071 5292  fdc - ok
06:33:04.0087 5292  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
06:33:04.0118 5292  fdPHost - ok
06:33:04.0118 5292  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
06:33:04.0149 5292  FDResPub - ok
06:33:04.0165 5292  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
06:33:04.0180 5292  FileInfo - ok
06:33:04.0196 5292  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
06:33:04.0212 5292  Filetrace - ok
06:33:04.0305 5292  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
06:33:04.0399 5292  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
06:33:04.0399 5292  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
06:33:04.0414 5292  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
06:33:04.0446 5292  flpydisk - ok
06:33:04.0461 5292  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
06:33:04.0477 5292  FltMgr - ok
06:33:04.0524 5292  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
06:33:04.0555 5292  FontCache - ok
06:33:04.0586 5292  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:33:04.0586 5292  FontCache3.0.0.0 - ok
06:33:04.0602 5292  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
06:33:04.0617 5292  FsDepends - ok
06:33:04.0648 5292  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
06:33:04.0648 5292  Fs_Rec - ok
06:33:04.0726 5292  [ 434B6251710F3F2D19D5E040D336300D ] Futuremark SystemInfo Service C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
06:33:04.0758 5292  Futuremark SystemInfo Service - ok
06:33:04.0804 5292  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
06:33:04.0836 5292  fvevol - ok
06:33:04.0867 5292  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
06:33:04.0882 5292  gagp30kx - ok
06:33:04.0914 5292  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:33:04.0929 5292  GEARAspiWDM - ok
06:33:04.0960 5292  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
06:33:05.0007 5292  gpsvc - ok
06:33:05.0070 5292  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
06:33:05.0101 5292  gupdate - ok
06:33:05.0116 5292  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
06:33:05.0132 5292  gupdatem - ok
06:33:05.0148 5292  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
06:33:05.0194 5292  hcw85cir - ok
06:33:05.0226 5292  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:33:05.0257 5292  HdAudAddService - ok
06:33:05.0288 5292  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
06:33:05.0319 5292  HDAudBus - ok
06:33:05.0335 5292  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
06:33:05.0382 5292  HidBatt - ok
06:33:05.0397 5292  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
06:33:05.0413 5292  HidBth - ok
06:33:05.0444 5292  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
06:33:05.0460 5292  HidIr - ok
06:33:05.0491 5292  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
06:33:05.0538 5292  hidserv - ok
06:33:05.0569 5292  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
06:33:05.0600 5292  HidUsb - ok
06:33:05.0616 5292  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
06:33:05.0662 5292  hkmsvc - ok
06:33:05.0678 5292  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:33:05.0694 5292  HomeGroupListener - ok
06:33:05.0725 5292  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:33:05.0740 5292  HomeGroupProvider - ok
06:33:05.0834 5292  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Eigene Programme\HP\Digital Imaging\bin\hpqcxs08.dll
06:33:05.0850 5292  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
06:33:05.0850 5292  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
06:33:05.0881 5292  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Eigene Programme\HP\Digital Imaging\bin\hpqddsvc.dll
06:33:05.0896 5292  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
06:33:05.0896 5292  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
06:33:05.0912 5292  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
06:33:05.0943 5292  HpSAMD - ok
06:33:05.0990 5292  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
06:33:06.0021 5292  HTTP - ok
06:33:06.0037 5292  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
06:33:06.0052 5292  hwpolicy - ok
06:33:06.0084 5292  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
06:33:06.0130 5292  i8042prt - ok
06:33:06.0177 5292  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
06:33:06.0193 5292  iaStorV - ok
06:33:06.0255 5292  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:33:06.0286 5292  idsvc - ok
06:33:06.0318 5292  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
06:33:06.0318 5292  iirsp - ok
06:33:06.0349 5292  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
06:33:06.0380 5292  IKEEXT - ok
06:33:06.0489 5292  [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
06:33:06.0583 5292  IntcAzAudAddService - ok
06:33:06.0614 5292  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
06:33:06.0630 5292  intelide - ok
06:33:06.0645 5292  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
06:33:06.0676 5292  intelppm - ok
06:33:06.0723 5292  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
06:33:06.0754 5292  IPBusEnum - ok
06:33:06.0770 5292  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:33:06.0801 5292  IpFilterDriver - ok
06:33:06.0832 5292  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
06:33:06.0879 5292  iphlpsvc - ok
06:33:06.0910 5292  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
06:33:06.0942 5292  IPMIDRV - ok
06:33:06.0957 5292  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
06:33:07.0004 5292  IPNAT - ok
06:33:07.0082 5292  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
06:33:07.0098 5292  iPod Service - ok
06:33:07.0113 5292  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
06:33:07.0160 5292  IRENUM - ok
06:33:07.0191 5292  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
06:33:07.0207 5292  isapnp - ok
06:33:07.0238 5292  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
06:33:07.0254 5292  iScsiPrt - ok
06:33:07.0285 5292  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
06:33:07.0300 5292  kbdclass - ok
06:33:07.0332 5292  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
06:33:07.0363 5292  kbdhid - ok
06:33:07.0378 5292  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
06:33:07.0410 5292  KeyIso - ok
06:33:07.0441 5292  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
06:33:07.0456 5292  KSecDD - ok
06:33:07.0488 5292  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
06:33:07.0503 5292  KSecPkg - ok
06:33:07.0534 5292  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
06:33:07.0597 5292  KtmRm - ok
06:33:07.0612 5292  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
06:33:07.0644 5292  LanmanServer - ok
06:33:07.0659 5292  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:33:07.0675 5292  LanmanWorkstation - ok
06:33:07.0737 5292  [ AB097D0F93B30A6D79D430422AC6A7E8 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
06:33:07.0753 5292  LBTServ - ok
06:33:07.0768 5292  [ B68309F25C5787385DA842EB5B496958 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
06:33:07.0784 5292  LHidFilt - ok
06:33:07.0784 5292  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
06:33:07.0815 5292  lltdio - ok
06:33:07.0831 5292  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
06:33:07.0862 5292  lltdsvc - ok
06:33:07.0862 5292  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
06:33:07.0893 5292  lmhosts - ok
06:33:07.0909 5292  [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
06:33:07.0909 5292  LMouFilt - ok
06:33:07.0940 5292  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
06:33:07.0956 5292  LSI_FC - ok
06:33:07.0956 5292  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
06:33:07.0971 5292  LSI_SAS - ok
06:33:07.0987 5292  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:33:08.0002 5292  LSI_SAS2 - ok
06:33:08.0018 5292  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:33:08.0018 5292  LSI_SCSI - ok
06:33:08.0049 5292  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
06:33:08.0080 5292  luafv - ok
06:33:08.0127 5292  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
06:33:08.0127 5292  MBAMProtector - ok
06:33:08.0174 5292  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:33:08.0205 5292  MBAMScheduler - ok
06:33:08.0236 5292  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:33:08.0252 5292  MBAMService - ok
06:33:08.0283 5292  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
06:33:08.0314 5292  Mcx2Svc - ok
06:33:08.0314 5292  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
06:33:08.0330 5292  megasas - ok
06:33:08.0346 5292  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
06:33:08.0361 5292  MegaSR - ok
06:33:08.0377 5292  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
06:33:08.0408 5292  MMCSS - ok
06:33:08.0439 5292  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
06:33:08.0455 5292  Modem - ok
06:33:08.0486 5292  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
06:33:08.0502 5292  monitor - ok
06:33:08.0517 5292  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
06:33:08.0533 5292  mouclass - ok
06:33:08.0548 5292  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
06:33:08.0564 5292  mouhid - ok
06:33:08.0595 5292  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
06:33:08.0611 5292  mountmgr - ok
06:33:08.0626 5292  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
06:33:08.0642 5292  mpio - ok
06:33:08.0642 5292  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
06:33:08.0673 5292  mpsdrv - ok
06:33:08.0704 5292  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
06:33:08.0736 5292  MpsSvc - ok
06:33:08.0736 5292  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
06:33:08.0751 5292  MRxDAV - ok
06:33:08.0798 5292  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
06:33:08.0845 5292  mrxsmb - ok
06:33:08.0876 5292  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:33:08.0907 5292  mrxsmb10 - ok
06:33:08.0907 5292  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:33:08.0938 5292  mrxsmb20 - ok
06:33:08.0985 5292  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
06:33:09.0016 5292  msahci - ok
06:33:09.0032 5292  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
06:33:09.0048 5292  msdsm - ok
06:33:09.0063 5292  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
06:33:09.0079 5292  MSDTC - ok
06:33:09.0079 5292  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
06:33:09.0110 5292  Msfs - ok
06:33:09.0126 5292  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
06:33:09.0157 5292  mshidkmdf - ok
06:33:09.0172 5292  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
06:33:09.0172 5292  msisadrv - ok
06:33:09.0204 5292  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
06:33:09.0235 5292  MSiSCSI - ok
06:33:09.0235 5292  msiserver - ok
06:33:09.0266 5292  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
06:33:09.0282 5292  MSKSSRV - ok
06:33:09.0313 5292  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
06:33:09.0344 5292  MSPCLOCK - ok
06:33:09.0375 5292  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
06:33:09.0406 5292  MSPQM - ok
06:33:09.0422 5292  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
06:33:09.0422 5292  MsRPC - ok
06:33:09.0453 5292  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
06:33:09.0484 5292  mssmbios - ok
06:33:09.0500 5292  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
06:33:09.0516 5292  MSTEE - ok
06:33:09.0531 5292  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
06:33:09.0531 5292  MTConfig - ok
06:33:09.0547 5292  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
06:33:09.0547 5292  Mup - ok
06:33:09.0594 5292  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
06:33:09.0609 5292  napagent - ok
06:33:09.0640 5292  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
06:33:09.0656 5292  NativeWifiP - ok
06:33:09.0687 5292  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
06:33:09.0703 5292  NDIS - ok
06:33:09.0734 5292  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
06:33:09.0765 5292  NdisCap - ok
06:33:09.0781 5292  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
06:33:09.0796 5292  NdisTapi - ok
06:33:09.0828 5292  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
06:33:09.0874 5292  Ndisuio - ok
06:33:09.0906 5292  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
06:33:09.0937 5292  NdisWan - ok
06:33:09.0952 5292  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
06:33:09.0984 5292  NDProxy - ok
06:33:10.0030 5292  [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
06:33:10.0046 5292  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:33:10.0046 5292  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
06:33:10.0077 5292  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
06:33:10.0124 5292  NetBIOS - ok
06:33:10.0155 5292  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
06:33:10.0171 5292  NetBT - ok
06:33:10.0186 5292  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
06:33:10.0186 5292  Netlogon - ok
06:33:10.0233 5292  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
06:33:10.0264 5292  Netman - ok
06:33:10.0280 5292  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
06:33:10.0311 5292  netprofm - ok
06:33:10.0327 5292  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:33:10.0327 5292  NetTcpPortSharing - ok
06:33:10.0358 5292  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
06:33:10.0374 5292  nfrd960 - ok
06:33:10.0405 5292  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
06:33:10.0420 5292  NlaSvc - ok
06:33:10.0452 5292  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
06:33:10.0467 5292  Npfs - ok
06:33:10.0483 5292  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
06:33:10.0514 5292  nsi - ok
06:33:10.0514 5292  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
06:33:10.0561 5292  nsiproxy - ok
06:33:10.0592 5292  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
06:33:10.0623 5292  Ntfs - ok
06:33:10.0639 5292  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
06:33:10.0654 5292  Null - ok
06:33:10.0686 5292  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
06:33:10.0701 5292  nvraid - ok
06:33:10.0732 5292  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
06:33:10.0748 5292  nvstor - ok
06:33:10.0764 5292  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
06:33:10.0779 5292  nv_agp - ok
06:33:10.0810 5292  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
06:33:10.0826 5292  ohci1394 - ok
06:33:10.0920 5292  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Eigene Programme\PC-Suite \SupServ.exe
06:33:10.0935 5292  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
06:33:10.0935 5292  OMSI download service - detected UnsignedFile.Multi.Generic (1)
06:33:10.0966 5292  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
06:33:11.0013 5292  p2pimsvc - ok
06:33:11.0044 5292  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
06:33:11.0076 5292  p2psvc - ok
06:33:11.0107 5292  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
06:33:11.0122 5292  Parport - ok
06:33:11.0154 5292  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
06:33:11.0169 5292  partmgr - ok
06:33:11.0185 5292  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
06:33:11.0185 5292  Parvdm - ok
06:33:11.0216 5292  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
06:33:11.0232 5292  PcaSvc - ok
06:33:11.0247 5292  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
06:33:11.0263 5292  pci - ok
06:33:11.0278 5292  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
06:33:11.0294 5292  pciide - ok
06:33:11.0310 5292  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
06:33:11.0325 5292  pcmcia - ok
06:33:11.0325 5292  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
06:33:11.0341 5292  pcw - ok
06:33:11.0388 5292  [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
06:33:11.0419 5292  PDFProFiltSrvPP - ok
06:33:11.0434 5292  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
06:33:11.0481 5292  PEAUTH - ok
06:33:11.0544 5292  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
06:33:11.0622 5292  pla - ok
06:33:11.0653 5292  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
06:33:11.0684 5292  PlugPlay - ok
06:33:11.0746 5292  [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
06:33:11.0746 5292  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:33:11.0746 5292  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
06:33:11.0762 5292  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
06:33:11.0793 5292  PNRPAutoReg - ok
06:33:11.0809 5292  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
06:33:11.0824 5292  PNRPsvc - ok
06:33:11.0840 5292  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
06:33:11.0871 5292  PolicyAgent - ok
06:33:11.0902 5292  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
06:33:11.0934 5292  Power - ok
06:33:11.0949 5292  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
06:33:11.0965 5292  PptpMiniport - ok
06:33:11.0980 5292  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
06:33:12.0027 5292  Processor - ok
06:33:12.0058 5292  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
06:33:12.0090 5292  ProfSvc - ok
06:33:12.0105 5292  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:33:12.0121 5292  ProtectedStorage - ok
06:33:12.0136 5292  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
06:33:12.0152 5292  Psched - ok
06:33:12.0183 5292  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
06:33:12.0214 5292  PSI_SVC_2 - ok
06:33:12.0246 5292  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
06:33:12.0246 5292  PxHelp20 - ok
06:33:12.0292 5292  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
06:33:12.0339 5292  ql2300 - ok
06:33:12.0370 5292  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
06:33:12.0370 5292  ql40xx - ok
06:33:12.0386 5292  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
06:33:12.0402 5292  QWAVE - ok
06:33:12.0417 5292  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
06:33:12.0433 5292  QWAVEdrv - ok
06:33:12.0448 5292  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
06:33:12.0464 5292  RasAcd - ok
06:33:12.0480 5292  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
06:33:12.0526 5292  RasAgileVpn - ok
06:33:12.0542 5292  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
06:33:12.0573 5292  RasAuto - ok
06:33:12.0589 5292  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
06:33:12.0620 5292  Rasl2tp - ok
06:33:12.0667 5292  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
06:33:12.0714 5292  RasMan - ok
06:33:12.0714 5292  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
06:33:12.0760 5292  RasPppoe - ok
06:33:12.0776 5292  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
06:33:12.0807 5292  RasSstp - ok
06:33:12.0823 5292  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
06:33:12.0854 5292  rdbss - ok
06:33:12.0870 5292  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
06:33:12.0885 5292  rdpbus - ok
06:33:12.0901 5292  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
06:33:12.0979 5292  RDPCDD - ok
06:33:12.0994 5292  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
06:33:13.0026 5292  RDPENCDD - ok
06:33:13.0026 5292  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
06:33:13.0057 5292  RDPREFMP - ok
06:33:13.0104 5292  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
06:33:13.0135 5292  RdpVideoMiniport - ok
06:33:13.0166 5292  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
06:33:13.0197 5292  RDPWD - ok
06:33:13.0260 5292  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
06:33:13.0306 5292  rdyboost - ok
06:33:13.0338 5292  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
06:33:13.0369 5292  RemoteAccess - ok
06:33:13.0400 5292  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
06:33:13.0431 5292  RemoteRegistry - ok
06:33:13.0431 5292  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
06:33:13.0462 5292  RpcEptMapper - ok
06:33:13.0494 5292  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
06:33:13.0494 5292  RpcLocator - ok
06:33:13.0525 5292  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
06:33:13.0540 5292  RpcSs - ok
06:33:13.0556 5292  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
06:33:13.0572 5292  rspndr - ok
06:33:13.0603 5292  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
06:33:13.0618 5292  RTL8167 - ok
06:33:13.0650 5292  [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
06:33:13.0665 5292  RTL8192su - ok
06:33:13.0696 5292  [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus        C:\Windows\system32\DRIVERS\s1018bus.sys
06:33:13.0712 5292  s1018bus - ok
06:33:13.0743 5292  [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl       C:\Windows\system32\DRIVERS\s1018mdfl.sys
06:33:13.0743 5292  s1018mdfl - ok
06:33:13.0774 5292  [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm        C:\Windows\system32\DRIVERS\s1018mdm.sys
06:33:13.0806 5292  s1018mdm - ok
06:33:13.0821 5292  [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt       C:\Windows\system32\DRIVERS\s1018mgmt.sys
06:33:13.0868 5292  s1018mgmt - ok
06:33:13.0899 5292  [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5        C:\Windows\system32\DRIVERS\s1018nd5.sys
06:33:13.0899 5292  s1018nd5 - ok
06:33:13.0930 5292  [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex       C:\Windows\system32\DRIVERS\s1018obex.sys
06:33:13.0946 5292  s1018obex - ok
06:33:13.0962 5292  [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic       C:\Windows\system32\DRIVERS\s1018unic.sys
06:33:13.0977 5292  s1018unic - ok
06:33:13.0993 5292  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
06:33:14.0008 5292  SamSs - ok
06:33:14.0040 5292  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
06:33:14.0055 5292  sbp2port - ok
06:33:14.0071 5292  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
06:33:14.0102 5292  SCardSvr - ok
06:33:14.0102 5292  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
06:33:14.0133 5292  scfilter - ok
06:33:14.0180 5292  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
06:33:14.0242 5292  Schedule - ok
06:33:14.0274 5292  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
06:33:14.0289 5292  SCPolicySvc - ok
06:33:14.0320 5292  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
06:33:14.0336 5292  SDRSVC - ok
06:33:14.0430 5292  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Eigene Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
06:33:14.0461 5292  SDScannerService - ok
06:33:14.0508 5292  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Eigene Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
06:33:14.0523 5292  SDUpdateService - ok
06:33:14.0539 5292  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Eigene Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
06:33:14.0554 5292  SDWSCService - ok
06:33:14.0570 5292  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
06:33:14.0586 5292  secdrv - ok
06:33:14.0601 5292  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
06:33:14.0632 5292  seclogon - ok
06:33:14.0679 5292  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
06:33:14.0742 5292  seehcri - ok
06:33:14.0757 5292  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
06:33:14.0804 5292  SENS - ok
06:33:14.0820 5292  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
06:33:14.0851 5292  SensrSvc - ok
06:33:14.0882 5292  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
06:33:14.0913 5292  Serenum - ok
06:33:14.0929 5292  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
06:33:14.0944 5292  Serial - ok
06:33:14.0976 5292  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
06:33:14.0976 5292  sermouse - ok
06:33:15.0022 5292  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
06:33:15.0054 5292  SessionEnv - ok
06:33:15.0069 5292  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
06:33:15.0100 5292  sffdisk - ok
06:33:15.0116 5292  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
06:33:15.0116 5292  sffp_mmc - ok
06:33:15.0132 5292  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
06:33:15.0147 5292  sffp_sd - ok
06:33:15.0178 5292  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
06:33:15.0178 5292  sfloppy - ok
06:33:15.0210 5292  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
06:33:15.0256 5292  SharedAccess - ok
06:33:15.0272 5292  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:33:15.0303 5292  ShellHWDetection - ok
06:33:15.0334 5292  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
06:33:15.0366 5292  sisagp - ok
06:33:15.0381 5292  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:33:15.0381 5292  SiSRaid2 - ok
06:33:15.0412 5292  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
06:33:15.0428 5292  SiSRaid4 - ok
06:33:15.0444 5292  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
06:33:15.0475 5292  Smb - ok
06:33:15.0506 5292  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
06:33:15.0522 5292  SNMPTRAP - ok
06:33:15.0537 5292  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
06:33:15.0537 5292  spldr - ok
06:33:15.0584 5292  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
06:33:15.0631 5292  Spooler - ok
06:33:15.0709 5292  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
06:33:15.0771 5292  sppsvc - ok
06:33:15.0802 5292  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
06:33:15.0849 5292  sppuinotify - ok
06:33:15.0880 5292  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
06:33:15.0912 5292  srv - ok
06:33:15.0927 5292  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
06:33:15.0958 5292  srv2 - ok
06:33:15.0974 5292  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
06:33:16.0005 5292  srvnet - ok
06:33:16.0005 5292  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
06:33:16.0068 5292  SSDPSRV - ok
06:33:16.0130 5292  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
06:33:16.0161 5292  ssmdrv - ok
06:33:16.0177 5292  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
06:33:16.0224 5292  SstpSvc - ok
06:33:16.0270 5292  Steam Client Service - ok
06:33:16.0286 5292  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
06:33:16.0302 5292  stexstor - ok
06:33:16.0348 5292  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
06:33:16.0395 5292  StiSvc - ok
06:33:16.0426 5292  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
06:33:16.0442 5292  swenum - ok
06:33:16.0458 5292  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
06:33:16.0489 5292  swprv - ok
06:33:16.0536 5292  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
06:33:16.0551 5292  SysMain - ok
06:33:16.0567 5292  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:33:16.0598 5292  TabletInputService - ok
06:33:16.0614 5292  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
06:33:16.0645 5292  TapiSrv - ok
06:33:16.0660 5292  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
06:33:16.0692 5292  TBS - ok
06:33:16.0723 5292  [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
06:33:16.0770 5292  Tcpip - ok
06:33:16.0801 5292  [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
06:33:16.0816 5292  TCPIP6 - ok
06:33:16.0848 5292  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
06:33:16.0879 5292  tcpipreg - ok
06:33:16.0910 5292  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
06:33:16.0941 5292  TDPIPE - ok
06:33:16.0957 5292  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
06:33:16.0972 5292  TDTCP - ok
06:33:16.0988 5292  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
06:33:17.0050 5292  tdx - ok
06:33:17.0082 5292  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
06:33:17.0113 5292  TermDD - ok
06:33:17.0128 5292  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
06:33:17.0160 5292  TermService - ok
06:33:17.0175 5292  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
06:33:17.0175 5292  Themes - ok
06:33:17.0191 5292  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
06:33:17.0206 5292  THREADORDER - ok
06:33:17.0222 5292  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
06:33:17.0238 5292  TrkWks - ok
06:33:17.0269 5292  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:33:17.0300 5292  TrustedInstaller - ok
06:33:17.0316 5292  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
06:33:17.0378 5292  tssecsrv - ok
06:33:17.0409 5292  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
06:33:17.0425 5292  TsUsbFlt - ok
06:33:17.0472 5292  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
06:33:17.0518 5292  tunnel - ok
06:33:17.0550 5292  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
06:33:17.0581 5292  uagp35 - ok
06:33:17.0596 5292  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
06:33:17.0643 5292  udfs - ok
06:33:17.0659 5292  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
06:33:17.0690 5292  UI0Detect - ok
06:33:17.0737 5292  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
06:33:17.0752 5292  uliagpkx - ok
06:33:17.0768 5292  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
06:33:17.0784 5292  umbus - ok
06:33:17.0799 5292  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
06:33:17.0815 5292  UmPass - ok
06:33:17.0830 5292  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
06:33:17.0862 5292  upnphost - ok
06:33:17.0924 5292  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
06:33:17.0971 5292  USBAAPL - ok
06:33:17.0986 5292  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
06:33:18.0002 5292  usbccgp - ok
06:33:18.0033 5292  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
06:33:18.0080 5292  usbcir - ok
06:33:18.0111 5292  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
06:33:18.0127 5292  usbehci - ok
06:33:18.0174 5292  [ E5B14557793164DB879EE56F5B59C3E2 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
06:33:18.0189 5292  usbfilter - ok
06:33:18.0236 5292  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
06:33:18.0252 5292  usbhub - ok
06:33:18.0267 5292  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
06:33:18.0283 5292  usbohci - ok
06:33:18.0298 5292  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
06:33:18.0314 5292  usbprint - ok
06:33:18.0361 5292  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
06:33:18.0408 5292  usbscan - ok
06:33:18.0423 5292  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:33:18.0454 5292  USBSTOR - ok
06:33:18.0501 5292  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
06:33:18.0532 5292  usbuhci - ok
06:33:18.0564 5292  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
06:33:18.0610 5292  UxSms - ok
06:33:18.0626 5292  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
06:33:18.0642 5292  VaultSvc - ok
06:33:18.0642 5292  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
06:33:18.0657 5292  vdrvroot - ok
06:33:18.0688 5292  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
06:33:18.0720 5292  vds - ok
06:33:18.0735 5292  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
06:33:18.0766 5292  vga - ok
06:33:18.0782 5292  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
06:33:18.0798 5292  VgaSave - ok
06:33:18.0829 5292  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
06:33:18.0844 5292  vhdmp - ok
06:33:18.0860 5292  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
06:33:18.0876 5292  viaagp - ok
06:33:18.0891 5292  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
06:33:18.0891 5292  ViaC7 - ok
06:33:18.0922 5292  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
06:33:18.0922 5292  viaide - ok
06:33:18.0954 5292  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
06:33:18.0969 5292  volmgr - ok
06:33:19.0000 5292  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
06:33:19.0016 5292  volmgrx - ok
06:33:19.0032 5292  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
06:33:19.0047 5292  volsnap - ok
06:33:19.0078 5292  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
06:33:19.0094 5292  vsmraid - ok
06:33:19.0110 5292  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
06:33:19.0156 5292  VSS - ok
06:33:19.0156 5292  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
06:33:19.0188 5292  vwifibus - ok
06:33:19.0203 5292  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
06:33:19.0219 5292  vwififlt - ok
06:33:19.0234 5292  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
06:33:19.0250 5292  vwifimp - ok
06:33:19.0281 5292  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
06:33:19.0297 5292  W32Time - ok
06:33:19.0312 5292  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
06:33:19.0344 5292  WacomPen - ok
06:33:19.0375 5292  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
06:33:19.0437 5292  WANARP - ok
06:33:19.0437 5292  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
06:33:19.0468 5292  Wanarpv6 - ok
06:33:19.0531 5292  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
06:33:19.0609 5292  WatAdminSvc - ok
06:33:19.0640 5292  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
06:33:19.0702 5292  wbengine - ok
06:33:19.0702 5292  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
06:33:19.0718 5292  WbioSrvc - ok
06:33:19.0749 5292  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
06:33:19.0780 5292  wcncsvc - ok
06:33:19.0796 5292  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:33:19.0812 5292  WcsPlugInService - ok
06:33:19.0843 5292  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
06:33:19.0858 5292  Wd - ok
06:33:19.0890 5292  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
06:33:19.0905 5292  Wdf01000 - ok
06:33:19.0921 5292  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
06:33:19.0952 5292  WdiServiceHost - ok
06:33:19.0952 5292  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
06:33:19.0968 5292  WdiSystemHost - ok
06:33:19.0999 5292  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
06:33:20.0014 5292  WebClient - ok
06:33:20.0046 5292  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
06:33:20.0061 5292  Wecsvc - ok
06:33:20.0077 5292  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
06:33:20.0108 5292  wercplsupport - ok
06:33:20.0139 5292  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
06:33:20.0155 5292  WerSvc - ok
06:33:20.0202 5292  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
06:33:20.0248 5292  WfpLwf - ok
06:33:20.0264 5292  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
06:33:20.0264 5292  WIMMount - ok
06:33:20.0311 5292  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
06:33:20.0358 5292  WinDefend - ok
06:33:20.0358 5292  WinHttpAutoProxySvc - ok
06:33:20.0420 5292  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
06:33:20.0467 5292  Winmgmt - ok
06:33:20.0498 5292  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
06:33:20.0545 5292  WinRM - ok
06:33:20.0592 5292  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
06:33:20.0638 5292  WinUsb - ok
06:33:20.0670 5292  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
06:33:20.0701 5292  Wlansvc - ok
06:33:20.0794 5292  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:33:20.0841 5292  wlidsvc - ok
06:33:20.0872 5292  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
06:33:20.0904 5292  WmiAcpi - ok
06:33:20.0935 5292  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
06:33:20.0950 5292  wmiApSrv - ok
06:33:21.0013 5292  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
06:33:21.0044 5292  WMPNetworkSvc - ok
06:33:21.0060 5292  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
06:33:21.0106 5292  WPCSvc - ok
06:33:21.0138 5292  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
06:33:21.0184 5292  WPDBusEnum - ok
06:33:21.0200 5292  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
06:33:21.0231 5292  ws2ifsl - ok
06:33:21.0247 5292  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
06:33:21.0262 5292  wscsvc - ok
06:33:21.0262 5292  WSearch - ok
06:33:21.0309 5292  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
06:33:21.0372 5292  wuauserv - ok
06:33:21.0403 5292  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
06:33:21.0418 5292  WudfPf - ok
06:33:21.0418 5292  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
06:33:21.0450 5292  WUDFRd - ok
06:33:21.0465 5292  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
06:33:21.0481 5292  wudfsvc - ok
06:33:21.0512 5292  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
06:33:21.0543 5292  WwanSvc - ok
06:33:21.0559 5292  ================ Scan global ===============================
06:33:21.0590 5292  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
06:33:21.0621 5292  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
06:33:21.0637 5292  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
06:33:21.0668 5292  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
06:33:21.0699 5292  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
06:33:21.0699 5292  [Global] - ok
06:33:21.0699 5292  ================ Scan MBR ==================================
06:33:21.0715 5292  [ 8BCB23B30DB1819E7D8DDAE01AEBB583 ] \Device\Harddisk0\DR0
06:33:24.0273 5292  \Device\Harddisk0\DR0 - ok
06:33:24.0273 5292  ================ Scan VBR ==================================
06:33:24.0289 5292  [ 736BCE823272F01328C32FAD040874C1 ] \Device\Harddisk0\DR0\Partition1
06:33:24.0289 5292  \Device\Harddisk0\DR0\Partition1 - ok
06:33:24.0320 5292  [ 28687DDE994E35F7E632FE8235072F8A ] \Device\Harddisk0\DR0\Partition2
06:33:24.0320 5292  \Device\Harddisk0\DR0\Partition2 - ok
06:33:24.0336 5292  [ 5E9BFD3B95DE08ABC9A60853DAEDFCA3 ] \Device\Harddisk0\DR0\Partition3
06:33:24.0351 5292  \Device\Harddisk0\DR0\Partition3 - ok
06:33:24.0351 5292  ============================================================
06:33:24.0351 5292  Scan finished
06:33:24.0351 5292  ============================================================
06:33:24.0367 3112  Detected object count: 8
06:33:24.0367 3112  Actual detected object count: 8
06:34:08.0842 3112  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
06:34:08.0842 3112  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:34:08.0842 3112  DBService ( UnsignedFile.Multi.Generic ) - skipped by user
06:34:08.0842 3112  DBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:34:08.0842 3112  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
06:34:08.0842 3112  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:34:08.0842 3112  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
06:34:08.0842 3112  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:34:08.0842 3112  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
06:34:08.0842 3112  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:34:08.0858 3112  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:34:08.0858 3112  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:34:08.0858 3112  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
06:34:08.0858 3112  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:34:08.0858 3112  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:34:08.0858 3112  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
06:34:11.0557 6016  Deinitialize success

bin jetzt erstmal Arbeiten.

bis dann

Grüße,

Dominik

cosinus · 26.07.2013, 15:48

Sollt iO sein

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Domi77 · 27.07.2013, 18:00

Hallo Cosinus,

hier der log von JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Home Premium x86
Ran by Dominik on 27.07.2013 at 16:53:32,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dominik\appdata\locallow\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.07.2013 at 16:55:57,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hier von AdwCleaner

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 27/07/2013 um 17:54:57 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Dominik - RUSHERSTATION2
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dominik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1182 octets] - [27/07/2013 17:54:57]

########## EOF - C:\AdwCleaner[S1].txt - [1242 octets] ##########

und hier die Logfiles von OTL

Code:

ATTFilter

OTL logfile created on: 27.07.2013 17:59:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 65,00% Memory free
6,50 Gb Paging File | 5,10 Gb Available in Paging File | 78,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 807,41 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 0,01 Gb Free Space | 0,06% Space Free | Partition Type: NTFS
 
Computer Name: RUSHERSTATION2 | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dominik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Eigene Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Eigene Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Eigene Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Eigene Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Eigene Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Eigene Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Eigene Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Eigene Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Eigene Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Programme\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Eigene Programme\PC-Suite \SupServ.exe ()
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Eigene Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Eigene Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Eigene Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Eigene Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Eigene Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3748.36959__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Eigene Programme\Spybot File not found
SRV - (SDUpdateService) -- C:\Eigene Programme\Spybot File not found
SRV - (SDScannerService) -- C:\Eigene Programme\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Eigene Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Eigene Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Programme\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (PDFProFiltSrvPP) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Eigene Programme\PC-Suite \SupServ.exe ()
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dominik\Desktop\mp3
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\..\SearchScopes\{BF644AB2-B9AA-4251-B979-B924C3EC00E5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Eigene Programme\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Eigene Programme\ZoomBrowser\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Dominik\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Eigene Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.08 19:36:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 12:51:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Eigene Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.08 19:36:06 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Eigene Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Eigene Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Eigene Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-3670576215-2337408786-2542085436-1000..\Run: [Spybot-S&D Cleaning] C:\Eigene Programme\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dominik\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O8 - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Eigene Programme\Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} hxxp://clients.futuremark.com/openapi/receivers/FMSI.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{858D1392-B35B-4CD3-B77C-A291B962A64E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{72d5851f-9675-11df-9c25-6c626d491dfd}\Shell - "" = AutoRun
O33 - MountPoints2\{72d5851f-9675-11df-9c25-6c626d491dfd}\Shell\AutoRun\command - "" = I:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.27 16:48:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.27 16:47:09 | 000,561,198 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dominik\Desktop\JRT.exe
[2013.07.25 22:22:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dominik\Desktop\tdsskiller.exe
[2013.07.25 22:13:59 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Dominik\Desktop\aswMBR.exe
[2013.07.25 21:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.25 21:43:32 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\mbar-1.06.0.1004
[2013.07.25 21:02:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.25 21:02:43 | 001,220,306 | ---- | C] (Farbar) -- C:\Users\Dominik\Desktop\FRST.exe
[2013.07.25 20:04:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2013.07.25 19:50:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.07.24 21:23:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes
[2013.07.24 21:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.24 21:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.24 21:23:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.07.24 21:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.07.24 21:10:43 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Dominik\Desktop\mbam-setup-1.75.0.1300.exe
[2013.07.24 20:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.07.24 20:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.07.24 10:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\A044A3D7C7D28F620000A044039C9836
[2013.07.24 09:33:58 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quick-Lohn
[2013.07.24 09:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick-Lohn
[2013.07.12 12:18:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Jona Kindergarten orange Gruppe
[2013.07.12 03:07:14 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.07.12 03:07:13 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.07.12 03:07:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.07.12 03:07:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.07.12 03:07:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.07.12 03:07:12 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.07.12 03:07:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.07.12 03:07:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.07.12 03:07:12 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.07.12 03:07:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.07.11 17:36:52 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.07.11 17:36:49 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.07.11 17:36:46 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013.07.11 17:36:44 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.07.06 09:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.07.06 09:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.08.28 15:35:23 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe9E23.dll
[1 C:\Users\Dominik\Documents\*.tmp files -> C:\Users\Dominik\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.27 18:03:36 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.27 18:03:36 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.27 18:03:36 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.27 18:03:36 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.27 17:56:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.27 17:56:32 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.27 17:53:17 | 000,666,633 | ---- | M] () -- C:\Users\Dominik\Desktop\adwcleaner.exe
[2013.07.27 17:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.27 17:34:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.27 16:59:31 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.27 16:59:31 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.27 16:47:09 | 000,561,198 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dominik\Desktop\JRT.exe
[2013.07.26 06:32:05 | 000,000,512 | ---- | M] () -- C:\Users\Dominik\Desktop\MBR.dat
[2013.07.25 22:22:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dominik\Desktop\tdsskiller.exe
[2013.07.25 22:15:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Dominik\Desktop\aswMBR.exe
[2013.07.25 21:42:56 | 013,399,154 | ---- | M] () -- C:\Users\Dominik\Desktop\mbar-1.06.0.1004.zip
[2013.07.25 21:20:38 | 000,377,856 | ---- | M] () -- C:\Users\Dominik\Desktop\gmer_2.1.19163.exe
[2013.07.25 21:02:43 | 001,220,306 | ---- | M] (Farbar) -- C:\Users\Dominik\Desktop\FRST.exe
[2013.07.25 20:04:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2013.07.25 20:01:35 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\defogger_reenable
[2013.07.25 19:55:19 | 000,050,477 | ---- | M] () -- C:\Users\Dominik\Desktop\Defogger.exe
[2013.07.24 21:23:26 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.24 21:10:49 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Dominik\Desktop\mbam-setup-1.75.0.1300.exe
[2013.07.24 20:36:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.07.24 20:36:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.07.24 09:33:58 | 000,000,585 | ---- | M] () -- C:\Users\Dominik\Desktop\Quick-Lohn.lnk
[2013.07.15 18:11:28 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.12 03:28:36 | 000,441,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.07.05 11:34:38 | 000,006,192 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\wklnhst.dat
[2013.07.04 17:37:38 | 000,010,240 | ---- | M] () -- C:\Users\Dominik\Documents\Unbenanntes Dokument.wps
[2013.06.30 11:13:28 | 000,000,224 | ---- | M] () -- C:\Users\Dominik\Desktop\Comunio.url
[1 C:\Users\Dominik\Documents\*.tmp files -> C:\Users\Dominik\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.27 17:53:17 | 000,666,633 | ---- | C] () -- C:\Users\Dominik\Desktop\adwcleaner.exe
[2013.07.26 06:32:05 | 000,000,512 | ---- | C] () -- C:\Users\Dominik\Desktop\MBR.dat
[2013.07.25 21:42:40 | 013,399,154 | ---- | C] () -- C:\Users\Dominik\Desktop\mbar-1.06.0.1004.zip
[2013.07.25 21:20:37 | 000,377,856 | ---- | C] () -- C:\Users\Dominik\Desktop\gmer_2.1.19163.exe
[2013.07.25 20:01:35 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\defogger_reenable
[2013.07.25 19:55:19 | 000,050,477 | ---- | C] () -- C:\Users\Dominik\Desktop\Defogger.exe
[2013.07.24 21:23:26 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.24 20:36:35 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.24 09:33:58 | 000,000,585 | ---- | C] () -- C:\Users\Dominik\Desktop\Quick-Lohn.lnk
[2013.07.04 17:37:38 | 000,010,240 | ---- | C] () -- C:\Users\Dominik\Documents\Unbenanntes Dokument.wps
[2013.03.02 12:41:11 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013.03.02 12:41:11 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013.03.02 12:36:19 | 000,000,121 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013.03.02 12:36:19 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.09.14 10:32:14 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.09.14 10:32:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012.09.14 10:32:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.07.13 09:09:32 | 000,000,852 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.26 13:18:49 | 000,000,617 | ---- | C] () -- C:\Windows\eReg.dat
[2012.01.16 21:24:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.13 18:00:52 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011.04.15 10:20:38 | 000,226,285 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\UserTile.png
[2011.01.29 20:08:15 | 000,021,504 | ---- | C] () -- C:\Users\Dominik\AppData\Local\WebpageIcons.db
[2010.10.17 10:21:36 | 000,000,017 | ---- | C] () -- C:\Users\Dominik\AppData\Local\resmon.resmoncfg
[2010.07.26 19:06:29 | 000,006,192 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\wklnhst.dat
[2010.07.24 13:45:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

und noch die OTL Extras

Code:

ATTFilter

OTL Extras logfile created on: 27.07.2013 17:59:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 65,00% Memory free
6,50 Gb Paging File | 5,10 Gb Available in Paging File | 78,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 807,41 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 0,01 Gb Free Space | 0,06% Space Free | Partition Type: NTFS
 
Computer Name: RUSHERSTATION2 | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Eigene Programme\Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Eigene Programme\Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Eigene Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Eigene Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Eigene Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Eigene Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Eigene Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Eigene Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Eigene Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Eigene Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057DE4EF-52C3-408E-9244-3C61A0513212}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05BBA3F5-A606-4B2F-8F12-08BF50922ACA}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{06C50BB0-26D3-4C62-883A-B530C79995D9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0C9E2A6A-2C20-40C0-A474-47D115EBF92C}" = lport=7000 | protocol=6 | dir=in | name=tcp-port für windows-easytransfer | 
"{105B6F11-A037-4ACD-9D03-FD918BC33632}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10E8A2A2-7894-4799-BF7B-5356BB1B2326}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{134F0BCD-3319-4F13-A9DE-BF921CFD6FBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A25A630-0CE7-4C25-9B3C-191725C650C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26E44C09-134A-4E0E-B5DF-CEFBF56448C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{276618F3-13C2-425B-BDB0-1BDA0097076B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{29520CA9-EBE6-4AFE-83B9-729C4C126070}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29EC729C-C57C-4085-BB23-829A0AC9400E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3B5E6344-8784-47EF-8883-1484AA425C0E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{438C66E5-0339-4AF9-9CE4-316678DC2097}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{55FE9C12-71FB-4307-9918-42DC0DB844C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5C476168-8CE0-455D-A8A9-111EEA0C2EDB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{64177578-8F80-4DDA-BEDA-F4392790DA43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7598E330-9AEF-4B24-A3A7-29E4CA794C4D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8019E8F9-7D1F-44D2-A553-8B003A37732E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{917ECDD5-5F65-4C23-A8D2-7E4C815A52FC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A53A1A19-1D4B-4C30-82FD-C43395ACA2BF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AF4AB9F3-B44F-4227-B721-B40FD8C308AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B12AF524-A036-434C-A5FD-673B0ADC9AAD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B8DBB823-5DCF-48E9-BFC9-93CC99A8D833}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C83A2719-F1A3-444B-B824-CEAE0BDB41A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2F3C595-010C-4201-9C0F-65F549EFB712}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D374832D-8959-4B18-BB97-7BB2601FC9D9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E20F3202-FD4E-4149-82ED-55E4C544F7B9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E7F453A5-4953-4E3A-8CFA-E0C23C0BC0C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB491242-2FFB-4283-A146-510477B89CE9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB9BA22C-0983-4FE9-9C9A-60254F13A8A7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F353108B-18EE-4594-A3BE-E146D0B2D5D2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F37785C1-B5A8-47FD-AC3D-96104D56549E}" = lport=7000 | protocol=17 | dir=in | name=udp-port für windows-easytransfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030BCA57-702D-4EC8-987D-F0D17277515B}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqcopy2.exe | 
"{05FE1461-BC17-4866-80A4-12F408DF8B8B}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpfccopy.exe | 
"{0727DFA8-57CE-442D-8ABF-34B97D69EDA8}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqkygrp.exe | 
"{09444FB0-FA6D-4962-8547-04FA1A7B7804}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{0CAA5F11-7546-463D-A28F-C60D504077EA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{0E6D18EE-E708-4240-B230-3F4232BC3F17}" = dir=in | app=c:\eigene programme\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{10281C99-470B-4FD0-8F72-871DBDC5AEF1}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{12AA7728-61CD-4FFB-9F3A-20106D6826FB}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqpsapp.exe | 
"{1AE39636-BE21-4A9F-9A2B-D3E507B91CF8}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\ez3k13l@counterstrike.de\counter-strike source\hl2.exe | 
"{1BBEB4BA-BCE5-4DC5-AA9F-DD21FAC08631}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\ez3k13l@counterstrike.de\counter-strike source\hl2.exe | 
"{1EB77967-5919-4B7C-A066-1180707C4391}" = protocol=17 | dir=in | app=c:\eigene programme\update service\update service.exe | 
"{27038161-6BAB-4580-83AE-4C8046223715}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{2BBE85E2-9120-45D1-B684-FC82B9B987C6}" = protocol=6 | dir=in | app=c:\eigene programme\update service\update service.exe | 
"{2C7BDC11-5B84-4EC9-BF30-0AC4911E12F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2F30ACC8-80DD-4975-9EE4-7C769267C893}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqtra08.exe | 
"{33B6631A-7DE6-4DDF-81F0-B95869BB8F84}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3C37CF25-2350-477C-8C2F-9177377D6838}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3FA4D2BB-7FDB-4E95-8E15-A6525CCEA22A}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{49D345C3-6DA8-4242-A33F-00A25572C343}" = protocol=6 | dir=in | app=c:\users\dominik\desktop\tvuplayer_green.v2.5.3.1\2\tvuplayer.exe | 
"{4DE7D947-0971-4852-A042-7ACF98FE59A6}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpiscnapp.exe | 
"{4F6BE692-3E4A-4E89-AFA8-9E85C1406658}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqpse.exe | 
"{546185ED-AF29-49E5-BE3C-C97DE4D6CBCF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5CDF9604-8022-431F-B5FE-282A17AB065B}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqgpc01.exe | 
"{5DC9BE7D-2201-479A-9D55-8322DC3EAE4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F8599BA-FBC0-4DB8-981F-FFB7FE29676F}" = dir=in | app=c:\eigene programme\itunes\itunes.exe | 
"{63EB3389-A27F-463B-9A46-CEB627ED863F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6703CCBE-24E7-4349-956A-FD892DE5D1C2}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"{72AFEEC2-E699-4676-B1A2-62C635044995}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73E2BEF0-6ED6-4A58-BE12-2AA12DC656F4}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe | 
"{76B6EE64-0132-4662-BEED-B75AFE123460}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"{7D7B6C4C-BAF2-48B6-9EE6-0083CD61BDED}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqsudi.exe | 
"{7FFB4915-296B-46B5-BC63-B65D5AE0727C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{80352D8A-E2E0-4F52-AEB4-46762AF036D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{881CA705-6CAA-4DC5-9B27-2B9CFC6F5769}" = dir=in | app=c:\eigene programme\hp\hp software update\hpwucli.exe | 
"{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{8CF4E58C-13B2-49CF-BF1C-4C20F48DF040}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | 
"{9326FCD2-2CB2-4888-8F71-AFEECCF18DF4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A03690D-BA8D-447F-9ACC-5F65BFE173D3}" = protocol=6 | dir=out | app=system | 
"{9CE53C92-1F50-43E1-A5DB-3C3169AD1E48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A0EA9412-CE11-4035-98AD-E1F02C3D289F}" = protocol=58 | dir=in | app=system | 
"{A5F4F2E5-C5E8-4971-A800-990F8E50D4C3}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\ez3k13l@counterstrike.de\counter-strike source\hl2.exe | 
"{A9B7B650-3F88-4C2B-8E1C-B5D54261BD53}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqusgh.exe | 
"{B1E4CDEE-8C10-47F4-B0DD-5FE488614172}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B73C079C-A88C-486B-9410-D9DB0B9E5549}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe | 
"{BB8039B7-6883-4CF5-ACD4-0FF8192C4E78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C7FD54B7-E761-4DFF-B989-149CED2D58A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C886820F-98DA-4EF6-BF50-2AE0FD3533F3}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\ez3k13l@counterstrike.de\counter-strike source\hl2.exe | 
"{C8B3FF88-F9A2-48CD-91DC-E4BF0EF4990A}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"{CBE5CDDB-02B5-4461-9AE9-ACF91ECAE1FC}" = protocol=17 | dir=in | app=c:\users\dominik\desktop\tvuplayer_green.v2.5.3.1\2\tvuplayer.exe | 
"{CBE67BB3-D3E0-4ACF-92F9-DDF2B9CE8806}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD2032D5-6484-4775-8792-BA0A32602AB1}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | 
"{D555E5FE-4A1A-485A-BCCB-A6343BDA381B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD038E0E-69D1-40D5-8590-4E583E9E1C66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E47B0195-C17A-4FB8-A773-B04D700A752B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{E65B6372-B2F7-4F73-B574-F9502D36A331}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBAB9B18-6FD4-4672-A402-FB0AEC0C4A0C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EE29260A-3BBA-4888-BC2F-4F0E99106F17}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqste08.exe | 
"{F0509EBE-D403-4521-9E95-8232374F47EF}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"{F3693B0C-9353-4CEC-B235-70CAAC8B52FF}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{F84B544E-0107-4971-80EB-174C65E42A23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FA81134C-309C-41D4-8CE5-E0D5FCB34F04}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hpqusgm.exe | 
"{FD148D85-3197-44EF-9D5B-653DCB798627}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FFE246A9-F42A-40F7-98CF-A13AB7631EC8}" = dir=in | app=c:\eigene programme\hp\digital imaging\bin\hposid01.exe | 
"TCP Query User{0CFEF77E-B591-46B8-9FC6-29748AFF8F68}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{54DA11F1-7787-4829-919E-94E2D9EFF41E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{5D912A00-0A83-4349-922E-04735278DD16}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B55B5ABA-CD57-481B-9062-4E9E643E220E}C:\users\dominik\desktop\tvuplayer_green.v2.5.3.1\2\tvuplayer.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\tvuplayer_green.v2.5.3.1\2\tvuplayer.exe | 
"TCP Query User{F9917383-6DE5-401A-BBB0-9978EA28B558}C:\games\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\games\runes of magic\client.exe | 
"TCP Query User{FB72BF81-BD4B-44F5-86A3-8BB1314FA02D}C:\users\dominik\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{2D65E4B6-A1EB-4E0E-B755-006BED2A53A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4C1951A0-4C68-44E2-B49C-812984DAEF26}C:\games\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\games\runes of magic\client.exe | 
"UDP Query User{A2AF7CF2-C779-4C02-A446-793CB1CF3EC9}C:\users\dominik\desktop\tvuplayer_green.v2.5.3.1\2\tvuplayer.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\tvuplayer_green.v2.5.3.1\2\tvuplayer.exe | 
"UDP Query User{D5E4552A-D127-476B-B966-2AD7F71FDB08}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F65CD71E-248E-4410-9DEE-F569250229E9}C:\users\dominik\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{F6910745-0891-413C-8332-733453C8DA3B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A169C69-5012-DAD1-B26D-6AD81A3242A9}" = Catalyst Control Center Localization All
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1DAF29CD-88DA-49C2-8F25-B1EFFFB1BA1B}" = eDocPrintPro v3.17.7
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34B164BB-87C0-0E98-4B4B-867962CBB5EB}" = CCC Help Italian
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D8FA9E6-DE47-98B1-B292-D5BD9D1AC5F4}" = Catalyst Control Center Graphics Previews Vista
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D07BB5D-7903-53B0-4EE0-F23FB43A3034}" = Catalyst Control Center Graphics Full New
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5107CFE6-65DB-C1BE-A97B-68C22747AD4F}" = CCC Help English
"{518FBF0D-3BA6-BF84-C949-D301EEA09F08}" = ccc-core-static
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DE1B5E3-F06B-4C00-8D0A-2CCB7ED95493}" = gs_x86
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A53AF94-FB62-528E-93D7-47D927FCBA89}" = Catalyst Control Center InstallProxy
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F276611-40A1-71AF-79B2-F896525FA898}" = CCC Help Danish
"{80186A32-8C10-9A90-409B-F83ED7823EA5}" = Catalyst Control Center Graphics Light
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{853E9CDB-711A-533C-E73F-1D87DCCAF5B6}" = Catalyst Control Center Graphics Full Existing
"{8730DBBF-3817-FC91-3C5D-A42F535A0C75}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963911A3-E0E3-1D9B-CCF1-04607B415F9D}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4A90F5-B7F6-742C-C761-526AD050B601}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB2B2B1-464C-F7ED-2032-B80A1F2EEA69}" = CCC Help Japanese
"{9E422606-5F50-5D98-D89F-74AF10167A25}" = CCC Help Norwegian
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADF60A14-CFC4-7174-D088-E1CFE6663EF3}" = ATI Catalyst Install Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min
"{C3B58DC8-B030-0AE4-87C2-7721A4A485FA}" = CCC Help German
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8A6E0DE-B25F-D008-C10F-81DB91224A41}" = ccc-utility
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2373FE8-B454-4ACB-BBAC-2F8CDE79820A}" = TWinform 2.0
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E8E25861-3B27-E2FE-877A-4E19B848EA31}" = CCC Help Spanish
"{E9D9AD46-011D-EC6D-180B-8A0C6835B778}" = CCC Help Swedish
"{ED87D8A2-0EEB-497D-BB84-79AB988C429D}_is1" = Monopoly 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE6B2A1F-FFA0-9BD0-6C8E-BCA7AEDCFC5E}" = CCC Help Finnish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Borland BDE 5.1" = Borland BDE 5.1
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"D83-Konverter" = D83-Konverter
"DivX Setup" = DivX-Setup
"ElsterFormular" = ElsterFormular
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Müller Foto" = Müller Foto
"MyCamera" = Canon Utilities MyCamera
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PS3 Media Server" = PS3 Media Server
"Ravensburger tiptoi" = Ravensburger tiptoi
"Shop for HP Supplies" = Shop for HP Supplies
"SP6" = Logitech SetPoint 6.15
"Steam App 240" = Counter-Strike: Source
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"web to date 6.0_is1" = DATA BECKER web to date 6.0
"WEKA VOB STAND 10_07 _" = WEKA VOB Stand 10.07 .
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR
"yowindow" = YoWindow
"Zattoo4" = Zattoo4 4.0.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3670576215-2337408786-2542085436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Monopoly Deluxe" = Monopoly Deluxe
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Spybot - Search and Destroy Events ]
Error - 30.11.2012 08:27:24 | Computer Name = Rusherstation2 | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 24.07.2013 13:45:27 | Computer Name = Rusherstation2 | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 27.07.2013 11:51:57 | Computer Name = Rusherstation2 | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

besten Dank für deine Hilfe

Grüße,

Domi

cosinus · 28.07.2013, 22:16

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Domi77 · 29.07.2013, 19:13

Hi Cosinus

hier die Logdatei vom Quickscan von MBAM:

hab ja zu Begin unserer Systembereinigung schon mal mit mbam gescannt.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.29.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Dominik :: RUSHERSTATION2 [Administrator]

Schutz: Aktiviert

29.07.2013 17:10:58
mbam-log-2013-07-29 (17-10-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222046
Laufzeit: 8 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und hier die Logdatei von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d18e813c4a177d4d9df0dd3dfdda84ce
# engine=14578
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-29 05:56:42
# local_time=2013-07-29 07:56:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 9815 145791907 2595 0
# compatibility_mode=5893 16776573 100 94 180076 126751793 0 0
# scanned=344891
# found=0
# cleaned=0
# scan_time=9060

besten Dank

Domi

25.07.2013, 21:09	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Sytem Care Anti-Virus Restlos entfernen Log von GMER fehlt __________________ Logfiles bitte immer in CODE-Tags posten

Sytem Care Anti-Virus Restlos entfernen

Plagegeister aller Art und deren Bekämpfung: Sytem Care Anti-Virus Restlos entfernen