Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
IncrediBar eingefangen

IncrediBar eingefangen


Log-Analyse und Auswertung: IncrediBar eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 14.07.2012, 07:12   #1
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Hallo Zusammen,

ich habe mir Incredibar eingefangen und möchte den mist schnellstmöglich wieder los werden.
Wie in der anlaeitung steht, habeich mir Malwarebytes heruntergeladen und durchlaufen lassen. Am Ende wurden 4 infizierte Dateien in Quarantäne gesteckt. Wie geht es jetzt weiter??
Hier die log-Datei:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.13.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
axel :: AXEL [Administrator]

Schutz: Aktiviert

13.07.2012 17:29:57
mbam-log-2012-07-13 (17-29-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 751921
Laufzeit: 5 Stunde(n), 23 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Converter (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Programme\SuP\EIBTOOLS\_vtlcrtu.dll (Trojan.Scar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\install\PDFConverterSetup(1).exe (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\install\PDFConverterSetup.exe (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Besten Dank sagt axelchen

Alt 16.07.2012, 21:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.
__________________

__________________
Alt 17.07.2012, 06:30   #3
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Vielen Dank vorab, hier ist das Ergebnis von ESET:

C:\Users\Axel Wendt\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Windows.old\Documents and Settings\Wendt\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Documents and Settings\Wendt\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Documents and Settings\Wendt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Documents and Settings\Wendt\AppData\Local\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Documents and Settings\Wendt\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Documents and Settings\Wendt\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Users\Wendt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Users\Wendt\AppData\Local\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Users\Wendt\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
C:\Windows.old\Users\Wendt\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PIHFTU8H\vena[1].htm JS/Exploit.Agent.NBR trojan
E:\Dokumente und Einstellungen\Axel\Eigene Dateien\Downloads\SoftonicDownloader65368 (1).exe a variant of Win32/SoftonicDownloader.A application
E:\Dokumente und Einstellungen\Axel\Eigene Dateien\Downloads\SoftonicDownloader65368 (2).exe a variant of Win32/SoftonicDownloader.A application
E:\Dokumente und Einstellungen\Axel\Eigene Dateien\Downloads\SoftonicDownloader65368.exe a variant of Win32/SoftonicDownloader.A application
__________________
Alt 17.07.2012, 14:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Code:
ATTFilter
E:\Dokumente und Einstellungen\Axel\Eigene Dateien\Downloads\SoftonicDownloader65368 (1).exe a variant of Win32/SoftonicDownloader.A application
E:\Dokumente und Einstellungen\Axel\Eigene Dateien\Downloads\SoftonicDownloader65368 (2).exe a variant of Win32/SoftonicDownloader.A application
E:\Dokumente und Einstellungen\Axel\Eigene Dateien\Downloads\SoftonicDownloader65368.exe a variant of Win32/SoftonicDownloader.A application
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.07.2012, 16:33   #5
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Hallo Arne,

ja, ja ,ja jetzt weiß ich auch mehr was ich sein lassen soll. Ich habe nur den pdf creator von der Chip-Seite geladen- Fehler über Fehler :-(
Hier logdatei von AdwCleaner:
# AdwCleaner v1.702 - Logfile created 07/17/2012 at 17:30:48
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : axel - AXEL
# Running from : C:\Users\Axel Wendt\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\Program Files\DealPly
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\DealPly
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

-\\ Google Chrome v20.0.1132.57

*************************

AdwCleaner[R1].txt - [3759 octets] - [17/07/2012 17:30:48]

########## EOF - C:\AdwCleaner[R1].txt - [3887 octets] ##########


Vielen Dank sagt Axel


Alt 18.07.2012, 15:26   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
--> IncrediBar eingefangen

Alt 18.07.2012, 17:48   #7
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Hallo Arne,
habe ich alles gemacht. Hier das Ergebnis:
# AdwCleaner v1.702 - Logfile created 07/18/2012 at 18:40:52
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : axel - AXEL
# Running from : C:\Users\Axel Wendt\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Program Files\DealPly
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

-\\ Google Chrome v20.0.1132.57

*************************

AdwCleaner[R1].txt - [3888 octets] - [17/07/2012 17:30:48]
AdwCleaner[S1].txt - [3901 octets] - [18/07/2012 18:40:52]

########## EOF - C:\AdwCleaner[S1].txt - [4029 octets] ##########


Weiterhin vielen Dank :-)

Alt 19.07.2012, 10:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Hätte da mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Toolbar bzw. Weiterleitung nun weg?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.07.2012, 11:25   #9
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Hallo Arne,

- Windows läuft
- unter alle Programme ist alles OK
- die Toolbar ist nicht weg, immer wenn ich einen neuen reiter aufrufe, erscheint sie wieder

Beste Grüße

Axelchen

Alt 19.07.2012, 19:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.07.2012, 19:38   #11
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Hallo Arne,

hier der gewünschte code:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2012 20:24:52 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Axel Wendt\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 51,69% Memory free
6,99 Gb Paging File | 5,30 Gb Available in Paging File | 75,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 74,48 Gb Free Space | 50,00% Space Free | Partition Type: NTFS
Drive D: | 103,11 Gb Total Space | 39,07 Gb Free Space | 37,89% Space Free | Partition Type: NTFS
Drive E: | 45,94 Gb Total Space | 10,75 Gb Free Space | 23,39% Space Free | Partition Type: NTFS
Drive F: | 1248,21 Gb Total Space | 1080,41 Gb Free Space | 86,56% Space Free | Partition Type: NTFS
Drive K: | 62,22 Mb Total Space | 39,85 Mb Free Space | 64,04% Space Free | Partition Type: FAT
 
Computer Name: AXEL | User Name: axel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 20:20:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.19 19:07:50 | 007,145,984 | ---- | M] (AGFEO      ) -- C:\Programme\AGFEO\Tk-Suite\tools\ctimon.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\avmike.exe
PRC - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe
PRC - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.09.29 03:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.29 03:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.03 11:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 11:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010.07.07 17:39:10 | 009,936,000 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.02.12 00:15:24 | 000,279,928 | ---- | M] (AVM Berlin) -- C:\Programme\KEN!\kentbcli.exe
PRC - [2010.02.12 00:15:12 | 000,177,528 | ---- | M] (AVM Berlin) -- C:\Programme\KEN!\kencli.exe
PRC - [2010.02.11 00:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.02.11 00:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.01.26 10:50:52 | 000,741,040 | ---- | M] (Binary Fortress Software) -- C:\Programme\DisplayFusion\DisplayFusion.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.12.17 04:07:04 | 000,341,304 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe
PRC - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 14:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.09.21 12:40:50 | 001,681,408 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.20 12:28:26 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\LBTWiz.exe
PRC - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.05.05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007.08.31 19:43:32 | 000,907,040 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007.08.31 19:38:08 | 000,140,568 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007.08.31 19:38:04 | 000,427,288 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007.08.31 19:35:54 | 002,622,232 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2005.03.02 08:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [1999.09.30 22:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 03:24:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.13 03:23:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 03:23:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 20:03:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 20:02:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 20:02:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 20:02:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 20:02:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.02.29 20:43:12 | 000,026,112 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll
MOD - [2012.02.29 20:43:06 | 000,196,096 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll
MOD - [2012.02.29 20:41:52 | 000,470,016 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll
MOD - [2012.02.29 20:37:52 | 010,856,960 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtWebKit4.dll
MOD - [2012.02.29 19:01:54 | 001,294,336 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtScript4.dll
MOD - [2012.02.29 18:46:18 | 000,266,752 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\phonon4.dll
MOD - [2012.02.29 18:41:54 | 008,072,192 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtGui4.dll
MOD - [2012.02.29 18:28:56 | 000,186,880 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtSql4.dll
MOD - [2012.02.29 18:28:46 | 000,977,408 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtNetwork4.dll
MOD - [2012.02.29 18:27:12 | 002,251,776 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtCore4.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.09.30 23:36:20 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.06.01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2009.09.02 03:28:04 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2007.08.31 18:13:50 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.18 07:32:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.12.25 04:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.29 03:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.09.23 01:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.02.12 00:15:12 | 000,177,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\KEN!\kencli.exe -- (KEN Client Service)
SRV - [2010.02.11 00:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007.08.31 19:38:04 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.03.02 08:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2012.07.19 06:55:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34625A7D-998B-433B-B4CF-0798CD02ED5A}\MpKsl13eef685.sys -- (MpKsl13eef685)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.09.06 11:10:02 | 000,119,040 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2011.07.05 20:42:00 | 000,334,712 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)
DRV - [2011.04.24 19:24:16 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mv2.sys -- (mv2)
DRV - [2011.04.12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011.02.18 08:20:22 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum)
DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010.11.26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010.11.22 20:21:05 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010.11.22 20:21:05 | 000,044,416 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.11.22 20:21:04 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.11.22 20:21:03 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.16 13:59:49 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010.11.04 19:10:34 | 000,265,744 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsBda.sys -- (MTSBDA)
DRV - [2010.11.04 19:10:34 | 000,023,568 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID)
DRV - [2010.09.29 04:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.29 03:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.08.16 12:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.08.06 10:53:12 | 000,257,064 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mv91xx.sys -- (mv91xx)
DRV - [2010.02.12 00:14:08 | 000,063,160 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ndc.sys -- (ndc)
DRV - [2010.01.28 16:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.01.22 13:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.01.22 13:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.12.18 16:00:01 | 000,063,872 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009.12.18 16:00:01 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.11.23 18:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 18:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.10.19 03:56:10 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009.10.02 16:29:42 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2009.09.17 13:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 00:02:54 | 000,588,544 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fus2base.sys -- (FUS2BASE)
DRV - [2009.07.14 00:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008.11.28 15:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005.03.02 08:10:00 | 000,090,168 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2005.03.02 08:10:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004.10.12 23:42:02 | 000,040,873 | ---- | M] (KOBIL Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KOBKNUSB.sys -- (KOBKNUSB)
DRV - [2004.05.25 09:35:12 | 000,010,368 | ---- | M] (F.Schlaps & Partner GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EW_USB.sys -- (EW_USB)
DRV - [2004.05.25 09:35:12 | 000,007,296 | ---- | M] (F. Schlaps und Partner GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hid.sys -- (EW_HID)
DRV - [2003.04.07 04:37:58 | 000,075,264 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2003.04.02 10:07:24 | 000,054,528 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpserx.sys -- (SNXPSERX)
DRV - [2003.04.02 10:06:58 | 000,020,864 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2002.09.19 22:07:50 | 000,034,683 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pei16Wdm.sys -- (Pei16Wdm)
DRV - [2002.08.15 10:20:04 | 000,035,547 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pei10Wdm.sys -- (Pei10Wdm)
DRV - [2002.06.17 03:14:00 | 000,012,906 | ---- | M] (Towitoko AG) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TWKUSB.SYS -- (TWKUSB)
DRV - [2002.06.17 03:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2002.06.17 03:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TWKMS.SYS -- (TwkMs)
DRV - [1997.09.10 09:14:00 | 000,054,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSIPDDP.SYS -- (SSIPDDP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\.DEFAULT\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0215F628-E8E3-4AE4-960C-84A549AA1BE9}
IE - HKU\.DEFAULT\..\SearchScopes\{0215F628-E8E3-4AE4-960C-84A549AA1BE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-18\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0215F628-E8E3-4AE4-960C-84A549AA1BE9}
IE - HKU\S-1-5-18\..\SearchScopes\{0215F628-E8E3-4AE4-960C-84A549AA1BE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 28 8C 5E 19 7C CB 01  [binary data]
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes,DefaultScope = {0799B107-1103-4fe8-888A-D5E4C3E076AA}
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0799B107-1103-4fe8-888A-D5E4C3E076AA}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0D2B4629-84DF-4f41-9E23-F2DF3AE791FA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{ABB865AC-9D03-4B1C-9CB5-64C55C5DBA17}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{E4AA9826-736B-4135-A59C-C70170EEF288}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.77.10:3128;https=192.168.77.10:3128;ftp=192.168.77.10:3128;socks=192.168.77.10:1080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749_yserp"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQCekajrv&&i=26&search="
FF - prefs.js..network.proxy.ftp: "192.168.77.10"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.77.10"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.socks: "192.168.77.10"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "192.168.77.10"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Axel Wendt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Axel Wendt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
 
[2010.11.25 11:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Extensions
[2012.07.13 15:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions
[2011.07.30 13:04:27 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.07.12 17:41:24 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\formhistory@yahoo.com
[2012.03.22 21:47:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\support@lastpass.com
[2011.01.08 18:23:19 | 000,002,395 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\1zjddppd.default\searchplugins\askcom.xml
[2012.07.02 11:30:41 | 000,002,203 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\1zjddppd.default\searchplugins\MyStart Search.xml
[2012.05.06 06:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 07:32:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.02 13:57:41 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCentraUpdater.dll
[2009.04.27 09:20:38 | 000,126,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\np_hoem_x.dll
[2012.05.06 06:47:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.06 06:47:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.06 06:47:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.06 06:47:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.06 06:47:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.06 06:47:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
CHR - default_search_provider: suggest_url = 
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Centra Updater Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: HOEM ActiveX plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_hoem_x.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: DealPly = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KEN Taskbar Client] C:\Program Files\KEN!\kentbcli.exe (AVM Berlin)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} hxxp://conference.gira.de/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {3360DAE7-B224-4A07-B707-50F59F51D2A4} hxxp://192.168.77.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject2.cab (SSObject2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://192.168.77.51/AxViewer/AxMediaControl.cab (AxMediaControl Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.82.31/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F0210D0-08D9-4CFE-97E0-D0A586D9CD83}: NameServer = 192.168.77.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.24 00:00:00 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 20:20:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
[2012.07.16 20:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.16 20:53:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Axel Wendt\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\FW Updater N146
[2012.07.13 17:22:14 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Malwarebytes
[2012.07.13 17:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.13 17:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 17:21:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.13 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.12 09:49:12 | 000,000,000 | ---D | C] -- C:\agfeo_LanModul510
[2012.07.12 09:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGFEO TK-Suite Tools
[2012.07.12 07:27:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 07:27:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 07:27:26 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 07:27:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 07:27:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 07:27:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 07:27:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 07:22:15 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 19:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.11 19:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.11 19:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.11 19:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.11 19:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.07.11 12:46:02 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 12:40:05 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.11 11:46:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.09 10:15:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 10:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.09 10:15:02 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\pdfforge
[2012.07.09 10:14:58 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.07.09 10:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.07.09 10:14:56 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\OpenCandy
[2012.07.02 11:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.07.02 11:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.06.30 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\Documents\Gira
[2012.06.30 15:36:57 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Gira
[2012.06.30 13:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.30 13:02:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.06.30 13:02:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.28 11:54:34 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.06.28 09:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\go1984 Desktop Client
[2012.06.28 09:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\go1984 Desktop Client
[2012.06.25 13:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIRA-SOFTWARE
[2012.06.25 13:10:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Gira
[2012.06.25 13:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Gira
[2012.06.24 11:14:59 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Iminent
[2012.06.23 18:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Schlaps
[2012.06.23 10:39:22 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 10:39:21 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 10:39:06 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 10:39:06 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 10:39:06 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 10:38:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 10:38:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 20:20:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
[2012.07.19 20:06:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 19:32:11 | 000,000,790 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\OBETA electro.website
[2012.07.19 07:05:07 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.07.19 07:03:23 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 07:03:23 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 06:55:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.19 06:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 06:54:45 | 2817,007,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 15:53:42 | 000,000,000 | ---- | M] () -- C:\Users\Axel Wendt\Documents\Nuance Image Printer Writer Port
[2012.07.17 15:57:17 | 000,624,883 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\adwcleaner.exe
[2012.07.17 08:54:02 | 000,659,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.17 08:54:02 | 000,621,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.17 08:54:02 | 000,132,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.17 08:54:02 | 000,108,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.16 20:51:09 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Axel Wendt\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 15:29:59 | 000,002,899 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\FW Updater N146.lnk
[2012.07.16 11:29:28 | 000,038,419 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.07.14 20:06:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 09:56:55 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024395085-17980697-762386427-1000Core1cd61963bd98e78.job
[2012.07.13 17:21:57 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 13:13:08 | 000,556,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 11:03:00 | 000,001,194 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk
[2012.07.11 19:19:31 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.11 19:11:27 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.09 10:15:04 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.07.09 10:15:04 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.03 09:25:51 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.07.03 08:03:53 | 000,034,440 | ---- | M] () -- C:\Users\Axel Wendt\Documents\040847.alog
[2012.07.02 11:30:59 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.06.30 13:01:57 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.30 13:01:57 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.28 09:59:19 | 000,001,054 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\go1984.lnk
[2012.06.25 13:19:44 | 000,001,182 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\Experte 2.8.lnk
[2012.06.23 18:52:35 | 000,001,355 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\EIBDoktor.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.17 17:30:22 | 000,624,883 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\adwcleaner.exe
[2012.07.16 15:29:59 | 000,002,899 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\FW Updater N146.lnk
[2012.07.16 15:29:59 | 000,002,859 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FW Updater N146.lnk
[2012.07.16 11:29:28 | 000,038,419 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.07.14 09:56:54 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024395085-17980697-762386427-1000Core1cd61963bd98e78.job
[2012.07.13 17:21:57 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 19:19:31 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.11 19:11:27 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.09 10:15:04 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.07.09 10:15:04 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.03 08:03:03 | 000,034,440 | ---- | C] () -- C:\Users\Axel Wendt\Documents\040847.alog
[2012.07.02 11:30:59 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.06.28 09:59:19 | 000,001,054 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\go1984.lnk
[2012.06.25 13:19:44 | 000,001,182 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\Experte 2.8.lnk
[2012.06.24 11:14:45 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.06.23 18:52:35 | 000,001,355 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\EIBDoktor.lnk
[2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.03.26 14:25:01 | 000,022,059 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR
[2012.03.12 21:48:01 | 000,011,275 | ---- | C] () -- C:\Windows\System32\kgittsd.dll
[2012.03.12 21:47:51 | 000,011,275 | ---- | C] () -- C:\Windows\System32\gttsd.dll
[2012.01.29 20:34:12 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.11.24 18:29:45 | 000,000,064 | ---- | C] () -- C:\Windows\Qsuite.ini
[2011.09.22 08:33:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.25 20:31:53 | 000,000,281 | ---- | C] () -- C:\ProgramData\{BABE1E59-F3A3-4B2B-80B1-41928543A042}_WiseFW.ini
[2011.07.02 00:01:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.19 08:19:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.13 11:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.05.13 11:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.05.13 11:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.05.13 11:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2011.04.28 15:51:10 | 000,000,027 | ---- | C] () -- C:\Windows\EZSET_SP.INI
[2011.04.28 15:41:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\KmTwain.ini
[2011.02.13 13:13:03 | 000,007,600 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Local\resmon.resmoncfg
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011.01.04 19:06:50 | 000,698,000 | ---- | C] () -- C:\Windows\unins000.exe
[2011.01.04 19:06:50 | 000,001,092 | ---- | C] () -- C:\Windows\unins000.dat
[2010.11.30 18:58:04 | 000,000,087 | ---- | C] () -- C:\Windows\ccolwiz.ini
[2010.11.27 18:02:53 | 000,000,013 | ---- | C] () -- C:\Windows\7smp1_0.dll
[2010.11.21 21:00:20 | 000,010,491 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010.11.20 18:25:39 | 000,000,264 | ---- | C] () -- C:\Windows\SCARDSRV.INI
[2010.11.20 18:25:26 | 000,000,597 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.11.20 18:24:53 | 000,002,900 | ---- | C] () -- C:\Windows\twkverck.dat
[2010.11.20 17:45:15 | 000,002,814 | ---- | C] () -- C:\Program Files\Axis 215.html
[2010.11.16 13:59:49 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010.11.15 21:05:29 | 000,000,920 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.11.15 21:05:29 | 000,000,119 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.11.15 21:05:18 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.15 21:04:41 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7820n.dat
[2010.11.15 21:04:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.11.14 14:23:52 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2010.11.14 14:23:50 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010.11.14 14:23:49 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.11.04 16:18:54 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.11.04 16:09:11 | 000,001,026 | ---- | C] () -- C:\Windows\BUSCHSCR.INI
[2010.11.04 15:43:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.04 15:32:51 | 000,067,584 | ---- | C] () -- C:\Windows\System32\SSIREGI.EXE
[2010.11.04 15:32:51 | 000,067,584 | ---- | C] () -- C:\Windows\System32\drivers\SSIREGI.EXE
[2010.11.04 15:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\SSIPDDP.SYS
[2010.11.04 15:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\SSIPDDP.SYS
[2010.11.04 15:32:15 | 000,001,450 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.04 15:32:15 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.04 15:31:12 | 000,408,576 | ---- | C] () -- C:\Windows\System32\javai.dll
[2010.11.04 15:31:12 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll
[2010.11.04 15:31:12 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF.dll
[2010.11.04 15:31:12 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll
[2010.11.04 15:31:12 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF.dll
[2010.11.04 15:31:12 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll
[2010.11.04 15:31:12 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ifl.dll
[2010.11.04 15:31:12 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mscomstf.dll
[2010.11.04 15:31:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG.dll
[2010.11.04 15:31:12 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll
[2010.11.04 15:31:12 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF.dll
[2010.11.04 15:31:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\msshlstf.dll
[2010.11.04 15:31:12 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll
[2010.11.04 15:31:12 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP.dll
[2010.11.04 15:31:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010.11.04 15:31:11 | 000,364,032 | ---- | C] () -- C:\Windows\System32\HA312W32.DLL
[2010.11.04 15:31:11 | 000,204,476 | ---- | C] () -- C:\Windows\sendmail.exe
[2010.11.04 15:31:11 | 000,048,128 | ---- | C] () -- C:\Windows\System32\crexpd32.dll
[2010.11.04 15:31:11 | 000,028,672 | ---- | C] () -- C:\Windows\DdsSysOp.exe
[2010.11.04 14:27:38 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010.11.04 14:27:38 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.11.04 14:27:35 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2010.11.04 14:27:35 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2010.11.04 14:19:45 | 000,051,593 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.11.04 14:16:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.11.04 14:16:43 | 000,033,855 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.08.11 15:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:01C66DD9
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:0B9FB94D

< End of report >
--- --- ---

Vielen Dank sagt Axelchen

Alt 19.07.2012, 19:40   #12
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Hallo Arne,

hier der gewünschte code:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2012 20:24:52 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Axel Wendt\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 51,69% Memory free
6,99 Gb Paging File | 5,30 Gb Available in Paging File | 75,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 74,48 Gb Free Space | 50,00% Space Free | Partition Type: NTFS
Drive D: | 103,11 Gb Total Space | 39,07 Gb Free Space | 37,89% Space Free | Partition Type: NTFS
Drive E: | 45,94 Gb Total Space | 10,75 Gb Free Space | 23,39% Space Free | Partition Type: NTFS
Drive F: | 1248,21 Gb Total Space | 1080,41 Gb Free Space | 86,56% Space Free | Partition Type: NTFS
Drive K: | 62,22 Mb Total Space | 39,85 Mb Free Space | 64,04% Space Free | Partition Type: FAT
 
Computer Name: AXEL | User Name: axel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 20:20:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.19 19:07:50 | 007,145,984 | ---- | M] (AGFEO      ) -- C:\Programme\AGFEO\Tk-Suite\tools\ctimon.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\avmike.exe
PRC - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe
PRC - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.09.29 03:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.29 03:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.03 11:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 11:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010.07.07 17:39:10 | 009,936,000 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.02.12 00:15:24 | 000,279,928 | ---- | M] (AVM Berlin) -- C:\Programme\KEN!\kentbcli.exe
PRC - [2010.02.12 00:15:12 | 000,177,528 | ---- | M] (AVM Berlin) -- C:\Programme\KEN!\kencli.exe
PRC - [2010.02.11 00:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.02.11 00:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.01.26 10:50:52 | 000,741,040 | ---- | M] (Binary Fortress Software) -- C:\Programme\DisplayFusion\DisplayFusion.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.12.17 04:07:04 | 000,341,304 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe
PRC - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 14:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.09.21 12:40:50 | 001,681,408 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.20 12:28:26 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\LBTWiz.exe
PRC - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.05.05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007.08.31 19:43:32 | 000,907,040 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007.08.31 19:38:08 | 000,140,568 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007.08.31 19:38:04 | 000,427,288 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007.08.31 19:35:54 | 002,622,232 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2005.03.02 08:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [1999.09.30 22:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 03:24:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.13 03:23:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 03:23:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 20:03:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 20:02:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 20:02:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 20:02:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 20:02:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.02.29 20:43:12 | 000,026,112 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll
MOD - [2012.02.29 20:43:06 | 000,196,096 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll
MOD - [2012.02.29 20:41:52 | 000,470,016 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll
MOD - [2012.02.29 20:37:52 | 010,856,960 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtWebKit4.dll
MOD - [2012.02.29 19:01:54 | 001,294,336 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtScript4.dll
MOD - [2012.02.29 18:46:18 | 000,266,752 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\phonon4.dll
MOD - [2012.02.29 18:41:54 | 008,072,192 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtGui4.dll
MOD - [2012.02.29 18:28:56 | 000,186,880 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtSql4.dll
MOD - [2012.02.29 18:28:46 | 000,977,408 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtNetwork4.dll
MOD - [2012.02.29 18:27:12 | 002,251,776 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtCore4.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.09.30 23:36:20 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.06.01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2009.09.02 03:28:04 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2007.08.31 18:13:50 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.18 07:32:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.12.25 04:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.29 03:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.09.23 01:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.02.12 00:15:12 | 000,177,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\KEN!\kencli.exe -- (KEN Client Service)
SRV - [2010.02.11 00:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007.08.31 19:38:04 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.03.02 08:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2012.07.19 06:55:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34625A7D-998B-433B-B4CF-0798CD02ED5A}\MpKsl13eef685.sys -- (MpKsl13eef685)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.09.06 11:10:02 | 000,119,040 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2011.07.05 20:42:00 | 000,334,712 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)
DRV - [2011.04.24 19:24:16 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mv2.sys -- (mv2)
DRV - [2011.04.12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011.02.18 08:20:22 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum)
DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010.11.26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010.11.22 20:21:05 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010.11.22 20:21:05 | 000,044,416 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.11.22 20:21:04 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.11.22 20:21:03 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.16 13:59:49 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010.11.04 19:10:34 | 000,265,744 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsBda.sys -- (MTSBDA)
DRV - [2010.11.04 19:10:34 | 000,023,568 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID)
DRV - [2010.09.29 04:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.29 03:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.08.16 12:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.08.06 10:53:12 | 000,257,064 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mv91xx.sys -- (mv91xx)
DRV - [2010.02.12 00:14:08 | 000,063,160 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ndc.sys -- (ndc)
DRV - [2010.01.28 16:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.01.22 13:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.01.22 13:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.12.18 16:00:01 | 000,063,872 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009.12.18 16:00:01 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.11.23 18:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 18:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.10.19 03:56:10 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009.10.02 16:29:42 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2009.09.17 13:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 00:02:54 | 000,588,544 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fus2base.sys -- (FUS2BASE)
DRV - [2009.07.14 00:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008.11.28 15:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005.03.02 08:10:00 | 000,090,168 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2005.03.02 08:10:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004.10.12 23:42:02 | 000,040,873 | ---- | M] (KOBIL Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KOBKNUSB.sys -- (KOBKNUSB)
DRV - [2004.05.25 09:35:12 | 000,010,368 | ---- | M] (F.Schlaps & Partner GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EW_USB.sys -- (EW_USB)
DRV - [2004.05.25 09:35:12 | 000,007,296 | ---- | M] (F. Schlaps und Partner GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hid.sys -- (EW_HID)
DRV - [2003.04.07 04:37:58 | 000,075,264 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2003.04.02 10:07:24 | 000,054,528 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpserx.sys -- (SNXPSERX)
DRV - [2003.04.02 10:06:58 | 000,020,864 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2002.09.19 22:07:50 | 000,034,683 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pei16Wdm.sys -- (Pei16Wdm)
DRV - [2002.08.15 10:20:04 | 000,035,547 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pei10Wdm.sys -- (Pei10Wdm)
DRV - [2002.06.17 03:14:00 | 000,012,906 | ---- | M] (Towitoko AG) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TWKUSB.SYS -- (TWKUSB)
DRV - [2002.06.17 03:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2002.06.17 03:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TWKMS.SYS -- (TwkMs)
DRV - [1997.09.10 09:14:00 | 000,054,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSIPDDP.SYS -- (SSIPDDP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\.DEFAULT\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0215F628-E8E3-4AE4-960C-84A549AA1BE9}
IE - HKU\.DEFAULT\..\SearchScopes\{0215F628-E8E3-4AE4-960C-84A549AA1BE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-18\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0215F628-E8E3-4AE4-960C-84A549AA1BE9}
IE - HKU\S-1-5-18\..\SearchScopes\{0215F628-E8E3-4AE4-960C-84A549AA1BE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 28 8C 5E 19 7C CB 01  [binary data]
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes,DefaultScope = {0799B107-1103-4fe8-888A-D5E4C3E076AA}
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0799B107-1103-4fe8-888A-D5E4C3E076AA}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0D2B4629-84DF-4f41-9E23-F2DF3AE791FA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{ABB865AC-9D03-4B1C-9CB5-64C55C5DBA17}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{E4AA9826-736B-4135-A59C-C70170EEF288}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.77.10:3128;https=192.168.77.10:3128;ftp=192.168.77.10:3128;socks=192.168.77.10:1080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749_yserp"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQCekajrv&&i=26&search="
FF - prefs.js..network.proxy.ftp: "192.168.77.10"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.77.10"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.socks: "192.168.77.10"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "192.168.77.10"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Axel Wendt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Axel Wendt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
 
[2010.11.25 11:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Extensions
[2012.07.13 15:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions
[2011.07.30 13:04:27 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.07.12 17:41:24 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\formhistory@yahoo.com
[2012.03.22 21:47:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\support@lastpass.com
[2011.01.08 18:23:19 | 000,002,395 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\1zjddppd.default\searchplugins\askcom.xml
[2012.07.02 11:30:41 | 000,002,203 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\1zjddppd.default\searchplugins\MyStart Search.xml
[2012.05.06 06:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 07:32:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.02 13:57:41 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCentraUpdater.dll
[2009.04.27 09:20:38 | 000,126,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\np_hoem_x.dll
[2012.05.06 06:47:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.06 06:47:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.06 06:47:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.06 06:47:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.06 06:47:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.06 06:47:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
CHR - default_search_provider: suggest_url = 
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Centra Updater Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: HOEM ActiveX plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_hoem_x.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: DealPly = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KEN Taskbar Client] C:\Program Files\KEN!\kentbcli.exe (AVM Berlin)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} hxxp://conference.gira.de/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {3360DAE7-B224-4A07-B707-50F59F51D2A4} hxxp://192.168.77.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject2.cab (SSObject2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://192.168.77.51/AxViewer/AxMediaControl.cab (AxMediaControl Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.82.31/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F0210D0-08D9-4CFE-97E0-D0A586D9CD83}: NameServer = 192.168.77.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.24 00:00:00 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 20:20:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
[2012.07.16 20:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.16 20:53:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Axel Wendt\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\FW Updater N146
[2012.07.13 17:22:14 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Malwarebytes
[2012.07.13 17:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.13 17:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 17:21:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.13 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.12 09:49:12 | 000,000,000 | ---D | C] -- C:\agfeo_LanModul510
[2012.07.12 09:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGFEO TK-Suite Tools
[2012.07.12 07:27:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 07:27:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 07:27:26 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 07:27:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 07:27:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 07:27:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 07:27:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 07:22:15 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 19:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.11 19:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.11 19:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.11 19:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.11 19:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.07.11 12:46:02 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 12:40:05 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.11 11:46:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.09 10:15:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 10:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.09 10:15:02 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\pdfforge
[2012.07.09 10:14:58 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.07.09 10:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.07.09 10:14:56 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\OpenCandy
[2012.07.02 11:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.07.02 11:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.06.30 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\Documents\Gira
[2012.06.30 15:36:57 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Gira
[2012.06.30 13:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.30 13:02:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.06.30 13:02:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.28 11:54:34 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.06.28 09:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\go1984 Desktop Client
[2012.06.28 09:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\go1984 Desktop Client
[2012.06.25 13:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIRA-SOFTWARE
[2012.06.25 13:10:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Gira
[2012.06.25 13:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Gira
[2012.06.24 11:14:59 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Iminent
[2012.06.23 18:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Schlaps
[2012.06.23 10:39:22 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 10:39:21 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 10:39:06 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 10:39:06 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 10:39:06 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 10:38:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 10:38:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 20:20:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
[2012.07.19 20:06:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 19:32:11 | 000,000,790 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\OBETA electro.website
[2012.07.19 07:05:07 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.07.19 07:03:23 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 07:03:23 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 06:55:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.19 06:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 06:54:45 | 2817,007,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 15:53:42 | 000,000,000 | ---- | M] () -- C:\Users\Axel Wendt\Documents\Nuance Image Printer Writer Port
[2012.07.17 15:57:17 | 000,624,883 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\adwcleaner.exe
[2012.07.17 08:54:02 | 000,659,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.17 08:54:02 | 000,621,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.17 08:54:02 | 000,132,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.17 08:54:02 | 000,108,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.16 20:51:09 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Axel Wendt\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 15:29:59 | 000,002,899 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\FW Updater N146.lnk
[2012.07.16 11:29:28 | 000,038,419 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.07.14 20:06:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 09:56:55 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024395085-17980697-762386427-1000Core1cd61963bd98e78.job
[2012.07.13 17:21:57 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 13:13:08 | 000,556,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 11:03:00 | 000,001,194 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk
[2012.07.11 19:19:31 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.11 19:11:27 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.09 10:15:04 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.07.09 10:15:04 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.03 09:25:51 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.07.03 08:03:53 | 000,034,440 | ---- | M] () -- C:\Users\Axel Wendt\Documents\040847.alog
[2012.07.02 11:30:59 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.06.30 13:01:57 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.30 13:01:57 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.28 09:59:19 | 000,001,054 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\go1984.lnk
[2012.06.25 13:19:44 | 000,001,182 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\Experte 2.8.lnk
[2012.06.23 18:52:35 | 000,001,355 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\EIBDoktor.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.17 17:30:22 | 000,624,883 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\adwcleaner.exe
[2012.07.16 15:29:59 | 000,002,899 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\FW Updater N146.lnk
[2012.07.16 15:29:59 | 000,002,859 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FW Updater N146.lnk
[2012.07.16 11:29:28 | 000,038,419 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.07.14 09:56:54 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024395085-17980697-762386427-1000Core1cd61963bd98e78.job
[2012.07.13 17:21:57 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 19:19:31 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.11 19:11:27 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.09 10:15:04 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.07.09 10:15:04 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.03 08:03:03 | 000,034,440 | ---- | C] () -- C:\Users\Axel Wendt\Documents\040847.alog
[2012.07.02 11:30:59 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.06.28 09:59:19 | 000,001,054 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\go1984.lnk
[2012.06.25 13:19:44 | 000,001,182 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\Experte 2.8.lnk
[2012.06.24 11:14:45 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.06.23 18:52:35 | 000,001,355 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\EIBDoktor.lnk
[2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.03.26 14:25:01 | 000,022,059 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR
[2012.03.12 21:48:01 | 000,011,275 | ---- | C] () -- C:\Windows\System32\kgittsd.dll
[2012.03.12 21:47:51 | 000,011,275 | ---- | C] () -- C:\Windows\System32\gttsd.dll
[2012.01.29 20:34:12 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.11.24 18:29:45 | 000,000,064 | ---- | C] () -- C:\Windows\Qsuite.ini
[2011.09.22 08:33:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.25 20:31:53 | 000,000,281 | ---- | C] () -- C:\ProgramData\{BABE1E59-F3A3-4B2B-80B1-41928543A042}_WiseFW.ini
[2011.07.02 00:01:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.19 08:19:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.13 11:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.05.13 11:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.05.13 11:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.05.13 11:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2011.04.28 15:51:10 | 000,000,027 | ---- | C] () -- C:\Windows\EZSET_SP.INI
[2011.04.28 15:41:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\KmTwain.ini
[2011.02.13 13:13:03 | 000,007,600 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Local\resmon.resmoncfg
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011.01.04 19:06:50 | 000,698,000 | ---- | C] () -- C:\Windows\unins000.exe
[2011.01.04 19:06:50 | 000,001,092 | ---- | C] () -- C:\Windows\unins000.dat
[2010.11.30 18:58:04 | 000,000,087 | ---- | C] () -- C:\Windows\ccolwiz.ini
[2010.11.27 18:02:53 | 000,000,013 | ---- | C] () -- C:\Windows\7smp1_0.dll
[2010.11.21 21:00:20 | 000,010,491 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010.11.20 18:25:39 | 000,000,264 | ---- | C] () -- C:\Windows\SCARDSRV.INI
[2010.11.20 18:25:26 | 000,000,597 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.11.20 18:24:53 | 000,002,900 | ---- | C] () -- C:\Windows\twkverck.dat
[2010.11.20 17:45:15 | 000,002,814 | ---- | C] () -- C:\Program Files\Axis 215.html
[2010.11.16 13:59:49 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010.11.15 21:05:29 | 000,000,920 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.11.15 21:05:29 | 000,000,119 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.11.15 21:05:18 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.15 21:04:41 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7820n.dat
[2010.11.15 21:04:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.11.14 14:23:52 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2010.11.14 14:23:50 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010.11.14 14:23:49 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.11.04 16:18:54 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.11.04 16:09:11 | 000,001,026 | ---- | C] () -- C:\Windows\BUSCHSCR.INI
[2010.11.04 15:43:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.04 15:32:51 | 000,067,584 | ---- | C] () -- C:\Windows\System32\SSIREGI.EXE
[2010.11.04 15:32:51 | 000,067,584 | ---- | C] () -- C:\Windows\System32\drivers\SSIREGI.EXE
[2010.11.04 15:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\SSIPDDP.SYS
[2010.11.04 15:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\SSIPDDP.SYS
[2010.11.04 15:32:15 | 000,001,450 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.04 15:32:15 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.04 15:31:12 | 000,408,576 | ---- | C] () -- C:\Windows\System32\javai.dll
[2010.11.04 15:31:12 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll
[2010.11.04 15:31:12 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF.dll
[2010.11.04 15:31:12 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll
[2010.11.04 15:31:12 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF.dll
[2010.11.04 15:31:12 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll
[2010.11.04 15:31:12 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ifl.dll
[2010.11.04 15:31:12 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mscomstf.dll
[2010.11.04 15:31:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG.dll
[2010.11.04 15:31:12 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll
[2010.11.04 15:31:12 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF.dll
[2010.11.04 15:31:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\msshlstf.dll
[2010.11.04 15:31:12 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll
[2010.11.04 15:31:12 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP.dll
[2010.11.04 15:31:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010.11.04 15:31:11 | 000,364,032 | ---- | C] () -- C:\Windows\System32\HA312W32.DLL
[2010.11.04 15:31:11 | 000,204,476 | ---- | C] () -- C:\Windows\sendmail.exe
[2010.11.04 15:31:11 | 000,048,128 | ---- | C] () -- C:\Windows\System32\crexpd32.dll
[2010.11.04 15:31:11 | 000,028,672 | ---- | C] () -- C:\Windows\DdsSysOp.exe
[2010.11.04 14:27:38 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010.11.04 14:27:38 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.11.04 14:27:35 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2010.11.04 14:27:35 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2010.11.04 14:19:45 | 000,051,593 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.11.04 14:16:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.11.04 14:16:43 | 000,033,855 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.08.11 15:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:01C66DD9
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:0B9FB94D

< End of report >
--- --- ---


Vielen Dank sagt Axelchen

Alt 19.07.2012, 19:59   #13
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Hallo Arne,

sorry, in benutzerdefinierte Scan fehlte etwas, daher noch einmal:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2012 20:39:38 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Axel Wendt\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 48,06% Memory free
6,99 Gb Paging File | 5,19 Gb Available in Paging File | 74,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 74,96 Gb Free Space | 50,33% Space Free | Partition Type: NTFS
Drive D: | 103,11 Gb Total Space | 39,07 Gb Free Space | 37,89% Space Free | Partition Type: NTFS
Drive E: | 45,94 Gb Total Space | 10,75 Gb Free Space | 23,39% Space Free | Partition Type: NTFS
Drive F: | 1248,21 Gb Total Space | 1080,41 Gb Free Space | 86,56% Space Free | Partition Type: NTFS
Drive K: | 62,22 Mb Total Space | 39,85 Mb Free Space | 64,04% Space Free | Partition Type: FAT
 
Computer Name: AXEL | User Name: axel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 20:20:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.19 19:07:50 | 007,145,984 | ---- | M] (AGFEO      ) -- C:\Programme\AGFEO\Tk-Suite\tools\ctimon.exe
PRC - [2012.06.18 07:32:07 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\avmike.exe
PRC - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe
PRC - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.09.29 03:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.29 03:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.03 11:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 11:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010.07.07 17:39:10 | 009,936,000 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.02.12 00:15:24 | 000,279,928 | ---- | M] (AVM Berlin) -- C:\Programme\KEN!\kentbcli.exe
PRC - [2010.02.12 00:15:12 | 000,177,528 | ---- | M] (AVM Berlin) -- C:\Programme\KEN!\kencli.exe
PRC - [2010.02.11 00:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.02.11 00:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.01.26 10:50:52 | 000,741,040 | ---- | M] (Binary Fortress Software) -- C:\Programme\DisplayFusion\DisplayFusion.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.12.17 04:07:04 | 000,341,304 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe
PRC - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 14:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.09.21 12:40:50 | 001,681,408 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.20 12:28:26 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\LBTWiz.exe
PRC - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.05.05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007.08.31 19:43:32 | 000,907,040 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007.08.31 19:38:08 | 000,140,568 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007.08.31 19:38:04 | 000,427,288 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007.08.31 19:35:54 | 002,622,232 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2005.03.02 08:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [1999.09.30 22:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.18 07:32:06 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.13 03:24:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.13 03:23:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 03:23:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 20:03:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 20:02:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 20:02:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 20:02:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 20:02:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.03.09 23:00:13 | 000,968,704 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\1zjddppd.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012.02.29 20:43:12 | 000,026,112 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll
MOD - [2012.02.29 20:43:06 | 000,196,096 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll
MOD - [2012.02.29 20:41:52 | 000,470,016 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll
MOD - [2012.02.29 20:37:52 | 010,856,960 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtWebKit4.dll
MOD - [2012.02.29 19:01:54 | 001,294,336 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtScript4.dll
MOD - [2012.02.29 18:46:18 | 000,266,752 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\phonon4.dll
MOD - [2012.02.29 18:41:54 | 008,072,192 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtGui4.dll
MOD - [2012.02.29 18:28:56 | 000,186,880 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtSql4.dll
MOD - [2012.02.29 18:28:46 | 000,977,408 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtNetwork4.dll
MOD - [2012.02.29 18:27:12 | 002,251,776 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite\tools\QtCore4.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.09.30 23:36:20 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.06.01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2009.09.02 03:28:04 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2007.08.31 18:13:50 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.18 07:32:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.12.25 04:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.29 03:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.09.23 01:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.02.12 00:15:12 | 000,177,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\KEN!\kencli.exe -- (KEN Client Service)
SRV - [2010.02.11 00:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007.08.31 19:38:04 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.03.02 08:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2012.07.19 06:55:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34625A7D-998B-433B-B4CF-0798CD02ED5A}\MpKsl13eef685.sys -- (MpKsl13eef685)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.09.06 11:10:02 | 000,119,040 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2011.07.05 20:42:00 | 000,334,712 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)
DRV - [2011.04.24 19:24:16 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mv2.sys -- (mv2)
DRV - [2011.04.12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011.02.18 08:20:22 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum)
DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010.11.26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010.11.22 20:21:05 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010.11.22 20:21:05 | 000,044,416 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.11.22 20:21:04 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.11.22 20:21:03 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.16 13:59:49 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010.11.04 19:10:34 | 000,265,744 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsBda.sys -- (MTSBDA)
DRV - [2010.11.04 19:10:34 | 000,023,568 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID)
DRV - [2010.09.29 04:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.29 03:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.08.16 12:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.08.06 10:53:12 | 000,257,064 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mv91xx.sys -- (mv91xx)
DRV - [2010.02.12 00:14:08 | 000,063,160 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ndc.sys -- (ndc)
DRV - [2010.01.28 16:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.01.22 13:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.01.22 13:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.12.18 16:00:01 | 000,063,872 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009.12.18 16:00:01 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.11.23 18:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 18:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.10.19 03:56:10 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009.10.02 16:29:42 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2009.09.17 13:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 00:02:54 | 000,588,544 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fus2base.sys -- (FUS2BASE)
DRV - [2009.07.14 00:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008.11.28 15:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005.03.02 08:10:00 | 000,090,168 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2005.03.02 08:10:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004.10.12 23:42:02 | 000,040,873 | ---- | M] (KOBIL Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KOBKNUSB.sys -- (KOBKNUSB)
DRV - [2004.05.25 09:35:12 | 000,010,368 | ---- | M] (F.Schlaps & Partner GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EW_USB.sys -- (EW_USB)
DRV - [2004.05.25 09:35:12 | 000,007,296 | ---- | M] (F. Schlaps und Partner GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hid.sys -- (EW_HID)
DRV - [2003.04.07 04:37:58 | 000,075,264 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2003.04.02 10:07:24 | 000,054,528 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpserx.sys -- (SNXPSERX)
DRV - [2003.04.02 10:06:58 | 000,020,864 | ---- | M] (Sunix) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2002.09.19 22:07:50 | 000,034,683 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pei16Wdm.sys -- (Pei16Wdm)
DRV - [2002.08.15 10:20:04 | 000,035,547 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pei10Wdm.sys -- (Pei10Wdm)
DRV - [2002.06.17 03:14:00 | 000,012,906 | ---- | M] (Towitoko AG) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TWKUSB.SYS -- (TWKUSB)
DRV - [2002.06.17 03:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2002.06.17 03:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TWKMS.SYS -- (TwkMs)
DRV - [1997.09.10 09:14:00 | 000,054,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSIPDDP.SYS -- (SSIPDDP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\.DEFAULT\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0215F628-E8E3-4AE4-960C-84A549AA1BE9}
IE - HKU\.DEFAULT\..\SearchScopes\{0215F628-E8E3-4AE4-960C-84A549AA1BE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-18\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0215F628-E8E3-4AE4-960C-84A549AA1BE9}
IE - HKU\S-1-5-18\..\SearchScopes\{0215F628-E8E3-4AE4-960C-84A549AA1BE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 28 8C 5E 19 7C CB 01  [binary data]
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes,DefaultScope = {0799B107-1103-4fe8-888A-D5E4C3E076AA}
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0799B107-1103-4fe8-888A-D5E4C3E076AA}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{0D2B4629-84DF-4f41-9E23-F2DF3AE791FA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{ABB865AC-9D03-4B1C-9CB5-64C55C5DBA17}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp&p={searchTerms}
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\..\SearchScopes\{E4AA9826-736B-4135-A59C-C70170EEF288}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.77.10:3128;https=192.168.77.10:3128;ftp=192.168.77.10:3128;socks=192.168.77.10:1080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749_yserp"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQCekajrv&&i=26&search="
FF - prefs.js..network.proxy.ftp: "192.168.77.10"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.77.10"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.socks: "192.168.77.10"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "192.168.77.10"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Axel Wendt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Axel Wendt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:11:31 | 000,000,000 | ---D | M]
 
[2010.11.25 11:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Extensions
[2012.07.13 15:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions
[2011.07.30 13:04:27 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.07.12 17:41:24 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\formhistory@yahoo.com
[2012.03.22 21:47:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Axel Wendt\AppData\Roaming\mozilla\Firefox\Profiles\1zjddppd.default\extensions\support@lastpass.com
[2011.01.08 18:23:19 | 000,002,395 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\1zjddppd.default\searchplugins\askcom.xml
[2012.07.02 11:30:41 | 000,002,203 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Mozilla\Firefox\Profiles\1zjddppd.default\searchplugins\MyStart Search.xml
[2012.05.06 06:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 07:32:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.02 13:57:41 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCentraUpdater.dll
[2009.04.27 09:20:38 | 000,126,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\np_hoem_x.dll
[2012.05.06 06:47:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.06 06:47:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.06 06:47:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.06 06:47:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.06 06:47:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.06 06:47:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Centra Updater Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: HOEM ActiveX plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_hoem_x.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: DealPly = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Axel Wendt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KEN Taskbar Client] C:\Program Files\KEN!\kentbcli.exe (AVM Berlin)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1024395085-17980697-762386427-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1024395085-17980697-762386427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} hxxp://conference.gira.de/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {3360DAE7-B224-4A07-B707-50F59F51D2A4} hxxp://192.168.77.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject2.cab (SSObject2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://192.168.77.51/AxViewer/AxMediaControl.cab (AxMediaControl Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.82.31/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F0210D0-08D9-4CFE-97E0-D0A586D9CD83}: NameServer = 192.168.77.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.24 00:00:00 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\snti386.dll (SafeNet, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 20:20:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
[2012.07.16 20:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.16 20:53:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Axel Wendt\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\FW Updater N146
[2012.07.13 17:22:14 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Malwarebytes
[2012.07.13 17:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.13 17:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 17:21:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.13 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.12 09:49:12 | 000,000,000 | ---D | C] -- C:\agfeo_LanModul510
[2012.07.12 09:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGFEO TK-Suite Tools
[2012.07.12 07:27:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 07:27:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 07:27:26 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 07:27:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 07:27:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 07:27:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 07:27:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 07:22:15 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 19:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.11 19:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.11 19:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.11 19:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.11 19:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.07.11 12:46:02 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 12:40:05 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.11 11:46:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.09 10:15:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 10:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.09 10:15:02 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\pdfforge
[2012.07.09 10:14:58 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.07.09 10:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.07.09 10:14:56 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\OpenCandy
[2012.07.02 11:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.07.02 11:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.06.30 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\Documents\Gira
[2012.06.30 15:36:57 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Gira
[2012.06.30 13:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.30 13:02:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.06.30 13:02:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.28 11:54:34 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.06.28 09:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\go1984 Desktop Client
[2012.06.28 09:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\go1984 Desktop Client
[2012.06.25 13:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIRA-SOFTWARE
[2012.06.25 13:10:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Gira
[2012.06.25 13:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Gira
[2012.06.24 11:14:59 | 000,000,000 | ---D | C] -- C:\Users\Axel Wendt\AppData\Roaming\Iminent
[2012.06.23 18:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Schlaps
[2012.06.23 10:39:22 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 10:39:21 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 10:39:06 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 10:39:06 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 10:39:06 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 10:38:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 10:38:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 20:20:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Axel Wendt\Desktop\OTL.exe
[2012.07.19 20:06:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 19:32:11 | 000,000,790 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\OBETA electro.website
[2012.07.19 07:05:07 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.07.19 07:03:23 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 07:03:23 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 06:55:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.19 06:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 06:54:45 | 2817,007,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 15:53:42 | 000,000,000 | ---- | M] () -- C:\Users\Axel Wendt\Documents\Nuance Image Printer Writer Port
[2012.07.17 15:57:17 | 000,624,883 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\adwcleaner.exe
[2012.07.17 08:54:02 | 000,659,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.17 08:54:02 | 000,621,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.17 08:54:02 | 000,132,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.17 08:54:02 | 000,108,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.16 20:51:09 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Axel Wendt\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 15:29:59 | 000,002,899 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\FW Updater N146.lnk
[2012.07.16 11:29:28 | 000,038,419 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.07.14 20:06:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 09:56:55 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024395085-17980697-762386427-1000Core1cd61963bd98e78.job
[2012.07.13 17:21:57 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 13:13:08 | 000,556,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 11:03:00 | 000,001,194 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk
[2012.07.11 19:19:31 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.11 19:11:27 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.09 10:15:04 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.07.09 10:15:04 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.03 09:25:51 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.07.03 08:03:53 | 000,034,440 | ---- | M] () -- C:\Users\Axel Wendt\Documents\040847.alog
[2012.07.02 11:30:59 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.06.30 13:01:57 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.30 13:01:57 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.28 09:59:19 | 000,001,054 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\go1984.lnk
[2012.06.25 13:19:44 | 000,001,182 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\Experte 2.8.lnk
[2012.06.23 18:52:35 | 000,001,355 | ---- | M] () -- C:\Users\Axel Wendt\Desktop\EIBDoktor.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.17 17:30:22 | 000,624,883 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\adwcleaner.exe
[2012.07.16 15:29:59 | 000,002,899 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\FW Updater N146.lnk
[2012.07.16 15:29:59 | 000,002,859 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FW Updater N146.lnk
[2012.07.16 11:29:28 | 000,038,419 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.07.14 09:56:54 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024395085-17980697-762386427-1000Core1cd61963bd98e78.job
[2012.07.13 17:21:57 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 19:19:31 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.11 19:11:27 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.07.09 10:15:04 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.07.09 10:15:04 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.03 08:03:03 | 000,034,440 | ---- | C] () -- C:\Users\Axel Wendt\Documents\040847.alog
[2012.07.02 11:30:59 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.06.28 09:59:19 | 000,001,054 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\go1984.lnk
[2012.06.25 13:19:44 | 000,001,182 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\Experte 2.8.lnk
[2012.06.24 11:14:45 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.06.23 18:52:35 | 000,001,355 | ---- | C] () -- C:\Users\Axel Wendt\Desktop\EIBDoktor.lnk
[2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.03.26 14:25:01 | 000,022,059 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR
[2012.03.12 21:48:01 | 000,011,275 | ---- | C] () -- C:\Windows\System32\kgittsd.dll
[2012.03.12 21:47:51 | 000,011,275 | ---- | C] () -- C:\Windows\System32\gttsd.dll
[2012.01.29 20:34:12 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.11.24 18:29:45 | 000,000,064 | ---- | C] () -- C:\Windows\Qsuite.ini
[2011.09.22 08:33:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.25 20:31:53 | 000,000,281 | ---- | C] () -- C:\ProgramData\{BABE1E59-F3A3-4B2B-80B1-41928543A042}_WiseFW.ini
[2011.07.02 00:01:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.19 08:19:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.13 11:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.05.13 11:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.05.13 11:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.05.13 11:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2011.04.28 15:51:10 | 000,000,027 | ---- | C] () -- C:\Windows\EZSET_SP.INI
[2011.04.28 15:41:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\KmTwain.ini
[2011.02.13 13:13:03 | 000,007,600 | ---- | C] () -- C:\Users\Axel Wendt\AppData\Local\resmon.resmoncfg
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011.01.04 19:06:50 | 000,698,000 | ---- | C] () -- C:\Windows\unins000.exe
[2011.01.04 19:06:50 | 000,001,092 | ---- | C] () -- C:\Windows\unins000.dat
[2010.11.30 18:58:04 | 000,000,087 | ---- | C] () -- C:\Windows\ccolwiz.ini
[2010.11.27 18:02:53 | 000,000,013 | ---- | C] () -- C:\Windows\7smp1_0.dll
[2010.11.21 21:00:20 | 000,010,491 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010.11.20 18:25:39 | 000,000,264 | ---- | C] () -- C:\Windows\SCARDSRV.INI
[2010.11.20 18:25:26 | 000,000,597 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.11.20 18:24:53 | 000,002,900 | ---- | C] () -- C:\Windows\twkverck.dat
[2010.11.20 17:45:15 | 000,002,814 | ---- | C] () -- C:\Program Files\Axis 215.html
[2010.11.16 13:59:49 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010.11.15 21:05:29 | 000,000,920 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.11.15 21:05:29 | 000,000,119 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.11.15 21:05:18 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.15 21:04:41 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7820n.dat
[2010.11.15 21:04:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.11.14 14:23:52 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2010.11.14 14:23:50 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010.11.14 14:23:49 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.11.04 16:18:54 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.11.04 16:09:11 | 000,001,026 | ---- | C] () -- C:\Windows\BUSCHSCR.INI
[2010.11.04 15:43:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.04 15:32:51 | 000,067,584 | ---- | C] () -- C:\Windows\System32\SSIREGI.EXE
[2010.11.04 15:32:51 | 000,067,584 | ---- | C] () -- C:\Windows\System32\drivers\SSIREGI.EXE
[2010.11.04 15:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\SSIPDDP.SYS
[2010.11.04 15:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\SSIPDDP.SYS
[2010.11.04 15:32:15 | 000,001,450 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.04 15:32:15 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.04 15:31:12 | 000,408,576 | ---- | C] () -- C:\Windows\System32\javai.dll
[2010.11.04 15:31:12 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll
[2010.11.04 15:31:12 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF.dll
[2010.11.04 15:31:12 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll
[2010.11.04 15:31:12 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF.dll
[2010.11.04 15:31:12 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll
[2010.11.04 15:31:12 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ifl.dll
[2010.11.04 15:31:12 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mscomstf.dll
[2010.11.04 15:31:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG.dll
[2010.11.04 15:31:12 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll
[2010.11.04 15:31:12 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF.dll
[2010.11.04 15:31:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\msshlstf.dll
[2010.11.04 15:31:12 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll
[2010.11.04 15:31:12 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP.dll
[2010.11.04 15:31:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010.11.04 15:31:11 | 000,364,032 | ---- | C] () -- C:\Windows\System32\HA312W32.DLL
[2010.11.04 15:31:11 | 000,204,476 | ---- | C] () -- C:\Windows\sendmail.exe
[2010.11.04 15:31:11 | 000,048,128 | ---- | C] () -- C:\Windows\System32\crexpd32.dll
[2010.11.04 15:31:11 | 000,028,672 | ---- | C] () -- C:\Windows\DdsSysOp.exe
[2010.11.04 14:27:38 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010.11.04 14:27:38 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.11.04 14:27:35 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2010.11.04 14:27:35 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2010.11.04 14:19:45 | 000,051,593 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.11.04 14:16:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.11.04 14:16:43 | 000,033,855 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.08.11 15:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.18 08:06:51 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\.oit
[2011.12.11 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Acronis
[2010.11.06 09:11:15 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Adobe
[2011.08.06 12:23:33 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\AGFEO
[2011.11.16 19:44:12 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Apple Computer
[2010.11.04 15:44:07 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\ATI
[2011.01.01 15:34:25 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Axis Communications
[2011.07.30 13:03:34 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Babylon
[2011.01.18 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Brillux
[2010.12.24 14:58:36 | 000,000,000 | R--D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Brother
[2011.05.30 20:09:26 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Centra
[2010.11.20 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\DataDesign
[2010.11.20 18:01:35 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\DisplayFusion
[2011.02.28 21:41:07 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\dvdcss
[2010.12.05 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\EIBA sc
[2010.11.25 08:03:34 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\FLEXnet
[2011.01.13 20:22:54 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\FRITZ!
[2012.03.12 21:48:32 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\GAEB-Konverter 2009
[2011.05.28 18:39:50 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\GetRightToGo
[2011.08.11 11:14:04 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\GHISLER
[2012.06.30 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Gira
[2011.01.08 18:32:44 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\GlarySoft
[2012.01.24 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\HS+FS Experte 2.6
[2012.07.01 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\HS+FS Experte 2.7
[2010.11.04 14:03:58 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Identities
[2012.06.24 11:14:59 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Iminent
[2010.11.04 14:21:09 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\InstallShield
[2012.02.11 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\IObit
[2011.06.02 11:24:06 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Kyocera
[2010.11.04 19:06:09 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Leadertech
[2010.11.04 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Lexware
[2011.09.24 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Logitech
[2010.11.15 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\logiware gmbh
[2010.11.04 15:47:37 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Macromedia
[2012.07.13 17:22:14 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Media Center Programs
[2012.02.28 20:16:10 | 000,000,000 | --SD | M] -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft
[2010.11.18 11:00:50 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft Web Folders
[2010.11.25 11:59:48 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Mozilla
[2010.11.24 20:27:14 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Nuance
[2012.07.09 10:14:56 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\OpenCandy
[2012.07.09 10:15:02 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\pdfforge
[2010.11.23 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\PFU
[2012.01.07 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Q-Dir
[2011.01.20 09:58:49 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Saba
[2011.05.28 18:39:20 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Softi Software
[2011.09.23 16:27:47 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\SOFTTECH
[2012.01.05 16:59:48 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\TeamViewer
[2010.11.26 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\UltraVNC
[2012.03.11 12:19:53 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\vlc
[2012.05.03 08:11:22 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\WinRAR
[2010.11.24 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\Axel Wendt\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2012.07.12 14:38:51 | 005,147,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Axel Wendt\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
[2012.07.16 15:29:59 | 000,005,694 | R--- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Installer\{33F7312C-388B-43EA-9E47-9A13C0CACC90}\_3731393a.exe
[2012.07.16 15:29:59 | 000,005,694 | R--- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Installer\{33F7312C-388B-43EA-9E47-9A13C0CACC90}\_384250ae.exe
[2012.04.29 13:14:44 | 000,029,184 | R--- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\Microsoft\Installer\{394D3D87-12FE-4765-836F-F6F727005C9C}\Icon37C19C2D1.exe
[2012.03.12 19:35:28 | 009,460,064 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\OpenCandy\C3CB3165239947BFB9D70218C3CA9AF8\avg.exe
[2012.07.09 10:15:16 | 005,094,744 | ---- | M] () -- C:\Users\Axel Wendt\AppData\Roaming\OpenCandy\C3CB3165239947BFB9D70218C3CA9AF8\AVG923_p1v3.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.06.28 11:45:20 | 002,296,132 | ---- | M] () -- C:\QuadClient_Setup.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.05.30 20:54:12 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.05.30 20:54:12 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:01C66DD9
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:0B9FB94D

< End of report >
--- --- ---


Tschüss sagt Axelchen

Alt 19.07.2012, 20:44   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


Sagmal, ist das rein zufällig ein Büro-PC?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.07.2012, 12:58   #15
axelchen
 
IncrediBar eingefangen - Standard

IncrediBar eingefangen


???
Nee, steht bei mir zu Hause.

Antwort
Seite 1 von 2 1 2

Themen zu IncrediBar eingefangen
administrator, adware.installcore, anti-malware, autostart, converter, dateien, eingefangen, explorer, files, gelöscht, gen, hallo zusammen, heuristiks/extra, heuristiks/shuriken, incredibar loswerden, infizierte, infizierte dateien, install, install.exe, log-datei, malwarebytes, microsoft, pdf, programme, quarantäne, service, software, speicher, test, trojan.scar, uninstall.exe, version, zusammen


« GVU-Trojaner mit Webcam | GVU Trojaner mit Webcam »


Ähnliche Themen: IncrediBar eingefangen


  1. Win 7\Firefox\Browser-Hijacker eingefangen\Incredibar
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (13)
  2. Hab mir incredibar eingefangen und weis nimmer weiter :(
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (7)
  3. My start von Incredibar eingefangen-wie löschen?
    Log-Analyse und Auswertung - 18.02.2013 (14)
  4. IncrediBar eingefangen... wie bekomme ich es los?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2012 (21)
  5. Mystart Incredibar eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.11.2012 (7)
  6. Mystart incredibar eingefangen. wie werde ich es wieder los?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (42)
  7. Mystart incredibar eingefangen. wie werde ich es wieder los?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (1)
  8. MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (42)
  9. MyStart Incredibar Virus eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (50)
  10. Incredibar eingefangen - Bereinigung trotz beabsichtigter Neuinstallation nötig?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (21)
  11. MyStart Incredibar eingefangen und anfänger!
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (17)
  12. Ebenfalls die Incredibar eingefangen
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (3)
  13. mystart.incredibar eingefangen :-(
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  14. Incredibar eingefangen - Tab-Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (46)
  15. mystart incredibar eingefangen - logfile liegt vor.
    Log-Analyse und Auswertung - 24.07.2012 (13)
  16. MyStart incredibar- Trojaner eingefangen!
    Log-Analyse und Auswertung - 11.07.2012 (1)
  17. leider auch incredibar virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema IncrediBar eingefangen - Hallo Zusammen, ich habe mir Incredibar eingefangen und möchte den mist schnellstmöglich wieder los werden. Wie in der anlaeitung steht, habeich mir Malwarebytes heruntergeladen und durchlaufen lassen. Am Ende wurden - IncrediBar eingefangen...
Archiv
Du betrachtest: IncrediBar eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58