Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   download protect 2.2.0 sicher entfernen (https://www.trojaner-board.de/153698-download-protect-2-2-0-sicher-entfernen.html)

radogoal 11.05.2014 14:05
download protect 2.2.0 sicher entfernen
 
habe mir diese "malware" eingefangen. wie wird man diese wieder los?

hier mein malbyte

[spoiler] Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11.05.2014
Scan Time: 14:42:40
Logfile: malware bytes.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.20.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: xy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260069
Time Elapsed: 13 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[/spoiler]

geh mal davon aus dass ihr hier nichts rauslesen könnt oder? was braucht ihr noch dazu?

Machiavelli 11.05.2014 14:06
Hallo und willkommen an Board, radogoal :hallo:

Mein Name ist Machiavelli und werde bei Deinem Malware Problemen behilflich sein. Falls Du Dich im abgesicherten Modus befindest, würde ich Dir raten, alle Anweisungen von mir auszudrucken, um besseren Überblick auf die Gesamtsituation zu bekommen. Ich bin hier im Malwareteam und daher ist es mir möglich, Dir zu helfen.

Damit eine Bereinigung ermöglicht werden kann, musst Du ein paar Regeln/Tipps beachten:
  • Malware zu entfernen ist normalerweise recht schwierig
    Heutige Malware kann sich sehr gut verstecken, so kann es sein, dass es bestimmte Tools nicht sehen. Eine Neuinstallation ist daher oft das klügere.
  • Bitte folge meinen Anweisung bis in das kleinste Detail
    Falls Du was falsches machst, wie z.B. irgendwas fixt, was nicht durch mich genehmigt wurde, kann der PC dadurch beschädigt werden. Daher folge meinen Anweisungen ganz genau
  • Bleibe mit mir in Kontakt, bis Deine Probleme vollständig gelöst sind
    Themen, in welchen innerhalb von 4 Tagen keine Antwort gepostet wird, werden geschlossen.
  • Bitte lasse keine anderen Tools laufen, während ich bereinige
    Wenn Du Tools wie z.B. Malwarebytes etc. ohne meines Wissens laufen lässt, kann es unter Umständen Ergebnisse verfälschen.
  • Ließ meine Posts vollständig durch
    Falls nicht, kann das zu schwerwiegenden Problemen (z.B. PC bootet nicht mehr) führen oder der Prozess der Malwareentfernung wird länger


Schaun wir mal das ganze mit OTL an.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Starte bitte die OTL.exe.
  • Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard-Ausgabe
  • Scanne alle User anhaken
  • Stelle alle Unterpunkte ein, wie auf folgenden Bild zu sehen: http://s7.directupload.net/images/140510/7skidqx7.png
  • Kopiere nun den Inhalt aus der folgenden Codebox in die Textbox von OTL:
Code:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
mpsvc.dll 
winsock.*
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
  • Schließe alle Programme. (Wichtig)
  • Klicke auf den Scan Button.
  • Poste die Logfiles OTL.txt und Extras.txt in Deine nächste Antwort

radogoal 11.05.2014 14:31
OTL Logfile:
Code:
OTL logfile created on: 11.05.2014 15:14:52 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\xy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 64,96% Memory free
6,98 Gb Paging File | 5,39 Gb Available in Paging File | 77,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210,06 Gb Total Space | 108,52 Gb Free Space | 51,66% Space Free | Partition Type: NTFS
Drive D: | 721,35 Gb Total Space | 383,40 Gb Free Space | 53,15% Space Free | Partition Type: NTFS
 
Computer Name: XY-PC | User Name: xy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014.05.11 15:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Downloads\OTL.exe
PRC - [2014.04.18 20:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014.03.07 12:29:32 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe
PRC - [2014.02.20 15:58:03 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.02.20 15:57:57 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.02.20 15:57:57 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.02.18 18:48:35 | 000,467,000 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe
PRC - [2014.02.06 23:29:56 | 000,189,480 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2014.02.05 10:48:32 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013.05.23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.05.23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.05.23 15:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.11 14:57:42 | 000,041,984 | ---- | M] () -- c:\users\xy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj6f1fu.dll
MOD - [2014.03.07 12:29:32 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe
MOD - [2014.02.23 11:50:17 | 018,813,440 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.02.23 11:50:13 | 000,223,232 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.02.23 11:50:11 | 001,889,792 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.02.23 11:50:09 | 000,802,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014.02.23 11:50:04 | 011,025,920 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.02.23 11:49:59 | 006,990,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.23 11:49:58 | 007,662,080 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.23 11:49:57 | 003,950,080 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.02.23 11:49:54 | 000,976,384 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.23 11:49:53 | 010,060,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.23 11:49:47 | 016,953,856 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014.01.03 05:42:50 | 003,610,624 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.10.19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.03.07 12:29:31 | 000,118,784 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\mswsockd.exe -- (ntoskrol)
SRV:64bit: - [2014.02.06 12:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.12.06 22:52:10 | 000,239,616 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.12.06 17:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2008.05.08 01:29:38 | 000,122,880 | -H-- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2014.05.04 07:56:09 | 000,257,712 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.02.25 23:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.02.20 15:58:03 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.02.20 15:57:57 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.02.05 10:48:32 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.01.16 18:03:40 | 000,064,112 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Programme\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV - [2014.01.16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.09.11 22:21:54 | 000,105,144 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014.03.18 02:24:02 | 000,451,480 | -H-- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2014.01.22 08:52:10 | 000,206,080 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.01.22 08:52:10 | 000,108,800 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.12.24 23:33:22 | 000,489,568 | -H-- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.12.24 23:33:20 | 007,717,984 | -H-- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013.12.18 18:40:12 | 000,131,576 | -H-- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.12.18 18:40:12 | 000,108,440 | -H-- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.12.06 23:52:14 | 013,207,552 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.12.06 22:21:44 | 000,626,176 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.11.26 07:27:26 | 000,028,600 | -H-- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.09.24 16:53:50 | 000,094,208 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.08.22 14:40:24 | 000,040,664 | -H-- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013.08.19 20:30:57 | 000,047,240 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | -H-- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.15 17:06:46 | 000,047,232 | RH-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.17 19:12:26 | 000,028,664 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2013.09.20 00:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 55 81 69 3C 5D CE 01  [binary data]
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir=
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7BEBB09598-CE49-44A2-8D8F-DAE7F08CB84F%7D:2.2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}: C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014.05.03 06:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Extensions
[2014.05.11 14:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\68zaqfqh.default-1399808736961\extensions
[2014.05.10 03:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.05.10 03:35:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () (No name found) -- C:\WINDOWS\INSTALLER\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.XPI
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94FAA4C5-3B3C-4229-B168-76B8CA05270F}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B322F991-7096-4BA5-AA59-F02F01608B7A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.02.07 21:49:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014.02.08 19:18:51 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.11 13:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014.05.11 06:12:01 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\Alte Firefox-Daten
[2014.05.10 18:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2014.05.10 04:11:22 | 000,536,576 | -H-- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.05.10 03:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.05.09 05:48:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2014.05.04 07:56:05 | 017,931,952 | -H-- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.05.04 07:39:00 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\StreamingStar
[2014.05.03 15:11:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\DropboxMaster
[2014.05.03 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\MAGIX_MusicEditor
[2014.05.03 09:39:54 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\CrashDumps
[2014.05.03 06:27:09 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Mozilla
[2014.05.02 12:23:17 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\MAGIX_Foto_Manager_9
[2014.05.02 06:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MotionStudios
[2014.05.02 03:00:49 | 000,000,000 | ---D | C] -- C:\MotionStudios
[2014.05.01 07:58:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\MAGIX_AG
[2014.04.20 09:09:34 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Epubsoft
[2014.04.20 09:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Epubsoft
[2014.04.20 09:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
[2014.04.20 09:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPUBSOFT
[2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\ePUBeedrmremoval
[2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\decrypt
[2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\.ePUBeedrmremoval
[2014.04.20 08:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ePUBee
[2014.04.19 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\calibre-cache
[2014.04.19 11:15:01 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\My Kindle Content
[2014.04.19 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2014.04.19 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Amazon
[2014.04.19 11:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014.04.18 06:31:19 | 000,083,096 | -H-- | C] (Sygate Technologies, Inc.) -- C:\Windows\SysWow64\SSSensor.dll
[2014.04.18 06:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sygate Personal Firewall
[2014.04.18 06:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sygate
[2014.04.17 20:28:49 | 007,717,984 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014.04.17 20:28:47 | 000,489,568 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014.04.17 20:28:47 | 000,090,208 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014.04.17 20:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2014.04.17 04:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2014.04.17 04:39:46 | 000,119,512 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.17 04:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.04.17 04:39:33 | 000,088,280 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.17 04:39:33 | 000,063,192 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.04.17 04:39:33 | 000,025,816 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.04.17 04:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.04.12 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\TechSmith
[2014.04.12 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Camtasia Studio
[2014.04.12 12:22:00 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Ashampoo Movie Studio
[2014.04.12 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\MOVAVI
[2014.04.12 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Movavi
[2014.04.12 11:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2014.04.12 11:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1995-08.com.techsmith
[2014.04.12 11:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014.04.12 11:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2014.04.12 11:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2014.04.12 11:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.11 15:05:03 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.11 15:05:03 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.11 14:56:56 | 000,001,098 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.11 14:56:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.11 14:56:30 | 2811,244,544 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.11 14:46:00 | 000,001,102 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.11 14:29:16 | 000,119,512 | -H-- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.11 14:04:41 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.05.11 13:56:00 | 000,000,884 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.11 09:52:56 | 001,629,276 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.11 09:52:56 | 000,702,926 | -H-- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.11 09:52:56 | 000,657,158 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.11 09:52:56 | 000,150,566 | -H-- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.11 09:52:56 | 000,122,970 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.11 07:03:06 | 000,002,081 | ---- | M] () -- C:\Users\xy\Desktop\Everest Home Edition - CHIP Downloader.lnk
[2014.05.10 18:34:44 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014.05.10 18:34:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2014.05.10 16:33:36 | 000,000,034 | -H-- | M] () -- C:\Windows\cdplayer.ini
[2014.05.10 04:25:30 | 000,000,944 | ---- | M] () -- C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk
[2014.05.09 17:20:17 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014.05.04 07:56:09 | 000,692,400 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.05.04 07:56:08 | 000,070,832 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.05.04 07:56:05 | 017,931,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.05.04 07:08:45 | 000,000,684 | ---- | M] () -- C:\Users\xy\Desktop\MediathekView - neu.lnk
[2014.05.04 07:06:32 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014.05.04 07:06:32 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2014.05.04 07:06:31 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.03 15:12:02 | 000,001,008 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.05.03 15:11:30 | 000,000,970 | ---- | M] () -- C:\Users\xy\Desktop\Dropbox.lnk
[2014.05.03 10:12:31 | 000,011,264 | ---- | M] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.05.03 06:27:04 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.05.02 15:27:06 | 000,512,808 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.05.02 12:18:47 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk
[2014.05.02 10:24:55 | 000,008,476 | ---- | M] () -- C:\Users\xy\AppData\Local\recently-used.xbel
[2014.04.19 11:42:28 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2014.04.19 11:14:41 | 000,001,990 | ---- | M] () -- C:\Users\xy\Desktop\Kindle.lnk
[2014.04.17 20:29:46 | 000,000,132 | -H-- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2014.04.17 04:39:35 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.04.12 12:21:45 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk
[2014.04.12 11:57:42 | 000,005,053 | ---- | M] () -- C:\ProgramData\hwjqxkkr.zva
[2014.04.12 11:42:20 | 000,004,509 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamStudio.cfg
[2014.04.12 11:42:20 | 000,000,408 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamShapes.ini
[2014.04.12 11:42:20 | 000,000,408 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamLayout.ini
[2014.04.12 11:42:20 | 000,000,096 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Camdata.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.05.11 07:03:06 | 000,002,081 | ---- | C] () -- C:\Users\xy\Desktop\Everest Home Edition - CHIP Downloader.lnk
[2014.05.10 18:34:44 | 000,001,432 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014.05.10 18:34:44 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2014.05.10 04:25:29 | 000,000,944 | ---- | C] () -- C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk
[2014.05.04 07:08:45 | 000,000,684 | ---- | C] () -- C:\Users\xy\Desktop\MediathekView - neu.lnk
[2014.05.04 07:03:20 | 000,000,884 | -H-- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.03 06:27:04 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.05.03 06:27:03 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.05.02 12:18:47 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk
[2014.05.02 10:24:55 | 000,008,476 | ---- | C] () -- C:\Users\xy\AppData\Local\recently-used.xbel
[2014.04.27 11:54:36 | 000,000,034 | -H-- | C] () -- C:\Windows\cdplayer.ini
[2014.04.19 11:14:41 | 000,001,990 | ---- | C] () -- C:\Users\xy\Desktop\Kindle.lnk
[2014.04.17 20:28:54 | 000,000,132 | -H-- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2014.04.17 04:39:35 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.04.12 12:21:45 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk
[2014.04.12 11:57:42 | 000,005,053 | ---- | C] () -- C:\ProgramData\hwjqxkkr.zva
[2014.03.26 20:44:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.03.22 15:08:02 | 000,000,042 | ---- | C] () -- C:\Users\xy\AppData\Roaming\WB.CFG
[2014.03.19 13:14:21 | 000,011,264 | ---- | C] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.03.07 12:29:32 | 000,012,800 | ---- | C] () -- C:\ProgramData\dlprotect.exe
[2014.02.09 14:49:30 | 000,000,701 | ---- | C] () -- C:\Users\xy\AppData\Roaming\pdfsound.dll
[2014.02.09 14:49:30 | 000,000,053 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setting.ini
[2014.02.09 14:49:30 | 000,000,043 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup_pdfrotator.ini
[2014.02.09 14:49:30 | 000,000,043 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup_pdfcombine.ini
[2014.02.09 14:49:30 | 000,000,030 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup.ini
[2014.02.09 14:49:30 | 000,000,014 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options.ini
[2014.02.09 14:49:30 | 000,000,003 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options_pdfrotator.ini
[2014.02.09 14:49:30 | 000,000,003 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options_pdfcombine.ini
[2014.01.18 20:25:57 | 000,000,000 | -H-- | C] () -- C:\Windows\geo.ini
[2013.12.15 11:19:23 | 000,338,944 | -H-- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2013.12.15 11:19:23 | 000,122,880 | -H-- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2013.12.15 11:19:23 | 000,088,576 | -H-- | C] () -- C:\Windows\SysWow64\Lffpx90n.dll
[2013.12.06 23:38:38 | 000,995,342 | -H-- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.12.06 23:38:38 | 000,798,734 | -H-- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.12.06 17:44:26 | 000,038,912 | -H-- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.11.10 16:22:58 | 000,000,256 | -H-- | C] () -- C:\Windows\_delis32.ini
[2013.11.09 15:25:48 | 000,004,509 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamStudio.cfg
[2013.10.06 15:12:01 | 000,178,176 | -H-- | C] () -- C:\Windows\SysWow64\StellarProfile.dll
[2013.10.06 11:08:27 | 000,000,004 | -H-- | C] () -- C:\Windows\vx86036.dat
[2013.10.06 11:08:05 | 000,000,140 | -H-- | C] () -- C:\Windows\Crypkey.ini
[2013.10.06 11:07:59 | 000,027,648 | RH-- | C] () -- C:\Windows\Setup_ck.exe
[2013.10.06 11:07:59 | 000,018,432 | -H-- | C] () -- C:\Windows\Setup_ck.dll
[2013.10.06 11:07:59 | 000,011,776 | -H-- | C] () -- C:\Windows\Ckrfresh.exe
[2013.09.28 09:55:35 | 000,000,408 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamShapes.ini
[2013.09.28 09:55:35 | 000,000,408 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamLayout.ini
[2013.09.28 09:55:35 | 000,000,096 | ---- | C] () -- C:\Users\xy\AppData\Roaming\Camdata.ini
[2013.06.07 21:08:30 | 000,000,234 | -H-- | C] () -- C:\Windows\wininit.ini
[2013.06.02 19:08:27 | 000,007,256 | -H-- | C] () -- C:\Windows\mgxoschk.ini
[2013.05.31 20:52:26 | 001,602,556 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.30 17:12:58 | 000,120,200 | -H-- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.05.30 16:14:22 | 000,000,400 | -H-- | C] () -- C:\Windows\ODBC.INI
[2013.05.30 15:47:53 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2013.05.22 20:43:52 | 000,030,568 | -H-- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.05.22 20:43:48 | 000,974,848 | -H-- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.05.22 20:43:48 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.05.22 20:43:48 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.05.22 20:43:48 | 000,057,344 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.12.19 21:52:22 | 000,204,952 | -H-- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.12.19 21:52:22 | 000,157,144 | -H-- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.20 05:25:46 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.20 05:26:06 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.20 04:18:32 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.20 05:26:40 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012.02.11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.20 05:27:26 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.20 05:27:26 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.20 05:27:28 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.20 05:27:26 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.20 04:21:20 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.20 05:27:26 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.20 05:27:28 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.20 04:21:30 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.20 05:25:28 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.20 05:27:26 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010.11.20 05:27:30 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.20 05:27:00 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.20 05:27:30 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.20 05:25:00 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.20 04:17:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.20 05:26:08 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.20 05:27:30 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2013.05.27 07:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
[2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
[2013.05.27 07:56:38 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=93B9D9FABBED612F71527E52E1D1EE93 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpSvc.dll
[2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll
[2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
[2013.05.27 07:25:24 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=F7DE0DDAC48EEE6DD48A9EB33F6E672D -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009.07.14 03:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
 
< MD5 for: RPCSS.DLL  >
[2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009.07.14 03:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
 
< MD5 for: SERVICES  >
[2009.06.10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.ASFX  >
[2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx
 
< MD5 for: SERVICES.CFG  >
[2012.09.23 20:43:36 | 000,603,848 | RH-- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744BA0000000010\11.0.0\services.cfg
[2013.05.11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.DAT  >
[2013.04.22 05:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009.07.14 19:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui
[2009.07.14 19:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009.07.14 19:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc
[2009.07.14 19:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc
[2009.07.14 19:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc
[2009.07.14 19:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: AE4A-9AEF
 Verzeichnis von C:\
14.07.2009  07:08    <VERBINDUNG>  Documents and Settings [C:\Users]
30.05.2013  15:39    <VERBINDUNG>  Dokumente und Einstellungen [C:\Users]
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\Program Files]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files
30.05.2013  15:39    <VERBINDUNG>  Gemeinsame Dateien [C:\Program Files\Common Files]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files\Windows NT
30.05.2013  15:39    <VERBINDUNG>  Zubeh”r [C:\Program Files\Windows NT\Accessories]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\ProgramData
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Application Data [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Desktop [C:\Users\Public\Desktop]
14.07.2009  07:08    <VERBINDUNG>  Documents [C:\Users\Public\Documents]
30.05.2013  15:39    <VERBINDUNG>  Dokumente [C:\Users\Public\Documents]
30.05.2013  15:39    <VERBINDUNG>  Favoriten [C:\Users\Public\Favorites]
14.07.2009  07:08    <VERBINDUNG>  Favorites [C:\Users\Public\Favorites]
14.07.2009  07:08    <VERBINDUNG>  Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
30.05.2013  15:39    <VERBINDUNG>  Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009  07:08    <VERBINDUNG>  Templates [C:\ProgramData\Microsoft\Windows\Templates]
30.05.2013  15:39    <VERBINDUNG>  Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users
14.07.2009  07:08    <SYMLINKD>    All Users [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Default User [C:\Users\Default]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\All Users
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Application Data [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Desktop [C:\Users\Public\Desktop]
14.07.2009  07:08    <VERBINDUNG>  Documents [C:\Users\Public\Documents]
30.05.2013  15:39    <VERBINDUNG>  Dokumente [C:\Users\Public\Documents]
30.05.2013  15:39    <VERBINDUNG>  Favoriten [C:\Users\Public\Favorites]
14.07.2009  07:08    <VERBINDUNG>  Favorites [C:\Users\Public\Favorites]
14.07.2009  07:08    <VERBINDUNG>  Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
30.05.2013  15:39    <VERBINDUNG>  Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009  07:08    <VERBINDUNG>  Templates [C:\ProgramData\Microsoft\Windows\Templates]
30.05.2013  15:39    <VERBINDUNG>  Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\Users\Default\AppData\Roaming]
14.07.2009  07:08    <VERBINDUNG>  Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009  07:08    <VERBINDUNG>  Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
30.05.2013  15:39    <VERBINDUNG>  Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30.05.2013  15:39    <VERBINDUNG>  Eigene Dateien [C:\Users\Default\Documents]
14.07.2009  07:08    <VERBINDUNG>  Local Settings [C:\Users\Default\AppData\Local]
30.05.2013  15:39    <VERBINDUNG>  Lokale Einstellungen [C:\Users\Default\AppData\Local]
14.07.2009  07:08    <VERBINDUNG>  My Documents [C:\Users\Default\Documents]
14.07.2009  07:08    <VERBINDUNG>  NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30.05.2013  15:39    <VERBINDUNG>  Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009  07:08    <VERBINDUNG>  PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009  07:08    <VERBINDUNG>  Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009  07:08    <VERBINDUNG>  SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009  07:08    <VERBINDUNG>  Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
30.05.2013  15:39    <VERBINDUNG>  Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009  07:08    <VERBINDUNG>  Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
30.05.2013  15:39    <VERBINDUNG>  Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\AppData\Local
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\Users\Default\AppData\Local]
14.07.2009  07:08    <VERBINDUNG>  Application Data [C:\Users\Default\AppData\Local]
14.07.2009  07:08    <VERBINDUNG>  History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009  07:08    <VERBINDUNG>  Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
30.05.2013  15:39    <VERBINDUNG>  Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\Documents
30.05.2013  15:39    <VERBINDUNG>  Eigene Bilder [C:\Users\Default\Pictures]
30.05.2013  15:39    <VERBINDUNG>  Eigene Musik [C:\Users\Default\Music]
30.05.2013  15:39    <VERBINDUNG>  Eigene Videos [C:\Users\Default\Videos]
14.07.2009  07:08    <VERBINDUNG>  My Music [C:\Users\Default\Music]
14.07.2009  07:08    <VERBINDUNG>  My Pictures [C:\Users\Default\Pictures]
14.07.2009  07:08    <VERBINDUNG>  My Videos [C:\Users\Default\Videos]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Public\Documents
30.05.2013  15:39    <VERBINDUNG>  Eigene Bilder [C:\Users\Public\Pictures]
30.05.2013  15:39    <VERBINDUNG>  Eigene Musik [C:\Users\Public\Music]
30.05.2013  15:39    <VERBINDUNG>  Eigene Videos [C:\Users\Public\Videos]
14.07.2009  07:08    <VERBINDUNG>  My Music [C:\Users\Public\Music]
14.07.2009  07:08    <VERBINDUNG>  My Pictures [C:\Users\Public\Pictures]
14.07.2009  07:08    <VERBINDUNG>  My Videos [C:\Users\Public\Videos]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\xy
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\Users\xy\AppData\Roaming]
30.05.2013  15:39    <VERBINDUNG>  Cookies [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Cookies]
30.05.2013  15:39    <VERBINDUNG>  Druckumgebung [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30.05.2013  15:39    <VERBINDUNG>  Eigene Dateien [C:\Users\xy\Documents]
30.05.2013  15:39    <VERBINDUNG>  Lokale Einstellungen [C:\Users\xy\AppData\Local]
30.05.2013  15:39    <VERBINDUNG>  Netzwerkumgebung [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30.05.2013  15:39    <VERBINDUNG>  Recent [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Recent]
30.05.2013  15:39    <VERBINDUNG>  SendTo [C:\Users\xy\AppData\Roaming\Microsoft\Windows\SendTo]
30.05.2013  15:39    <VERBINDUNG>  Startmen [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu]
30.05.2013  15:39    <VERBINDUNG>  Vorlagen [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Templates]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\xy\AppData\Local
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\Users\xy\AppData\Local]
30.05.2013  15:39    <VERBINDUNG>  Temporary Internet Files [C:\Users\xy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
30.05.2013  15:39    <VERBINDUNG>  Verlauf [C:\Users\xy\AppData\Local\Microsoft\Windows\History]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\xy\Documents
30.05.2013  15:39    <VERBINDUNG>  Eigene Bilder [C:\Users\xy\Pictures]
30.05.2013  15:39    <VERBINDUNG>  Eigene Musik [C:\Users\xy\Music]
30.05.2013  15:39    <VERBINDUNG>  Eigene Videos [C:\Users\xy\Videos]
              0 Datei(en),              0 Bytes
    Anzahl der angezeigten Dateien:
              0 Datei(en),              0 Bytes
              83 Verzeichnis(se), 116.330.930.176 Bytes frei
 
<          >
 
========== Files - Unicode (All) ==========
[2013.11.10 09:25:41 | 103,387,443 | -H-- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\焃Š
[2013.11.10 09:25:41 | 103,387,443 | -H-- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\焃Š
[2013.11.09 12:41:58 | 103,378,319 | -H-- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ХŒ
[2013.11.09 06:42:02 | 103,378,319 | -H-- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ХŒ
[2013.10.26 05:54:22 | 103,054,676 | -H-- | M] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\Ⳋꝙ¦
[2013.10.26 05:54:22 | 103,054,676 | -H-- | C] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\Ⳋꝙ¦
[2013.10.04 14:40:56 | 099,209,434 | -H-- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\❒휜K
[2013.10.04 14:40:56 | 099,209,434 | -H-- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\❒휜K
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
--- --- ---


wie bekommt man den extra txt?

Machiavelli 11.05.2014 14:46
Hey.

Zitat:
Folder = C:\Users\xy\Downloads
Meine Anweisungen:

Zitat:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
So, bitte bewege OTL.exe zu Deinem Desktop.

Wenn Du alles so wie auf dem Bild beschrieben eingestellt hast, befindet sich im C:\Users\xy\Downloads Ordner die Extras.txt. Wenn nicht, folge bitte diesen Anweisungen:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe (Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen)
  • Klicke auf den Nichts Button
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Poste mir dann die Extras.txt in den nächsten Thread

radogoal 11.05.2014 15:09
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 11.05.2014 15:52:16 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\xy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 50,66% Memory free
6,98 Gb Paging File | 4,89 Gb Available in Paging File | 70,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210,06 Gb Total Space | 108,34 Gb Free Space | 51,57% Space Free | Partition Type: NTFS
Drive D: | 721,35 Gb Total Space | 383,40 Gb Free Space | 53,15% Space Free | Partition Type: NTFS
 
Computer Name: XY-PC | User Name: xy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BE3B06F-C524-4FCC-825C-1778A57B00F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1EBAD0E1-130E-4CC9-AA97-532FCC107951}" = lport=445 | protocol=6 | dir=in | app=system |
"{2274AC10-F5C1-4B36-911F-DAA1FAAA2678}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{22DA4856-5970-416D-8B8A-4F82C2AF1114}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{277F5CEC-1113-425D-878E-F0EDE0D4CA3C}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C3F83EC-C8E5-4B43-9636-9984534A4480}" = lport=138 | protocol=17 | dir=in | app=system |
"{38F41324-3045-4314-81C8-1740EA0E1F6C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{54E5A7A6-5D1F-4E65-9E3E-5D3267253FB4}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B4ECFEF-8750-4791-9B40-911356FE091B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{72C08780-FC90-4319-B1CA-836F98B73061}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DBA3907-2169-4751-930D-71056ABE0820}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA204EA5-D8FA-4E95-9221-C7B84010A90D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD5D712B-AC7E-4D9F-BE30-C4914F3E51FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2DC5720-7CE2-4C04-BBFC-FECEDB6CB390}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE1D5D40-DCA9-4026-8773-1A8D7FE7C3CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5504C27-5DD6-4FB0-B88B-FCE1FA6BECD7}" = rport=138 | protocol=17 | dir=out | app=system |
"{D68BA98F-E224-4056-B322-7AD19E76045F}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A70DF9-3BF7-4726-91EE-2E71B312E152}" = protocol=17 | dir=in | app=c:\users\xy\appdata\roaming\dropbox\bin\dropbox.exe |
"{1D58F6DA-C69C-4C3B-A100-A3120347463E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{211B27F6-BEA7-4FA5-B891-B99E1B688DEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2929AF89-5E00-4E93-897C-B160618A7090}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2B8F9EF3-A677-4668-97C1-790620B6BEE4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{330128B8-7491-44C8-929E-315CC7407D06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe |
"{6A303E4B-DBEB-4DFA-A39B-C85F6E5A807D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8A1803CE-C13E-4F6B-937E-3CF7E424831D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B61D164-905E-4D08-9062-AF413CF13400}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8F4CBBBF-ABF3-4984-BD98-E5EEF5D2BD4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9D8F268D-E4A7-47B2-A959-F1B7A4BD5356}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe |
"{A4281308-5D6B-4522-B93E-0DF5B61F897A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AE16F437-73D1-4B4C-BFF4-67FE92DA0793}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B1FCF0A5-C200-42E2-B123-F65CF1CAC177}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{C23D7666-C3D6-4BDF-A3D9-3BD45D73972B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C7AAC43B-3DAC-4CB1-8633-729FB6E35571}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{D58E5287-CAFC-4896-9503-92A5E187EA62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E8FC61DD-1AA2-4D34-B39E-8BD712CE5CEE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{E9FCDBA5-5B98-4743-97A1-63931BABCF3C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{ED3B9EFB-4068-461D-94C9-694830DF3148}" = protocol=6 | dir=in | app=c:\users\xy\appdata\roaming\dropbox\bin\dropbox.exe |
"{FC73799B-3C56-4E6D-8D9F-774D47BD89F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager
"{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170400}" = Java SE Development Kit 7 Update 40 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{833F5E6D-6E01-11D1-978E-6DFBCEF72570}" = AMD Steady Video Plug-In
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64
"{B2B47795-9ABC-37C1-0633-68B1B7104543}" = AMD Drag and Drop Transcoding
"{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0
"{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"CyberGhost VPN 5_is1" = CyberGhost 5
"GIMP-2_is1" = GIMP 2.8.6
"McAfee Security Scan" = McAfee Security Scan Plus
"TAP-Windows" = TAP-Windows 9.9.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C239A9-D570-4220-B143-3F39FD8A21CB}" = ZoneAlarm Antivirus
"{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek
"{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217004F0}" = Java(TM) 7 Update 4
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30A0234C-E0BD-41A1-A9A8-F16B8DC9F50E}" = ZoneAlarm Firewall
"{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian
"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer
"{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish
"{48C84341-E4F7-42EC-BED5-7A5CAA3291F5}" = calibre
"{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}" = Ultimate EPubsoft DRM Removal 8.5.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard
"{56018684-241C-4D81-A4F6-CED1B5292C49}" = Fotogalerie
"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform
"{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish
"{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}" = USB/DVD-Downloadtool für Windows 7
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1" = Video to Video
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 6.3.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ABE916-759A-49BE-BCEB-91F237E01502}" = Movie Maker
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker
"{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese
"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B33C97-54B3-9CEB-E911-246EDA9BDC9A}_is1" = Ashampoo Movie Studio v.1.0.13
"{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.12.0
"{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional
"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform
"{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish
"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French
"{9DE9A189-5710-4C8F-8A4A-3F3D4BBFB9AE}" = Windows Live UX Platform Language Pack
"{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai
"{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian
"{BE7CD87D-9B09-408B-97D4-37F27C2734C2}" = Windows Live Essentials
"{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian
"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE
"{CA5671C3-41A6-4156-87BA-3BC94E960E80}" = Photo Common
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English
"{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean
"{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese
"{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German
"{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}" = Camtasia Studio 8
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.1.0.1
"{FD9019FD-DB14-4A8F-AE19-8F62F5AFE9F4}" = ZoneAlarm Security
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Amazon Kindle" = Amazon Kindle
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DarkLoader_is1" = DarkLoader 4.3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FormatFactory" = FormatFactory 3.1.1
"Free Video Dub_is1" = Free Video Dub version 2.0.21.822
"Free Videos To DVD_is1" = Free Videos To DVD V 4.0.0
"Free YouTube Download_is1" = Free YouTube Download version 3.2.33.424
"Freemake Video Converter_is1" = Freemake Video Converter Version 4.1.3
"GarrettLoader_is1" = GarrettLoader 1.41
"HOFER Bestellsoftware" = HOFER Bestellsoftware 4.12.1
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"lavfilters_is1" = LAV Filters 0.55.3
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotos auf CD & DVD 9 deluxe D" = MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 29.0.1 (x86 de)" = Mozilla Firefox 29.0.1 (x86 de)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"PDFZilla_is1" = PDFZilla V3.0.6
"Revo Uninstaller" = Revo Uninstaller 1.95
"Shockwave" = Shockwave
"Steam" = Steam
"Steam App 239160" = Thief
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair
"TeamViewer 9" = TeamViewer 9
"Thief - The Dark Project" = Thief - The Dark Project  (Remove Only)
"Thief 2 - The Metal Age" = Thief 2 - The Metal Age  (Remove Only)
"Thief22DeinstallKey" = Dark Project 2
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2014 12:30:16 | Computer Name = xy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Uninstall.exe_unknown, Version: 1.2.26.326,
 Zeitstempel: 0x5332d01c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73616c63  ID des fehlerhaften
 Prozesses: 0x1190  Startzeit der fehlerhaften Anwendung: 0x01cf6c6d0927e39c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 5db01b6f-d860-11e3-8a12-00045fb2fcaf
 
Error - 10.05.2014 16:26:03 | Computer Name = xy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mswsockd.exe, Version: 0.0.0.0, Zeitstempel:
 0x529d12e8  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7c92c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000171ff2  ID des fehlerhaften
 Prozesses: 0x8a8  Startzeit der fehlerhaften Anwendung: 0x01cf6c6ea4d7a70a  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\mswsockd.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\ole32.dll  Berichtskennung: 4e3232a6-d881-11e3-a063-c3edff1fcaab
 
Error - 11.05.2014 01:02:20 | Computer Name = xy-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\SoftonicDownloader_fuer_vasco-da-gama-8-hd-professional.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11.05.2014 05:52:09 | Computer Name = xy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mswsockd.exe, Version: 0.0.0.0, Zeitstempel:
 0x529d12e8  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7c92c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000d89e  ID des fehlerhaften
 Prozesses: 0x630  Startzeit der fehlerhaften Anwendung: 0x01cf6ce0cc346fdc  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\mswsockd.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\ole32.dll  Berichtskennung: ea815113-d8f1-11e3-909a-00045fb2fcaf
 
Error - 11.05.2014 09:12:52 | Computer Name = xy-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 122c    Startzeit:
 01cf6d1a7862c275    Endzeit: 10    Anwendungspfad: C:\Users\xy\Downloads\OTL.exe    Berichts-ID:
 e67eda51-d90d-11e3-9008-00045fb2fcaf 
 
Error - 11.05.2014 09:51:40 | Computer Name = xy-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f94    Startzeit:
01cf6d1fc4e4bdac    Endzeit: 16    Anwendungspfad: C:\Users\xy\Desktop\OTL.exe    Berichts-ID:
 
 
[ OSession Events ]
Error - 30.05.2013 11:53:02 | Computer Name = xy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.02.2014 10:38:20 | Computer Name = xy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1601 seconds with 840 seconds of active time.  This session ended with a
crash.
 
[ System Events ]
Error - 11.05.2014 01:07:35 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%577
 
Error - 11.05.2014 03:43:44 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%577
 
Error - 11.05.2014 03:43:44 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%577
 
Error - 11.05.2014 03:46:15 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%577
 
Error - 11.05.2014 03:46:16 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%577
 
Error - 11.05.2014 05:52:14 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "pciide Access und" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 11.05.2014 07:27:35 | Computer Name = xy-PC | Source = DCOM | ID = 10010
Description =
 
Error - 11.05.2014 07:29:53 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 CyberGhost VPN 5 Client Service erreicht.
 
Error - 11.05.2014 07:29:53 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 11.05.2014 08:56:32 | Computer Name = xy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?05.?2014 um 14:55:52 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

radogoal 11.05.2014 15:10
OTL Logfile:
Code:
OTL logfile created on: 11.05.2014 15:52:16 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\xy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 50,66% Memory free
6,98 Gb Paging File | 4,89 Gb Available in Paging File | 70,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210,06 Gb Total Space | 108,34 Gb Free Space | 51,57% Space Free | Partition Type: NTFS
Drive D: | 721,35 Gb Total Space | 383,40 Gb Free Space | 53,15% Space Free | Partition Type: NTFS
 
Computer Name: XY-PC | User Name: xy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014.05.11 15:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe
PRC - [2014.05.10 03:35:58 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.05.04 07:56:08 | 001,864,368 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014.04.18 20:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014.03.07 12:29:32 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe
PRC - [2014.02.20 15:58:03 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.02.20 15:57:57 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.02.20 15:57:57 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.02.18 18:48:35 | 000,467,000 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe
PRC - [2014.02.06 23:29:56 | 000,189,480 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2014.02.05 10:48:32 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013.05.23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.05.23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.05.23 15:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.11 14:57:42 | 000,041,984 | ---- | M] () -- c:\users\xy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj6f1fu.dll
MOD - [2014.05.10 03:35:58 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.05.04 07:56:08 | 016,351,920 | -H-- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014.03.07 12:29:32 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe
MOD - [2014.02.23 11:50:17 | 018,813,440 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.02.23 11:50:13 | 000,223,232 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.02.23 11:50:11 | 001,889,792 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.02.23 11:50:09 | 000,802,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014.02.23 11:50:04 | 011,025,920 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.02.23 11:49:59 | 006,990,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.23 11:49:58 | 007,662,080 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.23 11:49:57 | 003,950,080 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.02.23 11:49:54 | 000,976,384 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.23 11:49:53 | 010,060,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.23 11:49:47 | 016,953,856 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014.01.03 05:42:50 | 003,610,624 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.10.19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.03.07 12:29:31 | 000,118,784 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\mswsockd.exe -- (ntoskrol)
SRV:64bit: - [2014.02.06 12:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.12.06 22:52:10 | 000,239,616 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.12.06 17:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2008.05.08 01:29:38 | 000,122,880 | -H-- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2014.05.04 07:56:09 | 000,257,712 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.02.25 23:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.02.20 15:58:03 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.02.20 15:57:57 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.02.05 10:48:32 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.01.16 18:03:40 | 000,064,112 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Programme\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV - [2014.01.16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.09.11 22:21:54 | 000,105,144 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014.03.18 02:24:02 | 000,451,480 | -H-- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2014.01.22 08:52:10 | 000,206,080 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.01.22 08:52:10 | 000,108,800 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.12.24 23:33:22 | 000,489,568 | -H-- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.12.24 23:33:20 | 007,717,984 | -H-- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013.12.18 18:40:12 | 000,131,576 | -H-- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.12.18 18:40:12 | 000,108,440 | -H-- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.12.06 23:52:14 | 013,207,552 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.12.06 22:21:44 | 000,626,176 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.11.26 07:27:26 | 000,028,600 | -H-- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.09.24 16:53:50 | 000,094,208 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.08.22 14:40:24 | 000,040,664 | -H-- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013.08.19 20:30:57 | 000,047,240 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | -H-- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.15 17:06:46 | 000,047,232 | RH-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.17 19:12:26 | 000,028,664 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2013.09.20 00:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 55 81 69 3C 5D CE 01  [binary data]
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir=
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.upc.at/"
FF - prefs.js..extensions.enabledAddons: %7BEBB09598-CE49-44A2-8D8F-DAE7F08CB84F%7D:2.2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}: C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014.05.03 06:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Extensions
[2014.05.11 14:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\68zaqfqh.default-1399808736961\extensions
[2014.05.10 03:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.05.10 03:35:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () (No name found) -- C:\WINDOWS\INSTALLER\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.XPI
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94FAA4C5-3B3C-4229-B168-76B8CA05270F}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B322F991-7096-4BA5-AA59-F02F01608B7A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.02.07 21:49:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014.02.08 19:18:51 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.11 15:10:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe
[2014.05.11 13:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014.05.11 06:12:01 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\Alte Firefox-Daten
[2014.05.10 18:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2014.05.10 04:11:22 | 000,536,576 | -H-- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.05.10 03:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.05.09 05:48:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2014.05.04 07:56:05 | 017,931,952 | -H-- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.05.04 07:39:00 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\StreamingStar
[2014.05.03 15:11:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\DropboxMaster
[2014.05.03 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\MAGIX_MusicEditor
[2014.05.03 09:39:54 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\CrashDumps
[2014.05.03 06:27:09 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Mozilla
[2014.05.02 12:23:17 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\MAGIX_Foto_Manager_9
[2014.05.02 06:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MotionStudios
[2014.05.02 03:00:49 | 000,000,000 | ---D | C] -- C:\MotionStudios
[2014.05.01 07:58:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\MAGIX_AG
[2014.04.20 09:09:34 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Epubsoft
[2014.04.20 09:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Epubsoft
[2014.04.20 09:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
[2014.04.20 09:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPUBSOFT
[2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\ePUBeedrmremoval
[2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\decrypt
[2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\.ePUBeedrmremoval
[2014.04.20 08:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ePUBee
[2014.04.19 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\calibre-cache
[2014.04.19 11:15:01 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\My Kindle Content
[2014.04.19 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2014.04.19 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Amazon
[2014.04.19 11:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014.04.18 06:31:19 | 000,083,096 | -H-- | C] (Sygate Technologies, Inc.) -- C:\Windows\SysWow64\SSSensor.dll
[2014.04.18 06:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sygate Personal Firewall
[2014.04.18 06:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sygate
[2014.04.17 20:28:49 | 007,717,984 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014.04.17 20:28:47 | 000,489,568 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014.04.17 20:28:47 | 000,090,208 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014.04.17 20:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2014.04.17 04:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2014.04.17 04:39:46 | 000,119,512 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.17 04:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.04.17 04:39:33 | 000,088,280 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.17 04:39:33 | 000,063,192 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.04.17 04:39:33 | 000,025,816 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.04.17 04:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.04.12 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\TechSmith
[2014.04.12 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Camtasia Studio
[2014.04.12 12:22:00 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Ashampoo Movie Studio
[2014.04.12 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\MOVAVI
[2014.04.12 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Movavi
[2014.04.12 11:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2014.04.12 11:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1995-08.com.techsmith
[2014.04.12 11:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014.04.12 11:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2014.04.12 11:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2014.04.12 11:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.11 15:47:02 | 000,001,102 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.11 15:46:04 | 000,001,098 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.11 15:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe
[2014.05.11 15:05:03 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.11 15:05:03 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.11 14:56:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.11 14:56:30 | 2811,244,544 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.11 14:29:16 | 000,119,512 | -H-- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.11 14:04:41 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.05.11 13:56:00 | 000,000,884 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.11 09:52:56 | 001,629,276 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.11 09:52:56 | 000,702,926 | -H-- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.11 09:52:56 | 000,657,158 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.11 09:52:56 | 000,150,566 | -H-- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.11 09:52:56 | 000,122,970 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.11 07:03:06 | 000,002,081 | ---- | M] () -- C:\Users\xy\Desktop\Everest Home Edition - CHIP Downloader.lnk
[2014.05.10 18:34:44 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014.05.10 18:34:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2014.05.10 16:33:36 | 000,000,034 | -H-- | M] () -- C:\Windows\cdplayer.ini
[2014.05.10 04:25:30 | 000,000,944 | ---- | M] () -- C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk
[2014.05.09 17:20:17 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014.05.04 07:56:09 | 000,692,400 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.05.04 07:56:08 | 000,070,832 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.05.04 07:56:05 | 017,931,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.05.04 07:08:45 | 000,000,684 | ---- | M] () -- C:\Users\xy\Desktop\MediathekView - neu.lnk
[2014.05.04 07:06:32 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014.05.04 07:06:32 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2014.05.04 07:06:31 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.03 15:12:02 | 000,001,008 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.05.03 15:11:30 | 000,000,970 | ---- | M] () -- C:\Users\xy\Desktop\Dropbox.lnk
[2014.05.03 10:12:31 | 000,011,264 | ---- | M] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.05.03 06:27:04 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.05.02 15:27:06 | 000,512,808 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.05.02 12:18:47 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk
[2014.05.02 10:24:55 | 000,008,476 | ---- | M] () -- C:\Users\xy\AppData\Local\recently-used.xbel
[2014.04.19 11:42:28 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2014.04.19 11:14:41 | 000,001,990 | ---- | M] () -- C:\Users\xy\Desktop\Kindle.lnk
[2014.04.17 20:29:46 | 000,000,132 | -H-- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2014.04.17 04:39:35 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.04.12 12:21:45 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk
[2014.04.12 11:57:42 | 000,005,053 | ---- | M] () -- C:\ProgramData\hwjqxkkr.zva
[2014.04.12 11:42:20 | 000,004,509 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamStudio.cfg
[2014.04.12 11:42:20 | 000,000,408 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamShapes.ini
[2014.04.12 11:42:20 | 000,000,408 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamLayout.ini
[2014.04.12 11:42:20 | 000,000,096 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Camdata.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.05.11 07:03:06 | 000,002,081 | ---- | C] () -- C:\Users\xy\Desktop\Everest Home Edition - CHIP Downloader.lnk
[2014.05.10 18:34:44 | 000,001,432 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014.05.10 18:34:44 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2014.05.10 04:25:29 | 000,000,944 | ---- | C] () -- C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk
[2014.05.04 07:08:45 | 000,000,684 | ---- | C] () -- C:\Users\xy\Desktop\MediathekView - neu.lnk
[2014.05.04 07:03:20 | 000,000,884 | -H-- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.03 06:27:04 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.05.03 06:27:03 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.05.02 12:18:47 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk
[2014.05.02 10:24:55 | 000,008,476 | ---- | C] () -- C:\Users\xy\AppData\Local\recently-used.xbel
[2014.04.27 11:54:36 | 000,000,034 | -H-- | C] () -- C:\Windows\cdplayer.ini
[2014.04.19 11:14:41 | 000,001,990 | ---- | C] () -- C:\Users\xy\Desktop\Kindle.lnk
[2014.04.17 20:28:54 | 000,000,132 | -H-- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2014.04.17 04:39:35 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.04.12 12:21:45 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk
[2014.04.12 11:57:42 | 000,005,053 | ---- | C] () -- C:\ProgramData\hwjqxkkr.zva
[2014.03.26 20:44:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.03.22 15:08:02 | 000,000,042 | ---- | C] () -- C:\Users\xy\AppData\Roaming\WB.CFG
[2014.03.19 13:14:21 | 000,011,264 | ---- | C] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.03.07 12:29:32 | 000,012,800 | ---- | C] () -- C:\ProgramData\dlprotect.exe
[2014.02.09 14:49:30 | 000,000,701 | ---- | C] () -- C:\Users\xy\AppData\Roaming\pdfsound.dll
[2014.02.09 14:49:30 | 000,000,053 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setting.ini
[2014.02.09 14:49:30 | 000,000,043 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup_pdfrotator.ini
[2014.02.09 14:49:30 | 000,000,043 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup_pdfcombine.ini
[2014.02.09 14:49:30 | 000,000,030 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup.ini
[2014.02.09 14:49:30 | 000,000,014 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options.ini
[2014.02.09 14:49:30 | 000,000,003 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options_pdfrotator.ini
[2014.02.09 14:49:30 | 000,000,003 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options_pdfcombine.ini
[2014.01.18 20:25:57 | 000,000,000 | -H-- | C] () -- C:\Windows\geo.ini
[2013.12.15 11:19:23 | 000,338,944 | -H-- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2013.12.15 11:19:23 | 000,122,880 | -H-- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2013.12.15 11:19:23 | 000,088,576 | -H-- | C] () -- C:\Windows\SysWow64\Lffpx90n.dll
[2013.12.06 23:38:38 | 000,995,342 | -H-- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.12.06 23:38:38 | 000,798,734 | -H-- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.12.06 17:44:26 | 000,038,912 | -H-- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.11.10 16:22:58 | 000,000,256 | -H-- | C] () -- C:\Windows\_delis32.ini
[2013.11.09 15:25:48 | 000,004,509 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamStudio.cfg
[2013.10.06 15:12:01 | 000,178,176 | -H-- | C] () -- C:\Windows\SysWow64\StellarProfile.dll
[2013.10.06 11:08:27 | 000,000,004 | -H-- | C] () -- C:\Windows\vx86036.dat
[2013.10.06 11:08:05 | 000,000,140 | -H-- | C] () -- C:\Windows\Crypkey.ini
[2013.10.06 11:07:59 | 000,027,648 | RH-- | C] () -- C:\Windows\Setup_ck.exe
[2013.10.06 11:07:59 | 000,018,432 | -H-- | C] () -- C:\Windows\Setup_ck.dll
[2013.10.06 11:07:59 | 000,011,776 | -H-- | C] () -- C:\Windows\Ckrfresh.exe
[2013.09.28 09:55:35 | 000,000,408 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamShapes.ini
[2013.09.28 09:55:35 | 000,000,408 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamLayout.ini
[2013.09.28 09:55:35 | 000,000,096 | ---- | C] () -- C:\Users\xy\AppData\Roaming\Camdata.ini
[2013.06.07 21:08:30 | 000,000,234 | -H-- | C] () -- C:\Windows\wininit.ini
[2013.06.02 19:08:27 | 000,007,256 | -H-- | C] () -- C:\Windows\mgxoschk.ini
[2013.05.31 20:52:26 | 001,602,556 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.30 17:12:58 | 000,120,200 | -H-- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.05.30 16:14:22 | 000,000,400 | -H-- | C] () -- C:\Windows\ODBC.INI
[2013.05.30 15:47:53 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2013.05.22 20:43:52 | 000,030,568 | -H-- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.05.22 20:43:48 | 000,974,848 | -H-- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.05.22 20:43:48 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.05.22 20:43:48 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.05.22 20:43:48 | 000,057,344 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.12.19 21:52:22 | 000,204,952 | -H-- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.12.19 21:52:22 | 000,157,144 | -H-- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.20 05:25:46 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.20 05:26:06 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.20 04:18:32 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.20 05:26:40 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012.02.11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.20 05:27:26 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.20 05:27:26 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.20 05:27:28 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.20 05:27:26 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.20 04:21:20 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.20 05:27:26 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.20 05:27:28 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.20 04:21:30 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.20 05:25:28 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.20 05:27:26 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010.11.20 05:27:30 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.20 05:27:00 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.20 05:27:30 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.20 05:25:00 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.20 04:17:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.20 05:26:08 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.20 05:27:30 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2013.05.27 07:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
[2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
[2013.05.27 07:56:38 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=93B9D9FABBED612F71527E52E1D1EE93 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpSvc.dll
[2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll
[2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
[2013.05.27 07:25:24 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=F7DE0DDAC48EEE6DD48A9EB33F6E672D -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009.07.14 03:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
 
< MD5 for: RPCSS.DLL  >
[2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009.07.14 03:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
 
< MD5 for: SERVICES  >
[2009.06.10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.ASFX  >
[2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx
 
< MD5 for: SERVICES.CFG  >
[2012.09.23 20:43:36 | 000,603,848 | RH-- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744BA0000000010\11.0.0\services.cfg
[2013.05.11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.DAT  >
[2013.04.22 05:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009.07.14 19:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui
[2009.07.14 19:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009.07.14 19:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc
[2009.07.14 19:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc
[2009.07.14 19:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc
[2009.07.14 19:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: AE4A-9AEF
 Verzeichnis von C:\
14.07.2009  07:08    <VERBINDUNG>  Documents and Settings [C:\Users]
30.05.2013  15:39    <VERBINDUNG>  Dokumente und Einstellungen [C:\Users]
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\Program Files]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files
30.05.2013  15:39    <VERBINDUNG>  Gemeinsame Dateien [C:\Program Files\Common Files]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files\Windows NT
30.05.2013  15:39    <VERBINDUNG>  Zubeh”r [C:\Program Files\Windows NT\Accessories]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\ProgramData
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Application Data [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Desktop [C:\Users\Public\Desktop]
14.07.2009  07:08    <VERBINDUNG>  Documents [C:\Users\Public\Documents]
30.05.2013  15:39    <VERBINDUNG>  Dokumente [C:\Users\Public\Documents]
30.05.2013  15:39    <VERBINDUNG>  Favoriten [C:\Users\Public\Favorites]
14.07.2009  07:08    <VERBINDUNG>  Favorites [C:\Users\Public\Favorites]
14.07.2009  07:08    <VERBINDUNG>  Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
30.05.2013  15:39    <VERBINDUNG>  Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009  07:08    <VERBINDUNG>  Templates [C:\ProgramData\Microsoft\Windows\Templates]
30.05.2013  15:39    <VERBINDUNG>  Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users
14.07.2009  07:08    <SYMLINKD>    All Users [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Default User [C:\Users\Default]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\All Users
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Application Data [C:\ProgramData]
14.07.2009  07:08    <VERBINDUNG>  Desktop [C:\Users\Public\Desktop]
14.07.2009  07:08    <VERBINDUNG>  Documents [C:\Users\Public\Documents]
30.05.2013  15:39    <VERBINDUNG>  Dokumente [C:\Users\Public\Documents]
30.05.2013  15:39    <VERBINDUNG>  Favoriten [C:\Users\Public\Favorites]
14.07.2009  07:08    <VERBINDUNG>  Favorites [C:\Users\Public\Favorites]
14.07.2009  07:08    <VERBINDUNG>  Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
30.05.2013  15:39    <VERBINDUNG>  Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009  07:08    <VERBINDUNG>  Templates [C:\ProgramData\Microsoft\Windows\Templates]
30.05.2013  15:39    <VERBINDUNG>  Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\Users\Default\AppData\Roaming]
14.07.2009  07:08    <VERBINDUNG>  Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009  07:08    <VERBINDUNG>  Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
30.05.2013  15:39    <VERBINDUNG>  Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30.05.2013  15:39    <VERBINDUNG>  Eigene Dateien [C:\Users\Default\Documents]
14.07.2009  07:08    <VERBINDUNG>  Local Settings [C:\Users\Default\AppData\Local]
30.05.2013  15:39    <VERBINDUNG>  Lokale Einstellungen [C:\Users\Default\AppData\Local]
14.07.2009  07:08    <VERBINDUNG>  My Documents [C:\Users\Default\Documents]
14.07.2009  07:08    <VERBINDUNG>  NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30.05.2013  15:39    <VERBINDUNG>  Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009  07:08    <VERBINDUNG>  PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009  07:08    <VERBINDUNG>  Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009  07:08    <VERBINDUNG>  SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009  07:08    <VERBINDUNG>  Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
30.05.2013  15:39    <VERBINDUNG>  Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009  07:08    <VERBINDUNG>  Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
30.05.2013  15:39    <VERBINDUNG>  Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\AppData\Local
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\Users\Default\AppData\Local]
14.07.2009  07:08    <VERBINDUNG>  Application Data [C:\Users\Default\AppData\Local]
14.07.2009  07:08    <VERBINDUNG>  History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009  07:08    <VERBINDUNG>  Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
30.05.2013  15:39    <VERBINDUNG>  Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\Documents
30.05.2013  15:39    <VERBINDUNG>  Eigene Bilder [C:\Users\Default\Pictures]
30.05.2013  15:39    <VERBINDUNG>  Eigene Musik [C:\Users\Default\Music]
30.05.2013  15:39    <VERBINDUNG>  Eigene Videos [C:\Users\Default\Videos]
14.07.2009  07:08    <VERBINDUNG>  My Music [C:\Users\Default\Music]
14.07.2009  07:08    <VERBINDUNG>  My Pictures [C:\Users\Default\Pictures]
14.07.2009  07:08    <VERBINDUNG>  My Videos [C:\Users\Default\Videos]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Public\Documents
30.05.2013  15:39    <VERBINDUNG>  Eigene Bilder [C:\Users\Public\Pictures]
30.05.2013  15:39    <VERBINDUNG>  Eigene Musik [C:\Users\Public\Music]
30.05.2013  15:39    <VERBINDUNG>  Eigene Videos [C:\Users\Public\Videos]
14.07.2009  07:08    <VERBINDUNG>  My Music [C:\Users\Public\Music]
14.07.2009  07:08    <VERBINDUNG>  My Pictures [C:\Users\Public\Pictures]
14.07.2009  07:08    <VERBINDUNG>  My Videos [C:\Users\Public\Videos]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\xy
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\Users\xy\AppData\Roaming]
30.05.2013  15:39    <VERBINDUNG>  Cookies [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Cookies]
30.05.2013  15:39    <VERBINDUNG>  Druckumgebung [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30.05.2013  15:39    <VERBINDUNG>  Eigene Dateien [C:\Users\xy\Documents]
30.05.2013  15:39    <VERBINDUNG>  Lokale Einstellungen [C:\Users\xy\AppData\Local]
30.05.2013  15:39    <VERBINDUNG>  Netzwerkumgebung [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30.05.2013  15:39    <VERBINDUNG>  Recent [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Recent]
30.05.2013  15:39    <VERBINDUNG>  SendTo [C:\Users\xy\AppData\Roaming\Microsoft\Windows\SendTo]
30.05.2013  15:39    <VERBINDUNG>  Startmen [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu]
30.05.2013  15:39    <VERBINDUNG>  Vorlagen [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Templates]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\xy\AppData\Local
30.05.2013  15:39    <VERBINDUNG>  Anwendungsdaten [C:\Users\xy\AppData\Local]
30.05.2013  15:39    <VERBINDUNG>  Temporary Internet Files [C:\Users\xy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
30.05.2013  15:39    <VERBINDUNG>  Verlauf [C:\Users\xy\AppData\Local\Microsoft\Windows\History]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu
30.05.2013  15:39    <VERBINDUNG>  Programme [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
              0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\xy\Documents
30.05.2013  15:39    <VERBINDUNG>  Eigene Bilder [C:\Users\xy\Pictures]
30.05.2013  15:39    <VERBINDUNG>  Eigene Musik [C:\Users\xy\Music]
30.05.2013  15:39    <VERBINDUNG>  Eigene Videos [C:\Users\xy\Videos]
              0 Datei(en),              0 Bytes
    Anzahl der angezeigten Dateien:
              0 Datei(en),              0 Bytes
              83 Verzeichnis(se), 116.017.721.344 Bytes frei
 
<          >
 
========== Files - Unicode (All) ==========
[2013.11.10 09:25:41 | 103,387,443 | -H-- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\焃Š
[2013.11.10 09:25:41 | 103,387,443 | -H-- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\焃Š
[2013.11.09 12:41:58 | 103,378,319 | -H-- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ХŒ
[2013.11.09 06:42:02 | 103,378,319 | -H-- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ХŒ
[2013.10.26 05:54:22 | 103,054,676 | -H-- | M] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\Ⳋꝙ¦
[2013.10.26 05:54:22 | 103,054,676 | -H-- | C] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\Ⳋꝙ¦
[2013.10.04 14:40:56 | 099,209,434 | -H-- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\❒휜K
[2013.10.04 14:40:56 | 099,209,434 | -H-- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\❒휜K
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
--- --- ---

Machiavelli 11.05.2014 15:37
Hallo,
ja, auf Deinem System befindet sich Malware.

Schritt 1: SideBar Advice

Ich sehe, dass auf Deinem PC SideBar aktiv ist. Zurzeit besteht in diesem Programm eine Sicherheitslücke, deshalb würde ich Dir raten, es vorrübergehend zu deaktivieren. Mehr Informationen zu diesem Thema kannst Du hier: http://technet.microsoft.com/en-us/s...visory/2719662 finden.

Wie man SideBar deaktiviert:

Schritt 2: Uninstalls

Bitte deinstalliere folgende Programme:
  • Free YouTube Download version 3.2.33.424

Schritt 3: OTL Fix
Code:
:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2014.03.07 12:29:31 | 000,118,784 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\mswsockd.exe -- (ntoskrol)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir=
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () (No name found) -- C:\WINDOWS\INSTALLER\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.XPI
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}: C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] ()
O3 - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014.05.10 18:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2014.05.10 18:34:44 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014.05.10 18:34:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2014.04.12 11:57:42 | 000,005,053 | ---- | M] () -- C:\ProgramData\hwjqxkkr.zva
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

:Commands
[RESETHOSTS]
[EMPTYTEMP]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 4: Adwarecleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 5: Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 6: OTL Scan

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Schritt 7: Frage

Wie läuft Dein System?

radogoal 11.05.2014 16:24
habe den schritt 1+2 durchgeführt habe drei wie beschrieben eingeleitet

aber beim punkt create a restore point dont interrupt passiert seit 35 min nichts

ist dies normal dass dies oslange oder noch länger dauert?

Machiavelli 11.05.2014 16:26
Komisch, das sollte eigentlich nicht passieren. Dann machen wir halt keinen Restore Point, probiere folgenden Fix aus.
Code:
:OTL
SRV:64bit: - [2014.03.07 12:29:31 | 000,118,784 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\mswsockd.exe -- (ntoskrol)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir=
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () (No name found) -- C:\WINDOWS\INSTALLER\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.XPI
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}: C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] ()
O3 - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014.05.10 18:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2014.05.10 18:34:44 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014.05.10 18:34:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2014.04.12 11:57:42 | 000,005,053 | ---- | M] () -- C:\ProgramData\hwjqxkkr.zva
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

:Commands
[RESETHOSTS]
[EMPTYTEMP]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere nun den Inhalt hier in Deinen Thread

radogoal 11.05.2014 17:00
Liste der Anhänge anzeigen (Anzahl: 1)
wenn ic hmittels otl mit den im bild eingestellten einstellungen zu fixen beginne kommen nach cirka 3-4 sek ein paar einträge aber dann läuft ewig die sanduhr ohne ereignis

habe dafür noch die zwei txt dateien der anderen programme angeführt vlt hilft dies jaAdwCleaner Logfile:
Code:
# AdwCleaner v3.207 - Bericht erstellt am 11/05/2014 um 17:48:12
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : xy - XY-PC
# Gestartet von : D:\Downloads\adwcleaner_3.2.0.7.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\68zaqfqh.default-1399808736961\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16171 octets] - [07/09/2013 09:07:12]
AdwCleaner[R10].txt - [3326 octets] - [10/05/2014 04:22:39]
AdwCleaner[R11].txt - [2269 octets] - [11/05/2014 14:01:22]
AdwCleaner[R12].txt - [963 octets] - [11/05/2014 17:48:12]
AdwCleaner[R1].txt - [5313 octets] - [07/09/2013 11:55:20]
AdwCleaner[R2].txt - [1237 octets] - [07/09/2013 11:58:03]
AdwCleaner[R3].txt - [18051 octets] - [07/02/2014 22:34:16]
AdwCleaner[R4].txt - [7137 octets] - [23/02/2014 17:05:02]
AdwCleaner[R5].txt - [1744 octets] - [23/02/2014 17:09:48]
AdwCleaner[R6].txt - [8384 octets] - [07/03/2014 12:56:48]
AdwCleaner[R7].txt - [15501 octets] - [22/03/2014 16:02:52]
AdwCleaner[R8].txt - [2361 octets] - [23/03/2014 16:49:53]
AdwCleaner[R9].txt - [3264 octets] - [10/05/2014 04:10:58]
AdwCleaner[S0].txt - [15710 octets] - [07/09/2013 09:07:50]
AdwCleaner[S1].txt - [5204 octets] - [07/09/2013 11:55:47]
AdwCleaner[S2].txt - [1249 octets] - [07/09/2013 11:58:55]
AdwCleaner[S3].txt - [16841 octets] - [07/02/2014 22:35:35]
AdwCleaner[S4].txt - [5473 octets] - [23/02/2014 17:06:15]
AdwCleaner[S5].txt - [7152 octets] - [07/03/2014 13:02:21]
AdwCleaner[S6].txt - [14250 octets] - [22/03/2014 16:03:21]
AdwCleaner[S7].txt - [2378 octets] - [23/03/2014 16:50:31]
AdwCleaner[S8].txt - [3340 octets] - [10/05/2014 04:23:09]
AdwCleaner[S9].txt - [2283 octets] - [11/05/2014 14:02:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R12].txt - [2168 octets] ##########
--- --- ---


Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.2 (04.29.2013:1)
OS: Windows 7 Home Premium x64
Ran by xy on 11.05.2014 at 17:50:28,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\xy\AppData\Roaming\mozilla\firefox\profiles\68zaqfqh.default-1399808736961\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.05.2014 at 17:54:21,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Machiavelli 11.05.2014 17:16
Dann verwenden wir ein anderes Tool.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


radogoal 11.05.2014 17:26
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by xy (administrator) on XY-PC on 11-05-2014 18:20:00
Running from C:\Users\xy\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\System32\mswsockd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\ProgramData\dlprotect.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Farbar) C:\Users\xy\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-03-07] ()
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-918124617-738689493-455985151-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-918124617-738689493-455985151-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-918124617-738689493-455985151-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2D5581693C5DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP450BAC43-2951-4AEA-B92A-B2072D18AF62&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir=
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{94FAA4C5-3B3C-4229-B168-76B8CA05270F}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\68zaqfqh.default-1399808736961
FF Homepage: hxxp://www.upc.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}] - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014-05-11]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (Google Search) - C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (Gmail) - C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 ntoskrol; C:\Windows\system32\mswsockd.exe [118784 2014-03-07] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-12-24] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-12-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-12-24] (Kaspersky Lab ZAO)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451480 2014-03-18] (Check Point Software Technologies Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 18:20 - 2014-05-11 18:20 - 00015528 _____ () C:\Users\xy\Desktop\FRST.txt
2014-05-11 18:18 - 2014-05-11 18:18 - 02066432 _____ (Farbar) C:\Users\xy\Desktop\FRST64(1).exe
2014-05-11 17:54 - 2014-05-11 17:55 - 00000764 _____ () C:\Users\xy\Desktop\JRT.txt
2014-05-11 17:49 - 2014-05-11 17:49 - 00002249 _____ () C:\Users\xy\Desktop\AdwCleaner[R12].txt
2014-05-11 16:52 - 2014-05-11 16:52 - 00000000 ___DC () C:\_OTL
2014-05-11 15:26 - 2014-05-11 15:26 - 00174898 _____ () C:\Users\xy\Downloads\OTL.Txt
2014-05-11 15:10 - 2014-05-11 15:10 - 00602112 _____ (OldTimer Tools) C:\Users\xy\Desktop\OTL.exe
2014-05-11 14:56 - 2014-05-11 17:47 - 00000496 _____ () C:\Windows\error.log
2014-05-11 14:56 - 2014-05-11 17:47 - 00000224 _____ () C:\Windows\setupact.log
2014-05-11 14:56 - 2014-05-11 17:47 - 00000112 _____ () C:\Windows\errord.log
2014-05-11 14:56 - 2014-05-11 14:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-11 14:26 - 2014-05-11 14:26 - 04892480 _____ (WinZip International LLC ) C:\Users\xy\Downloads\wzmp_8.exe
2014-05-11 13:33 - 2014-05-11 13:33 - 00000000 ____D () C:\ProgramData\Atheros
2014-05-10 18:34 - 2014-05-10 18:34 - 00001235 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-05-10 04:25 - 2014-05-10 04:25 - 00000944 _____ () C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk
2014-05-10 04:11 - 2010-08-30 08:34 - 00536576 ____H (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-10 03:35 - 2014-05-10 03:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 05:48 - 2014-05-09 05:48 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-04 07:56 - 2014-05-04 07:56 - 17931952 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-04 07:39 - 2014-05-04 07:39 - 00000000 ____D () C:\Users\xy\Documents\StreamingStar
2014-05-04 07:08 - 2014-05-04 07:08 - 00000684 _____ () C:\Users\xy\Desktop\MediathekView - neu.lnk
2014-05-04 07:03 - 2014-05-11 17:56 - 00000884 ____H () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 07:03 - 2014-05-04 07:56 - 00003822 ____H () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-03 15:11 - 2014-05-03 15:11 - 00000000 ____D () C:\Users\xy\AppData\Roaming\DropboxMaster
2014-05-03 10:57 - 2014-05-03 10:57 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_MusicEditor
2014-05-03 09:39 - 2014-05-11 14:18 - 00000000 ____D () C:\Users\xy\AppData\Local\CrashDumps
2014-05-03 06:27 - 2014-05-03 06:27 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-03 06:27 - 2014-05-03 06:27 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-03 06:27 - 2014-05-03 06:27 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Mozilla
2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_Foto_Manager_9
2014-05-02 12:18 - 2014-05-02 12:18 - 00001212 _____ () C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk
2014-05-02 10:24 - 2014-05-02 10:24 - 00008476 _____ () C:\Users\xy\AppData\Local\recently-used.xbel
2014-05-02 06:17 - 2014-05-02 06:37 - 00000000 ____D () C:\ProgramData\MotionStudios
2014-05-02 03:00 - 2014-05-02 06:10 - 661401743 _____ () C:\Users\xy\Downloads\Install_VdG8HDProDemo.exe
2014-05-02 03:00 - 2014-05-02 03:00 - 00000000 ____D () C:\MotionStudios
2014-05-01 07:58 - 2014-05-01 07:58 - 00000000 ____D () C:\Users\xy\AppData\Local\MAGIX_AG
2014-04-27 11:54 - 2014-05-10 16:33 - 00000034 ____H () C:\Windows\cdplayer.ini
2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\Users\xy\Documents\Epubsoft
2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-04-20 08:59 - 2014-04-20 10:38 - 00000000 ____D () C:\Program Files (x86)\ePUBee
2014-04-20 08:59 - 2014-04-20 09:01 - 00000000 ____D () C:\Users\xy\AppData\Roaming\decrypt
2014-04-20 08:59 - 2014-04-20 09:01 - 00000000 ____D () C:\Users\xy\AppData\Roaming\.ePUBeedrmremoval
2014-04-20 08:59 - 2014-04-20 08:59 - 00000000 ____D () C:\Users\xy\AppData\Roaming\ePUBeedrmremoval
2014-04-19 11:42 - 2014-04-19 11:42 - 00000000 ____D () C:\Users\xy\AppData\Local\calibre-cache
2014-04-19 11:15 - 2014-04-19 12:26 - 00000000 ____D () C:\Users\xy\Documents\My Kindle Content
2014-04-19 11:14 - 2014-04-19 11:14 - 00001990 _____ () C:\Users\xy\Desktop\Kindle.lnk
2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Users\xy\AppData\Local\Amazon
2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-18 06:31 - 2014-04-18 06:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sygate Personal Firewall
2014-04-18 06:31 - 2014-04-18 06:31 - 00000000 ____D () C:\Program Files (x86)\Sygate
2014-04-18 06:31 - 2004-10-15 18:32 - 00083096 ____H (Sygate Technologies, Inc.) C:\Windows\SysWOW64\SSSensor.dll
2014-04-17 20:52 - 2014-05-11 17:25 - 00303727 ____H () C:\Windows\WindowsUpdate.log
2014-04-17 20:28 - 2014-04-17 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-04-17 20:28 - 2014-04-17 20:29 - 00000132 ____H () C:\Windows\system32\Drivers\vsconfig.xml
2014-04-17 20:28 - 2013-12-24 23:33 - 07717984 ____H (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-04-17 20:28 - 2013-12-24 23:33 - 00489568 ____H (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-04-17 20:28 - 2013-12-24 23:33 - 00090208 ____H (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-04-17 04:41 - 2014-04-17 20:42 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-04-17 04:39 - 2014-05-11 14:29 - 00119512 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 04:39 - 2014-04-17 04:39 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 04:39 - 2014-04-17 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-17 04:39 - 2014-04-17 04:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 04:39 - 2014-04-03 09:51 - 00088280 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 04:39 - 2014-04-03 09:51 - 00063192 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 04:39 - 2014-04-03 09:50 - 00025816 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-12 12:26 - 2014-04-12 12:26 - 00000000 ____D () C:\Users\xy\Documents\Camtasia Studio
2014-04-12 12:26 - 2014-04-12 12:26 - 00000000 ____D () C:\Users\xy\AppData\Roaming\TechSmith
2014-04-12 12:22 - 2014-04-12 12:29 - 00000000 ____D () C:\Users\xy\AppData\Local\Ashampoo Movie Studio
2014-04-12 12:21 - 2014-04-12 12:21 - 00001240 _____ () C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk
2014-04-12 11:57 - 2014-04-12 11:57 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva
2014-04-12 11:57 - 2014-04-12 11:57 - 00000000 ____D () C:\Users\xy\AppData\Roaming\MOVAVI
2014-04-12 11:57 - 2014-04-12 11:57 - 00000000 ____D () C:\Users\xy\AppData\Local\Movavi
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\TechSmith
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime

==================== One Month Modified Files and Folders =======

2014-05-11 18:20 - 2014-05-11 18:20 - 00015528 _____ () C:\Users\xy\Desktop\FRST.txt
2014-05-11 18:20 - 2014-02-08 19:11 - 00000000 ____D () C:\FRST
2014-05-11 18:18 - 2014-05-11 18:18 - 02066432 _____ (Farbar) C:\Users\xy\Desktop\FRST64(1).exe
2014-05-11 18:05 - 2014-03-05 18:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-11 17:56 - 2014-05-04 07:03 - 00000884 ____H () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 17:55 - 2014-05-11 17:54 - 00000764 _____ () C:\Users\xy\Desktop\JRT.txt
2014-05-11 17:55 - 2009-07-14 06:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 17:55 - 2009-07-14 06:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 17:51 - 2014-04-17 20:52 - 00303727 ____H () C:\Windows\WindowsUpdate.log
2014-05-11 17:50 - 2013-05-31 20:46 - 00000000 ____D () C:\JRT
2014-05-11 17:49 - 2014-05-11 17:49 - 00002249 _____ () C:\Users\xy\Desktop\AdwCleaner[R12].txt
2014-05-11 17:49 - 2013-09-07 09:07 - 00000000 ___DC () C:\AdwCleaner
2014-05-11 17:49 - 2013-08-17 11:07 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Dropbox
2014-05-11 17:48 - 2013-08-17 11:14 - 00000000 ___RD () C:\Users\xy\Dropbox
2014-05-11 17:47 - 2014-05-11 14:56 - 00000496 _____ () C:\Windows\error.log
2014-05-11 17:47 - 2014-05-11 14:56 - 00000224 _____ () C:\Windows\setupact.log
2014-05-11 17:47 - 2014-05-11 14:56 - 00000112 _____ () C:\Windows\errord.log
2014-05-11 17:47 - 2013-08-27 20:28 - 00001098 ____H () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 17:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 17:46 - 2013-08-27 20:28 - 00001102 ____H () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 16:52 - 2014-05-11 16:52 - 00000000 ___DC () C:\_OTL
2014-05-11 16:49 - 2013-07-07 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-11 15:26 - 2014-05-11 15:26 - 00174898 _____ () C:\Users\xy\Downloads\OTL.Txt
2014-05-11 15:10 - 2014-05-11 15:10 - 00602112 _____ (OldTimer Tools) C:\Users\xy\Desktop\OTL.exe
2014-05-11 14:56 - 2014-05-11 14:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-11 14:29 - 2014-04-17 04:39 - 00119512 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 14:26 - 2014-05-11 14:26 - 04892480 _____ (WinZip International LLC ) C:\Users\xy\Downloads\wzmp_8.exe
2014-05-11 14:18 - 2014-05-03 09:39 - 00000000 ____D () C:\Users\xy\AppData\Local\CrashDumps
2014-05-11 14:04 - 2014-03-26 20:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-11 13:33 - 2014-05-11 13:33 - 00000000 ____D () C:\ProgramData\Atheros
2014-05-11 09:52 - 2009-07-14 19:58 - 00702926 ____H () C:\Windows\system32\perfh007.dat
2014-05-11 09:52 - 2009-07-14 19:58 - 00150566 ____H () C:\Windows\system32\perfc007.dat
2014-05-11 09:52 - 2009-07-14 07:13 - 01629276 ____H () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 06:59 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\NDF
2014-05-10 18:49 - 2013-07-13 10:14 - 00000000 ____D () C:\Users\xy\Documents\Movies2DVDProjects
2014-05-10 18:47 - 2013-07-13 10:14 - 00000000 ____D () C:\Users\xy\AppData\Roaming\FreeMoviesToDVD
2014-05-10 18:41 - 2009-07-14 07:08 - 00032632 ____H () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-10 18:34 - 2014-05-10 18:34 - 00001235 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-05-10 18:34 - 2013-07-07 09:27 - 00000000 ____D () C:\Users\xy\AppData\Roaming\DVDVideoSoft
2014-05-10 18:11 - 2009-07-14 07:32 - 00000000 ___HD () C:\Windows\system32\FxsTmp
2014-05-10 16:50 - 2013-05-30 17:14 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_Fotos_auf_CD_DVD_9_dlx
2014-05-10 16:33 - 2014-04-27 11:54 - 00000034 ____H () C:\Windows\cdplayer.ini
2014-05-10 04:25 - 2014-05-10 04:25 - 00000944 _____ () C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk
2014-05-10 04:23 - 2013-05-30 15:39 - 00000000 ____D () C:\Users\xy
2014-05-10 03:36 - 2014-05-10 03:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 03:24 - 2013-12-15 08:42 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-09 17:20 - 2014-02-15 13:45 - 00001945 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-05-09 17:20 - 2014-02-15 13:45 - 00001895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-05-09 06:17 - 2013-10-06 11:08 - 00000655 ____C () C:\CKINFO.TXT
2014-05-09 06:10 - 2013-06-15 15:59 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-05-09 05:48 - 2014-05-09 05:48 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-06 15:41 - 2013-08-27 20:28 - 00004098 ____H () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 15:41 - 2013-08-27 20:28 - 00003846 ____H () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-04 09:17 - 2013-08-24 07:28 - 00000000 ____D () C:\Users\xy\AppData\Roaming\vlc
2014-05-04 08:43 - 2013-12-27 13:25 - 00000000 ____D () C:\Users\xy\.mediathek3
2014-05-04 07:56 - 2014-05-04 07:56 - 17931952 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-04 07:56 - 2014-05-04 07:03 - 00003822 ____H () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 07:56 - 2013-05-30 16:32 - 00692400 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 07:56 - 2013-05-30 16:32 - 00070832 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 07:39 - 2014-05-04 07:39 - 00000000 ____D () C:\Users\xy\Documents\StreamingStar
2014-05-04 07:08 - 2014-05-04 07:08 - 00000684 _____ () C:\Users\xy\Desktop\MediathekView - neu.lnk
2014-05-04 07:06 - 2013-07-04 15:26 - 00001930 _____ () C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
2014-05-04 07:06 - 2013-06-12 18:46 - 00001973 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-05-04 07:06 - 2013-06-01 07:27 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-04 06:53 - 2013-12-27 13:26 - 00000000 ____D () C:\Users\xy\MediathekView
2014-05-03 15:12 - 2013-05-30 15:40 - 00000000 ___RD () C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 15:11 - 2014-05-03 15:11 - 00000000 ____D () C:\Users\xy\AppData\Roaming\DropboxMaster
2014-05-03 15:11 - 2013-08-17 11:14 - 00000970 _____ () C:\Users\xy\Desktop\Dropbox.lnk
2014-05-03 15:11 - 2013-08-17 11:08 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-03 10:59 - 2009-07-14 04:34 - 00000564 ____H () C:\Windows\win.ini
2014-05-03 10:57 - 2014-05-03 10:57 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_MusicEditor
2014-05-03 10:12 - 2014-03-19 13:14 - 00011264 _____ () C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-03 09:52 - 2013-06-26 18:05 - 00000000 ____D () C:\Users\xy\Documents\Calibre Bibliothek
2014-05-03 06:27 - 2014-05-03 06:27 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-03 06:27 - 2014-05-03 06:27 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-03 06:27 - 2014-05-03 06:27 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Mozilla
2014-05-02 15:27 - 2009-07-14 06:45 - 00512808 ____H () C:\Windows\system32\FNTCACHE.DAT
2014-05-02 12:30 - 2013-05-30 15:48 - 00158840 _____ () C:\Users\xy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_Foto_Manager_9
2014-05-02 12:23 - 2013-05-30 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-05-02 12:23 - 2013-05-30 17:13 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-02 12:18 - 2014-05-02 12:18 - 00001212 _____ () C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk
2014-05-02 12:12 - 2013-05-30 17:12 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-02 10:26 - 2013-07-11 18:00 - 00000000 ____D () C:\Users\xy\AppData\Local\gtk-2.0
2014-05-02 10:26 - 2013-07-11 17:57 - 00000000 ____D () C:\Users\xy\.gimp-2.8
2014-05-02 10:24 - 2014-05-02 10:24 - 00008476 _____ () C:\Users\xy\AppData\Local\recently-used.xbel
2014-05-02 06:37 - 2014-05-02 06:17 - 00000000 ____D () C:\ProgramData\MotionStudios
2014-05-02 06:10 - 2014-05-02 03:00 - 661401743 _____ () C:\Users\xy\Downloads\Install_VdG8HDProDemo.exe
2014-05-02 03:00 - 2014-05-02 03:00 - 00000000 ____D () C:\MotionStudios
2014-05-01 18:25 - 2013-05-30 17:24 - 00000000 ____D () C:\Users\xy\AppData\Roaming\MAGIX
2014-05-01 07:58 - 2014-05-01 07:58 - 00000000 ____D () C:\Users\xy\AppData\Local\MAGIX_AG
2014-04-20 10:38 - 2014-04-20 08:59 - 00000000 ____D () C:\Program Files (x86)\ePUBee
2014-04-20 09:20 - 2013-06-26 18:04 - 00000000 ____D () C:\Users\xy\AppData\Roaming\calibre
2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\Users\xy\Documents\Epubsoft
2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-04-20 09:01 - 2014-04-20 08:59 - 00000000 ____D () C:\Users\xy\AppData\Roaming\decrypt
2014-04-20 09:01 - 2014-04-20 08:59 - 00000000 ____D () C:\Users\xy\AppData\Roaming\.ePUBeedrmremoval
2014-04-20 08:59 - 2014-04-20 08:59 - 00000000 ____D () C:\Users\xy\AppData\Roaming\ePUBeedrmremoval
2014-04-19 12:26 - 2014-04-19 11:15 - 00000000 ____D () C:\Users\xy\Documents\My Kindle Content
2014-04-19 11:42 - 2014-04-19 11:42 - 00000000 ____D () C:\Users\xy\AppData\Local\calibre-cache
2014-04-19 11:42 - 2013-06-26 18:04 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-04-19 11:42 - 2013-06-26 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-04-19 11:42 - 2013-06-26 18:04 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-04-19 11:14 - 2014-04-19 11:14 - 00001990 _____ () C:\Users\xy\Desktop\Kindle.lnk
2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Users\xy\AppData\Local\Amazon
2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-18 06:31 - 2014-04-18 06:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sygate Personal Firewall
2014-04-18 06:31 - 2014-04-18 06:31 - 00000000 ____D () C:\Program Files (x86)\Sygate
2014-04-17 20:43 - 2014-04-17 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-04-17 20:42 - 2014-04-17 04:41 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-04-17 20:29 - 2014-04-17 20:28 - 00000132 ____H () C:\Windows\system32\Drivers\vsconfig.xml
2014-04-17 04:39 - 2014-04-17 04:39 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 04:39 - 2014-04-17 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-17 04:39 - 2014-04-17 04:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 04:39 - 2013-07-27 09:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 12:29 - 2014-04-12 12:22 - 00000000 ____D () C:\Users\xy\AppData\Local\Ashampoo Movie Studio
2014-04-12 12:26 - 2014-04-12 12:26 - 00000000 ____D () C:\Users\xy\Documents\Camtasia Studio
2014-04-12 12:26 - 2014-04-12 12:26 - 00000000 ____D () C:\Users\xy\AppData\Roaming\TechSmith
2014-04-12 12:21 - 2014-04-12 12:21 - 00001240 _____ () C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk
2014-04-12 12:21 - 2014-03-15 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-04-12 12:21 - 2014-03-15 10:08 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-04-12 12:21 - 2014-03-15 10:08 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-04-12 12:19 - 2013-09-28 08:32 - 00000000 ____D () C:\Program Files (x86)\CamStudio 2.7
2014-04-12 11:57 - 2014-04-12 11:57 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva
2014-04-12 11:57 - 2014-04-12 11:57 - 00000000 ____D () C:\Users\xy\AppData\Roaming\MOVAVI
2014-04-12 11:57 - 2014-04-12 11:57 - 00000000 ____D () C:\Users\xy\AppData\Local\Movavi
2014-04-12 11:42 - 2013-11-09 15:25 - 00004509 _____ () C:\Users\xy\AppData\Roaming\CamStudio.cfg
2014-04-12 11:42 - 2013-09-28 09:55 - 00000408 _____ () C:\Users\xy\AppData\Roaming\CamShapes.ini
2014-04-12 11:42 - 2013-09-28 09:55 - 00000408 _____ () C:\Users\xy\AppData\Roaming\CamLayout.ini
2014-04-12 11:42 - 2013-09-28 09:55 - 00000096 _____ () C:\Users\xy\AppData\Roaming\Camdata.ini
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\TechSmith
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime

Files to move or delete:
====================
C:\Users\xy\AppData\Roaming\Camdata.ini
C:\Users\xy\AppData\Roaming\CamLayout.ini
C:\Users\xy\AppData\Roaming\CamShapes.ini
C:\Users\xy\AppData\Roaming\options.ini
C:\Users\xy\AppData\Roaming\options_pdfcombine.ini
C:\Users\xy\AppData\Roaming\options_pdfrotator.ini
C:\Users\xy\AppData\Roaming\setup.ini
C:\Users\xy\AppData\Roaming\setup_pdfcombine.ini
C:\Users\xy\AppData\Roaming\setup_pdfrotator.ini
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\xy\AppData\Local\Temp\avgnt.exe
C:\Users\xy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4oohvo.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 06:43

==================== End Of Log ============================
--- --- ---

--- --- ---

dies zuerst das mit dem addition txt muss ich erst klären wie des läuft

ps danke für deine geduld :abklatsch:

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by xy at 2014-05-11 18:24:57
Running from C:\Users\xy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
Ashampoo Movie Studio v.1.0.13 (HKLM-x32\...\{91B33C97-54B3-9CEB-E911-246EDA9BDC9A}_is1) (Version: 1.0.13 - Ashampoo GmbH & Co. KG)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
calibre (HKLM-x32\...\{48C84341-E4F7-42EC-BED5-7A5CAA3291F5}) (Version: 1.33.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Project 2 (HKLM-x32\...\Thief22DeinstallKey) (Version:  - )
DarkLoader 4.3 (HKLM-x32\...\DarkLoader_is1) (Version: 4.3 - WhoopDeDo.org)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version:  - balesio AG)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{AF37F9DE-0726-439E-BC10-43D9195394D0}) (Version: 2.1.26.0 - MAGIX AG)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free Video Dub version 2.0.21.822 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.)
Free Videos To DVD V 4.0.0 (HKLM-x32\...\Free Videos To DVD_is1) (Version: 4.0.0.0 - Koyote soft)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
GarrettLoader 1.41 (HKLM-x32\...\GarrettLoader_is1) (Version: 1.41 - Richard Potter)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HOFER Bestellsoftware 4.12.1 (HKLM-x32\...\HOFER Bestellsoftware) (Version: 4.12.1 - ORWO Net)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java(TM) 7 Update 4 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004F0}) (Version: 7.0.40 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)
MAGIX Foto Manager 9 (HKLM-x32\...\MAGIX Foto Manager 9 D) (Version: 7.0.0.91 - MAGIX AG)
MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D) (HKLM-x32\...\MAGIX Fotos auf CD & DVD 9 deluxe D) (Version: 9.0.0.18 - MAGIX AG)
MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR D) (Version: 6.0.1.4 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFZilla V3.0.6 (HKLM-x32\...\PDFZilla_is1) (Version:  - PDFZilla, Inc.)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 4.5.0.0 - Stellar Information Systems Ltd.)
StreamTransport version: 1.1.0.1 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Sygate Personal Firewall (HKLM-x32\...\{F34D9A5F-484A-4E31-A9D3-908CB265B289}) (Version: 5.6.2808 - Sygate Technologies, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
Thief - The Dark Project  (Remove Only) (HKLM-x32\...\Thief - The Dark Project) (Version: 1.33 - Mastertronic Group Ltd.)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Thief 2 - The Metal Age  (Remove Only) (HKLM-x32\...\Thief 2 - The Metal Age) (Version: 1.18 - Mastertronic Group Ltd.)
Ultimate EPubsoft DRM Removal 8.5.5 (HKLM-x32\...\{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}) (Version: 8.5.5 - EPUBSOFT)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB/DVD-Downloadtool für Windows 7 (HKLM-x32\...\{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}) (Version: 1.0.30 - Microsoft Corporation)
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
ZoneAlarm Antivirus (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points  =========================

09-05-2014 04:07:42 Revo Uninstaller's restore point - MyPhoneExplorer
09-05-2014 04:10:04 Revo Uninstaller's restore point - Nokia Connectivity Cable Driver
09-05-2014 04:11:16 Revo Uninstaller's restore point - Photo to Cartoon
09-05-2014 04:11:30 Removed Photo to Cartoon
09-05-2014 04:12:48 Revo Uninstaller's restore point - Seterra 4.02
09-05-2014 04:14:08 Revo Uninstaller's restore point - WinPcap 4.1.2
09-05-2014 04:15:05 Revo Uninstaller's restore point - Raptr
10-05-2014 16:29:16 Revo Uninstaller's restore point - Free YouTube Download version 3.2.30.319
11-05-2014 13:15:59 OTL Restore Point - 11.05.2014 15:15:54
11-05-2014 13:53:21 OTL Restore Point - 11.05.2014 15:53:20
11-05-2014 14:42:37 Installed Microsoft Fix it 50906
11-05-2014 14:48:26 Revo Uninstaller's restore point - Free YouTube Download version 3.2.33.424

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____H C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E125C29-95DE-496B-86A3-2D1C0FC5DDC3} - \MySearchDial No Task File <==== ATTENTION
Task: {1F691731-16AF-4B3C-AD55-BF4F72AE95F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-04] (Adobe Systems Incorporated)
Task: {23531204-81FC-40A3-BFF9-ACEFB6788CC5} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {2A0DDAD7-4FA2-4736-A354-9B85417CCF83} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {36187001-8CCF-4CA9-8E26-679A9980EF78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {441A66ED-6311-4047-BA4B-ECF5BD68BF96} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4D89E493-FD66-4A94-BBD2-77B08DC85335} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {5D4A37BD-8A7E-4318-9087-F814EF2CB9B7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7ADCE2F0-A84A-45F8-A13B-E898612D8DBE} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {87804904-7149-4E85-8079-C97A1193CBE3} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {A682A5EB-4323-465A-807A-B67D9F926C4B} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {B961D51B-6104-4526-88CA-AD228A8348DC} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {BB15B8B0-87E0-4094-A4EA-ED482FB4C62F} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {C2FD483E-7372-4528-A173-57438B05346E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {C77811B6-F111-4FF4-A00E-120A1D461154} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {D540C745-CFDF-42C4-8412-1267B8F817AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {E74E4D8F-1897-44E0-9D8C-B6BFC338EA6B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {F76D45D8-AEF7-4CC2-9954-A80713EEA0BE} - \Dealply No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-03-07 12:29 - 2014-03-07 12:29 - 00118784 ____H () C:\Windows\system32\mswsockd.exe
2014-03-07 12:29 - 2014-03-07 12:29 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-05-30 16:10 - 2013-01-25 10:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-05-11 17:48 - 2014-05-11 17:48 - 00041984 _____ () c:\users\xy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4oohvo.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\xy\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-05 20:12 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-27 14:15 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-03-05 20:12 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-03-05 20:12 - 2014-04-24 00:01 - 01092288 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-03-05 20:12 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-03-05 20:12 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2014-03-05 20:12 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2014-03-05 20:12 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:BF31A799

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/13/2014 04:38:20 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1601 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (05/30/2013 05:53:02 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-11 09:46:16.055
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 09:46:15.922
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 09:46:15.516
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Downloads\everest\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 09:46:15.384
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Downloads\everest\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 09:43:44.895
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 09:43:44.763
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 09:43:44.145
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Downloads\everest\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 09:43:44.013
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Downloads\everest\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 07:07:35.196
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 07:07:35.076
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 3574.68 MB
Available physical RAM: 2495.01 MB
Total Pagefile: 7147.55 MB
Available Pagefile: 5409.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:210.06 GB) (Free:106.93 GB) NTFS
Drive d: (Volume) (Fixed) (Total:721.35 GB) (Free:383.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9D9072D6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=210 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=721 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Machiavelli 11.05.2014 17:34
hat sich erledigt

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-03-07] ()
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP450BAC43-2951-4AEA-B92A-B2072D18AF62&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir=
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM-x32\...\Firefox\Extensions: [{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}] - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014-05-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 ntoskrol; C:\Windows\system32\mswsockd.exe [118784 2014-03-07] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-05-10 18:34 - 2014-05-10 18:34 - 00001235 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-04-12 11:57 - 2014-04-12 11:57 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva
C:\ProgramData\dlprotect.exe
C:\Windows\system32\mswsockd.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


radogoal 11.05.2014 18:01
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014
Ran by xy at 2014-05-11 18:58:09 Run:1
Running from C:\Users\xy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-03-07] ()
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP450BAC43-2951-4AEA-B92A-B2072D18AF62&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czut CyD1B1P1R&cr=1989247540&ir=
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM-x32\...\Firefox\Extensions: [{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}] - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014-05-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 ntoskrol; C:\Windows\system32\mswsockd.exe [118784 2014-03-07] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-05-10 18:34 - 2014-05-10 18:34 - 00001235 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-04-12 11:57 - 2014-04-12 11:57 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva
C:\ProgramData\dlprotect.exe
C:\Windows\system32\mswsockd.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Download Protect => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F} => Value deleted successfully.
C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
ntoskrol => Service stopped successfully.
ntoskrol => Service deleted successfully.
esgiguard => Service deleted successfully.
C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk => Moved successfully.
C:\ProgramData\hwjqxkkr.zva => Moved successfully.
C:\ProgramData\dlprotect.exe => Moved successfully.
C:\Windows\system32\mswsockd.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Machiavelli 11.05.2014 18:07
Gut, das hat jetzt funktioniert. Wie läuft das System?


http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131