Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.Blubbers

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.03.2013, 10:24   #1
pfaffe33
 
PUP.Blubbers - Unglücklich

PUP.Blubbers



Hallo liebes Helferteam!
Nachdem ich seit einigen Wochen beim Öffnen des IE-Explorers immer wieder eine zusätzl. Werbeseite (ad.adserverplus.com) darunter liegen hatte, habe ich aufgrund eig. Recherchen " Malwarebytes Anti-Malware " geladen und 201 Objekte "PUP.Blubbers" gefunden und in Quarantäne gesteckt. Habe nach dem ersten Suchlauf diverse Toolbars (Google, Ask,...) über"... Programme" deinstalliert. Jetzt bin ich mir nicht sicher, ob das Problem wirklich damit behoben ist...Avira Internet Sec. (akt. vollst. Bezahlversion) hat im Suchlauf danach nichts gefunden.
Bin ein neuer User Eures Forums und kein Comp.spezialist!
Bitte dringend um Rat bzw. Hilfe und im Voraus vielen Dank dafür!!!!

Alt 21.03.2013, 11:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.Blubbers - Standard

PUP.Blubbers



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.03.2013, 12:33   #3
pfaffe33
 
PUP.Blubbers - Standard

PUP.Blubbers



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.20.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Home :: HOME-PC [Administrator]

Schutz: Aktiviert

20.03.2013 10:13:51
mbam-log-2013-03-20 (10-13-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228614
Laufzeit: 16 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 2
C:\Program Files\BROWSERCOMPANION\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\UPDATEBHOWIN32.DLL (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 24
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files\BROWSERCOMPANION (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 170
C:\Program Files\BROWSERCOMPANION\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\TDATAPROTOCOL.DLL (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\UPDATEBHOWIN32.DLL (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\BLABBERS-FF-FULL.XPI (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BROWSERCOMPANION\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\897979c67bed116efad1a04f5f229ecd_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.20.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Home :: HOME-PC [Administrator]

Schutz: Aktiviert

20.03.2013 12:56:18
mbam-log-2013-03-20 (12-56-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227479
Laufzeit: 44 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files\BROWSERCOMPANION (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 166
C:\Program Files\BROWSERCOMPANION\BLABBERS-FF-FULL.XPI (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\BROWSERCOMPANION\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\BROWSERCOMPANION\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\BROWSERCOMPANION\terms.lnk.url (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\BROWSERCOMPANION\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\BROWSERCOMPANION\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\BROWSERCOMPANION\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\BROWSERCOMPANION\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\897979c67bed116efad1a04f5f229ecd_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
Exportierte Ereignisse:

20.03.2013 18:29 [System-Scanner] Malware gefunden
      Die Datei 'J:\Festpl.H, Medion XP\Eigene Dateien\Eigene 
      Downloads\updater\edisionlink4-2.zip'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0cb4575e.qua' 
      verschoben!

20.03.2013 18:29 [System-Scanner] Malware gefunden
      Die Datei 'J:\Festpl.H, Medion XP\Eigene Dateien\Eigene 
      Downloads\updater\edisionlink4-2\EdisionLink4-2.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '400c7b14.qua' 
      verschoben!

20.03.2013 18:29 [System-Scanner] Malware gefunden
      Die Datei 'J:\Sicherung\NERO Backup\20101222_174703_Home\C\Users\Home\Marion 
      Eigene Dateien\Eigene Downloads\Privat\edisionlink4-2\EdisionLink4-2.exe.nco'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '70ac170e.qua' 
      verschoben!

20.03.2013 18:29 [System-Scanner] Malware gefunden
      Die Datei 'J:\Festpl.H, Medion XP\Sicherung\Backup Arbeitszimmer\Nero 
      D\20090215_190528_Marion Janik.nba'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3fdc4ad0.qua' 
      verschoben!

20.03.2013 18:29 [System-Scanner] Malware gefunden
      Die Datei 'J:\Sicherung\NERO Backup\20101222_174703_Home\C\Users\Home\Marion 
      Eigene Dateien\Eigene Downloads\Privat\edisionlink4-2.zip.nco'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5df63843.qua' 
      verschoben!

20.03.2013 18:28 [System-Scanner] Malware gefunden
      Die Datei 'J:\HOME-PC\Backup Set 2011-02-17 113553\Backup Files 2011-02-17 
      113553\Backup files 20.zip'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7a8d6401.qua' 
      verschoben!

20.03.2013 18:28 [System-Scanner] Malware gefunden
      Die Datei 'J:\HOME-PC\Backup Set 2011-02-17 113553\Backup Files 2011-02-17 
      113553\Backup files 274.zip'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1cba2bc2.qua' 
      verschoben!

20.03.2013 18:28 [System-Scanner] Malware gefunden
      Die Datei 'J:\HOME-PC\Backup Set 2012-01-29 105646\Backup Files 2012-01-29 
      105646\Backup files 23.zip'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ee57128.qua' 
      verschoben!

20.03.2013 18:28 [System-Scanner] Malware gefunden
      Die Datei 'J:\HOME-PC\Backup Set 2012-01-29 105646\Backup Files 2012-01-29 
      105646\Backup files 404.zip'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56725e81.qua' 
      verschoben!
         
Die AvScan-Funde beziehen sich auf eine ext. Festplatte (J), die ich nach der Aktion bereits formatiert habe!!! Das waren alles alte Dateien aus Sicherungen vom alten XP-System!

Habe keine anderen akt. Scanergebnisse, der AntiVirScan ist, wie ich denke, nicht zum Thema.

Ist das ausreichend????

Hoffe auf weiterführende Hilfe für meinen PC!!
__________________

Alt 21.03.2013, 16:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.Blubbers - Standard

PUP.Blubbers



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2013, 17:06   #5
pfaffe33
 
PUP.Blubbers - Standard

PUP.Blubbers



Hier die Dateien nach OTL-Scan:
Code:
ATTFilter
OTL Extras logfile created on: 21.03.2013 16:58:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Home\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,85% Memory free
5,98 Gb Paging File | 4,11 Gb Available in Paging File | 68,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356,16 Gb Total Space | 1138,38 Gb Free Space | 83,94% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 21,20 Gb Free Space | 53,00% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 910,09 Gb Free Space | 97,70% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB397A1-6996-4227-A254-0D003E68752B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3681C921-7D05-42D4-AA5F-63144B061307}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5BCACACA-325D-4221-A578-7CFCA270E86E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{61E37E18-F421-4FAD-987C-C6A5840770C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A198C39A-8590-4913-9A75-5B8CE0B53A8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A469E627-A16B-462C-A0C1-C7DC9C096A75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC8FFDB7-CBA1-45BF-AECA-0C3B34854C75}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AE98CC6E-71C1-490E-B18D-F5C977DA7C13}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{B4E589EF-82F7-418B-8D4B-F9E87D6DEE3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B511ED13-A335-46C6-9D0A-495F45A8A24C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B6B97598-0689-4365-BF40-165BDFE8D936}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CDDFB7AE-0E52-44D5-BA78-F3FA56E0AECE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD785397-BCD6-4781-AEB5-5ACF753259C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EEBE195F-775F-4145-A964-66B5FAB9E4B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04246E6F-DE7D-4B55-BA08-EC2175B9E9C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{082FD3A8-0636-458A-B980-2B7312D5B150}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 apoedition\app\starmoney.exe | 
"{0E317D00-D4D2-4960-A72A-FE8E897E75F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1703CC13-3BBB-4C6B-86DE-5055E1E77873}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{19E290E8-D909-4C5B-A7D4-D1AD141A9A63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{1B2A5A5C-64E6-4ADE-AC81-2D16BE750A09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{233BA796-EF9A-49B9-844A-69917B608785}" = dir=in | app=e:\setup\hpznui01.exe | 
"{242CA202-DD5D-4B57-BF61-406620C3D0EA}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 apoedition\ouservice\starmoneyonlineupdate.exe | 
"{25BD7991-3329-46C4-83BA-8CA5ED2D66AF}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs27ac\hppiw.exe | 
"{25C21D7F-CA3E-48DD-88FC-DC31E9EBA4F4}" = protocol=6 | dir=out | app=system | 
"{293BAD13-A235-413A-A34F-5C435B34F4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C2B3AAA-6C21-4B55-9508-D1A7CB88B737}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{2C35796D-0997-4620-B9DC-C41D2D46AA81}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs2a64\hpdiagnosticcoreui.exe | 
"{33DD6D46-6BF7-437F-833C-508E910AFE4A}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\devicesetup.exe | 
"{34B828D1-2BE4-4672-9380-E492DFB792FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3A24B9BC-664F-43C6-9033-D8662A0A07D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3F255F46-823B-45DE-8F11-01AD9529A899}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs1fca\hpdiagnosticcoreui.exe | 
"{451492B2-47D5-4721-B0BA-CF5D1B6CAE5F}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 apoedition\ouservice\starmoneyonlineupdate.exe | 
"{530F2ADC-A878-4C11-B194-4555E99E95C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5596FB10-CBCA-4174-8BD6-2988B5CE85F4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{664FA9CB-C6AC-4A0F-871D-E007B7D01EDE}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6B913BCE-C9DD-4A4B-A2D9-54722A79E9DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6EBA8046-967F-4DA4-8547-8901DCA58E90}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{7079E0AB-4A6B-4007-AC3E-5D69A98C8DDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{71CDFFC1-7489-4F40-A78D-5F01B98AEE8B}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs1fca\hpdiagnosticcoreui.exe | 
"{74AF0EB5-BAC8-4305-9DB0-1CFC8C944789}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8412B01E-C7B3-419E-B47F-0503C078636C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{89B9E925-DAEB-445D-B20E-4E55D4097F10}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{9B8298D9-068F-4BAC-A938-8FFFA805FD75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F07E192-804E-431F-8F52-D23ECEE5E31E}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 apoedition\app\starmoney.exe | 
"{A27B7226-6EF7-4149-9794-907848A86663}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{A2BD277C-FE15-4F4B-A9C9-FFD0A9AED202}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A7CD8BED-7699-4377-A084-B15C601F70E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{AE923602-42AC-4B2E-AA8D-305106B51B34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{B376E4F9-3879-44CA-81F6-D57692C3C3DA}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs2a64\hpdiagnosticcoreui.exe | 
"{B4735C2E-2883-4933-BF5A-3533DAEA8DFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4AC4CCA-0E3C-4F17-9CFF-FF2B27233738}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs27ac\hppiw.exe | 
"{B4B1505A-858A-418E-8036-6509C8CA02C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B52C01AD-A933-4726-A36F-FD9408FF6C61}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{B688FA93-24AE-43A1-9CC9-DF52D2990834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDC7BA54-38C8-4031-AD38-0EE3F61117BF}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\hpnetworkcommunicator.exe | 
"{C4B120AF-60EC-4532-A5AF-7A629789BC9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{C8E99D43-EAA3-4443-BD9E-7D223B14D94F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{D87B1C77-03CE-48C3-84FA-031C9997E05E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{DD9B5286-31EF-4094-AB56-149A2484183F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{DDA53C83-3FAE-4C62-A77D-2416B79CBA73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0AB2124-29AB-4962-982B-A17380C26C9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6CCE1C5-7055-44F6-9EB6-B571318B625E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{F8ED9470-6624-424B-9C56-73322642BE61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{9301285A-574F-4A90-ABAB-BC7D049CE161}C:\mc-light\mclwin\prg\zbase32.exe" = protocol=6 | dir=in | app=c:\mc-light\mclwin\prg\zbase32.exe | 
"UDP Query User{7F363FF2-FF5C-4B6F-B9D4-097B628BCA8E}C:\mc-light\mclwin\prg\zbase32.exe" = protocol=17 | dir=in | app=c:\mc-light\mclwin\prg\zbase32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02c5230b-9da5-46bc-a2e4-1047895041e2}" = Nero 9 Essentials
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{07D0F003-4C56-45F2-9D9D-613BEC6FD5A7}" = .NET Utilities
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5229C090-842B-1CB0-1676-43E421294B5C}" = AMD Drag and Drop Transcoding
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{562B89CE-2FF3-4573-B67C-67EB8CF8063D}" = HP ENVY 110 series - Grundlegende Software für das Gerät
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A6F6041-013B-4C45-861E-3E2BA6C894B8}" = Studie zur Verbesserung von HP Officejet Pro 8600 Produkten
"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1" = 3M Products Update version 2012-05 for Microsoft Office 2010
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D846456-C32B-43B9-99ED-B1AC43D6A233}" = GoGear SA4RGA Device Manager
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729713E3-CFD5-4E9F-A301-5BD8EA25A28B}" = COMPUTERBILD-PC-Schnellstarter
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7419582C-1E2E-4848-88F6-9FF638D9EA87}" = LightScribe Diagnostic Utility
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B69FE75-3AF9-4714-89EE-D3F64CB08F90}" = HP Officejet Pro 8000 A809 Series
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7F2B12E7-2302-4A86-AE26-33DDD84E478A}" = MAGIX Burn routines
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85092B90-AEB2-2E30-0EF1-432EC61F6BD1}" = Catalyst Control Center InstallProxy
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0CBFC47-690E-4277-82BB-13BE18CF0C2E}" = CEWE FOTOBUCH PRO Designvorlagen
"{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}" = HP Digital Photo Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Kameras 9.0
"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09E526E-586C-4AD1-B2C0-A632CAA59C25}" = Studie zur Verbesserung von HP ENVY 110 series Produkten
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7EA1AF1-F908-0832-AA52-5EDBE128FD6B}" = ccc-core-static
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}" = HP ENVY 110 series Hilfe
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E6FCA24F-1192-4C9D-B1AA-F93C3DA80851}" = DDBAC
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9D4FBA9-FB46-A5CE-F52F-516C4B8F0373}" = ccc-utility
"{EB0E062C-575D-8154-2682-C84EF432CCF0}" = Catalyst Control Center Graphics Previews Common
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EDD7B70D-36D0-694D-AA34-D566A13CE98D}" = WMV9/VC-1 Video Playback
"{EEA54973-AFC8-21C8-1414-246AA9435890}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB8927C5-0232-4DFF-8D13-CAEDCDB4C1A3}" = StarMoney 8.0 apoEdition
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"ABEURO_is1" = AB-Euro 2.2.0.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Internet Security
"AVMBLUECLI" = AVM BlueFRITZ! USB
"B81055EA372C9E3EA5000B4BD9585D992D51F1DE" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002)
"BlazePhoto 2.0_is1" = BlazePhoto 2.0
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CD-DVD Druckerei 7_is1" = DATA BECKER CD-DVD Druckerei 7
"Content Manager 2" = Content Manager 2
"DATA BECKER - Etikettendruckerei 2000" = DATA BECKER - Etikettendruckerei 2000
"DATA BECKER Die große Weihnachts Druckerei 2000" = DATA BECKER Die große Weihnachts Druckerei 2000
"DOCexpertComfort" = DOCexpertComfort
"DPP" = Canon Utilities Digital Photo Professional 3.5
"Duplicate Cleaner" = Duplicate Cleaner 1.4.7c
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"FRITZ! 2.0" = AVM FRITZ!
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MC light" = MC light
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"Netzmanager" = Netzmanager
"nLite_is1" = nLite 1.4.9.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineFotoservice" = OnlineFotoservice
"Philips Songbird" = Philips Songbird
"PhotoStitch" = Canon Utilities PhotoStitch
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva
"SetEditEdision1600" = SetEditEdision1600 (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"Visitenkarten-Druckerei 11_is1" = DATA BECKER Visitenkarten-Druckerei 11
"WinLiveSuite" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"Sansa Updater" = Sansa Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.10.2011 03:49:38 | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.10.2011 04:43:31 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AvmObexService.exe, Version: 1.0.13.0,
 Zeitstempel: 0x4564a69d  Name des fehlerhaften Moduls: AVMCCDI.DLL_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4211aef4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002b3d9a
ID
 des fehlerhaften Prozesses: 0xa3c  Startzeit der fehlerhaften Anwendung: 0x01cc8c9c36578f51
Pfad
 der fehlerhaften Anwendung: C:\Program Files\avmclient\AvmObexService.exe  Pfad des
 fehlerhaften Moduls: AVMCCDI.DLL  Berichtskennung: 170c3aa2-f89c-11e0-845b-6c626d8d74ef
 
Error - 18.10.2011 03:43:57 | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.10.2011 04:12:58 | Computer Name = Home-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 18.10.2011 04:15:29 | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.10.2011 09:24:57 | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 19.10.2011 10:56:51 | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 20.10.2011 10:29:56 | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 20.10.2011 11:09:00 | Computer Name = Home-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 20.10.2011 11:12:34 | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 19.03.2013 08:09:41 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.03.2013 14:38:18 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM BT OBEX Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 20.03.2013 15:15:06 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.03.2013 15:15:12 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.03.2013 15:15:12 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.03.2013 15:15:13 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.03.2013 15:15:13 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 21.03.2013 08:09:41 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM BT OBEX Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 21.03.2013 08:12:25 | Computer Name = Home-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
 
Error - 21.03.2013 10:24:21 | Computer Name = Home-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 21.03.2013 16:58:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Home\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,85% Memory free
5,98 Gb Paging File | 4,11 Gb Available in Paging File | 68,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356,16 Gb Total Space | 1138,38 Gb Free Space | 83,94% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 21,20 Gb Free Space | 53,00% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 910,09 Gb Free Space | 97,70% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Programme\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\Home\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
PRC - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Programme\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\avmclient\bluefritz.exe (AVM Berlin)
PRC - C:\Programme\avmclient\AvmObex.exe (AVM Berlin)
PRC - C:\Programme\avmclient\avmbtservice.exe (AVM Berlin)
PRC - C:\Programme\avmclient\AvmObexService.exe (AVM Berlin)
PRC - C:\MC-Light\MCLWIN\PRG\ZBASE32.EXE (Omikron Systemhaus)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Home\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
MOD - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BingDesktopUpdate) -- C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (Netzmanager Service) -- C:\Programme\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (AVM BT Connection Service) -- C:\Programme\avmclient\avmbtservice.exe (AVM Berlin)
SRV - (AvmObexService) -- C:\Programme\avmclient\AvmObexService.exe (AVM Berlin)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (bfubase) -- C:\Windows\System32\drivers\bfubase.sys (AVM Berlin)
DRV - (CAPI_CIP) -- C:\Windows\System32\drivers\capi_cip.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (AVMBTPARALLEL) -- C:\Windows\System32\drivers\avmbtpar.sys (AVM GmbH)
DRV - (AVMBTSERIAL) -- C:\Windows\System32\drivers\avmbtser.sys (AVM GmbH)
DRV - (BFHU_CFG) -- C:\Windows\System32\drivers\bfhu_cfg.sys (AVM Berlin)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = Search Plusnetwork - Results}
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{EDD09B12-5276-4B4E-A76E-D92EAC628DA8}: "URL" = {searchTerms} - Google Search
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Home\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.08 18:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 14:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.11.11 14:46:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.08 18:03:42 | 000,000,000 | ---D | M]
 
[2013.02.03 16:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2011.03.09 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.02.03 16:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.03.09 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Sunbird\Profiles\rojy113b.default\extensions
 
========== Chrome  ==========
 
CHR - homepage: Plus! Network - Plusnetwork
CHR - default_search_provider: Plus! Network (Enabled)
CHR - default_search_provider: search_url = Search Plusnetwork - Results}
CHR - default_search_provider: suggest_url = 
CHR - homepage: Plus! Network - Plusnetwork
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Home\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5\
CHR - Extension: Google Mail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CBAbzockschutz.InitToolbarBHO) - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Oracle)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (COMPUTERBILD-Abzockschutz) - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe (AVM Berlin)
O4 - HKLM..\Run: [AVMBLUEOBEX] C:\Program Files\avmclient\AvmObex.exe (AVM Berlin)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [HP ENVY 110 series (NET)] C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [SansaDispatch] C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC light-Alarm.lnk = C:\MC-Light\MCLWIN\PRG\LOADER.EXE ()
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Home\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk = C:\Windows\System32\rundll32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox - No CLSID value found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{853f9162-0d27-11e0-a53b-6c626d8d74ef}\Shell - "" = AutoRun
O33 - MountPoints2\{853f9162-0d27-11e0-a53b-6c626d8d74ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d6f50945-2c4f-11e0-a50b-6c626d8d74ef}\Shell - "" = AutoRun
O33 - MountPoints2\{d6f50945-2c4f-11e0-a50b-6c626d8d74ef}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.21 16:40:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013.03.21 16:00:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.03.20 10:12:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2013.03.20 10:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.20 10:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.20 10:12:41 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.20 10:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.13 16:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013.03.13 16:26:48 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.13 16:26:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.13 16:26:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.13 16:26:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.13 16:26:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.13 16:26:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.13 16:26:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 16:26:47 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 16:26:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 16:26:47 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 16:26:47 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.13 16:26:47 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.13 16:26:47 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.13 16:26:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 16:26:47 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 16:26:47 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.13 16:26:47 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.13 16:26:47 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.13 16:26:47 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 16:26:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.13 16:26:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.13 16:26:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.13 16:26:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 16:26:47 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.13 16:26:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.13 16:26:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.13 16:26:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.13 16:26:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.13 16:26:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.13 16:26:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.13 16:26:47 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.13 16:26:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.13 16:26:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.13 16:26:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.13 16:26:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.13 16:26:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.13 16:24:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.10 10:53:01 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.03.10 10:52:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.10 10:52:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.10 10:52:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.10 10:52:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.10 10:52:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.10 10:52:52 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.10 10:52:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.10 10:52:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.10 10:52:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.10 10:52:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.10 10:52:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.10 10:52:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.10 10:52:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.10 10:52:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.03.10 10:52:51 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.10 10:52:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.10 10:52:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.10 10:52:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.03.10 10:52:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.10 10:52:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.10 10:52:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.10 10:52:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.03.10 10:52:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.10 10:52:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.03.09 10:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.24 18:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
[6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.21 16:50:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.21 16:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013.03.21 16:31:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.21 16:00:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.03.21 15:46:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 15:46:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 15:39:19 | 000,001,926 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk
[2013.03.21 15:38:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.21 15:38:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.21 15:38:39 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.21 15:33:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.21 15:33:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.21 15:33:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.21 11:09:19 | 000,707,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.21 11:09:19 | 000,660,934 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.21 11:09:19 | 000,152,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.21 11:09:19 | 000,125,124 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.21 10:44:54 | 000,250,727 | ---- | M] () -- C:\Windows\hpwins21.dat
[2013.03.21 09:48:00 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe
[2013.03.20 18:31:27 | 002,522,934 | ---- | M] () -- C:\Users\Home\AppData\Local\[j0004]-[p08].bmp
[2013.03.20 18:31:25 | 002,522,934 | ---- | M] () -- C:\Users\Home\AppData\Local\[j0004]-[p07].bmp
[2013.03.20 10:12:42 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 11:47:51 | 000,001,120 | ---- | M] () -- C:\Users\Home\Desktop\Content Manager 2.lnk
[2013.03.18 16:36:45 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.18 16:36:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.13 16:26:48 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.13 16:26:48 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.13 16:26:48 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.13 16:26:48 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.13 16:26:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.13 16:26:48 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.13 16:26:48 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 16:26:47 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 16:26:47 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 16:26:47 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 16:26:47 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.13 16:26:47 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.13 16:26:47 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.13 16:26:47 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 16:26:47 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 16:26:47 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.13 16:26:47 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.13 16:26:47 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.13 16:26:47 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 16:26:47 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.13 16:26:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.13 16:26:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.13 16:26:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 16:26:47 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.13 16:26:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.13 16:26:47 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.13 16:26:47 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.13 16:26:47 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.13 16:26:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.13 16:26:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.13 16:26:47 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.13 16:26:47 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.13 16:26:47 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.13 16:26:47 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.13 16:26:47 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.13 16:26:47 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.13 16:26:47 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.09 10:53:17 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.27 18:41:07 | 016,356,254 | ---- | M] () -- C:\Users\Home\AppData\Roaming\sa4rga04kf_12_fuz_eng.zip
[2013.02.27 18:37:59 | 000,002,348 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA4RGA Device Manager.lnk
[2013.02.27 18:37:58 | 000,002,314 | ---- | M] () -- C:\Users\Public\Desktop\Philips GoGear SA4RGA Device Manager.lnk
[2013.02.24 18:45:06 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk
[6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.21 09:48:00 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe
[2013.03.20 18:31:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0004]-[p08].bmp
[2013.03.20 18:31:24 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0004]-[p07].bmp
[2013.03.20 10:12:42 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 11:46:39 | 000,001,120 | ---- | C] () -- C:\Users\Home\Desktop\Content Manager 2.lnk
[2013.03.13 16:26:47 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.09 10:53:17 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.24 18:45:06 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk
[2013.02.03 18:12:23 | 016,356,254 | ---- | C] () -- C:\Users\Home\AppData\Roaming\sa4rga04kf_12_fuz_eng.zip
[2013.01.12 17:42:01 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.01.06 18:48:49 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p34].bmp
[2013.01.06 18:48:35 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p33].bmp
[2013.01.06 18:48:33 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p32].bmp
[2013.01.06 18:48:31 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p31].bmp
[2013.01.06 18:48:29 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p30].bmp
[2013.01.06 18:48:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p29].bmp
[2013.01.06 18:48:24 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p28].bmp
[2013.01.06 18:48:20 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p27].bmp
[2013.01.06 18:48:18 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p26].bmp
[2013.01.06 18:48:15 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p25].bmp
[2013.01.06 18:48:13 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p24].bmp
[2013.01.06 18:48:11 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p23].bmp
[2013.01.06 18:48:08 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p22].bmp
[2013.01.06 18:48:06 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p21].bmp
[2013.01.06 18:48:03 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p20].bmp
[2013.01.06 18:48:01 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p19].bmp
[2013.01.06 18:47:58 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p18].bmp
[2013.01.06 18:47:56 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p17].bmp
[2013.01.06 18:47:54 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p16].bmp
[2013.01.06 18:47:51 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p15].bmp
[2013.01.06 18:47:49 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p14].bmp
[2013.01.06 18:47:46 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p13].bmp
[2013.01.06 18:47:44 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p12].bmp
[2013.01.06 18:47:41 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p11].bmp
[2013.01.06 18:47:39 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p10].bmp
[2013.01.06 18:47:37 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p09].bmp
[2013.01.06 18:47:34 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p08].bmp
[2013.01.06 18:47:32 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p07].bmp
[2013.01.06 18:47:30 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p06].bmp
[2013.01.06 18:47:28 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p05].bmp
[2013.01.06 18:47:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p04].bmp
[2013.01.06 18:47:23 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p03].bmp
[2013.01.06 18:47:21 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p02].bmp
[2012.09.02 21:22:21 | 000,000,740 | ---- | C] () -- C:\Windows\Magix.ini
[2012.08.11 18:58:34 | 000,000,393 | ---- | C] () -- C:\Users\Home\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.07.16 15:01:58 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0036]-[p02].bmp
[2012.02.25 23:59:47 | 000,000,016 | ---- | C] () -- C:\Windows\TSHIRT.INI
[2012.02.25 23:58:21 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE
[2011.10.19 16:42:15 | 000,000,186 | ---- | C] () -- C:\Users\Home\AppData\Roaming\default.rss
[2011.08.22 19:57:42 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{8E61E117-7632-461D-96AF-1D5467EB5383}
[2011.07.08 09:35:55 | 000,000,103 | ---- | C] () -- C:\Windows\MCHBPL32.INI
[2011.04.04 14:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl01.dat.temp
[2011.04.04 14:43:02 | 000,048,367 | ---- | C] () -- C:\Windows\hpiins01.dat.temp
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
         


Alt 21.03.2013, 17:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.Blubbers - Standard

PUP.Blubbers



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> PUP.Blubbers

Alt 21.03.2013, 18:53   #7
pfaffe33
 
PUP.Blubbers - Standard

PUP.Blubbers



Hier nun die Dateien nach GMER und MBAR Scan. Das Anti-Rootkit hatte nichts gefunden.
Code:
ATTFilter
GMER 2.1.19155 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-21 18:23:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0 1397,27GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Home\AppData\Local\Temp\pwldipow.sys

---- System - GMER 2.1 ----
SSDT            91EC8876                                                                                              ZwCreateSection
SSDT            91EC884E                                                                                              ZwCreateSymbolicLinkObject
SSDT            91EC8853                                                                                              ZwLoadDriver
SSDT            91EC8849                                                                                              ZwOpenSection
SSDT            91EC8880                                                                                              ZwRequestWaitReplyPort
SSDT            91EC887B                                                                                              ZwSetContextThread
SSDT            91EC8885                                                                                              ZwSetSecurityObject
SSDT            91EC8858                                                                                              ZwSetSystemInformation
SSDT            91EC888A                                                                                              ZwSystemDebugControl
SSDT            91EC8817                                                                                              ZwTerminateProcess
SSDT            91EC8812                                                                                              ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                              8308A9E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                830C41C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                   830CB30C 4 Bytes  [76, 88, EC, 91] {JBE 0xffffff8a; IN AL, DX; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                                   830CB314 4 Bytes  [4E, 88, EC, 91] {DEC ESI; MOV AH, CH; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                   830CB428 4 Bytes  [53, 88, EC, 91] {PUSH EBX; MOV AH, CH; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                   830CB4C4 4 Bytes  [49, 88, EC, 91] {DEC ECX; MOV AH, CH; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                   830CB668 4 Bytes  [80, 88, EC, 91]
.text           ...                                                                                                   
?               System32\drivers\geigxg.sys                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                              section is writeable [0x92C11000, 0x37D761, 0xE8000020]
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                              entry point in ".vmp2" section [0x9D98669D]
---- User code sections - GMER 2.1 ----
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[1436] kernel32.dll!SetUnhandledExceptionFilter  75ADF4FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 2.1 ----
AttachedDevice  \Driver\tdx \Device\Tcp                                                                               avfwot.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                               avfwot.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                             avfwot.sys
---- Threads - GMER 2.1 ----
Thread          System [4:7288]                                                                                       A8BB4F2E
---- Registry - GMER 2.1 ----
Reg             HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                           C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_WO6FW.exe_37f123692fdf3fb3b6a4d550206f3bc41717cd_0d8189b8
---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.21.11
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Home :: HOME-PC [administrator]
21.03.2013 18:41:00
mbar-log-2013-03-21 (18-41-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 32281
Time elapsed: 12 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
         

Alt 22.03.2013, 10:57   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.Blubbers - Standard

PUP.Blubbers



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 11:46   #9
pfaffe33
 
PUP.Blubbers - Standard

PUP.Blubbers



Habe beim avast Scan zum wiederholten Mal Abbruch mit "avast! Antirootkit fkt. Nicht mehr....muß geschlossen werden!" Habe es jetzt 3 mal laufen lassen....!!!

Bin jetzt nochmal dabei es im Kompatibiltätsmodus laufen zu lassen. Es läuft zumindest länger...

Habe es endlich geschafft! Anbei die Dateien.
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-22 11:51:35
-----------------------------
11:51:35.431    OS Version: Windows 5.1.2600 Service Pack 2
11:51:35.431    Number of processors: 4 586 0x2505
11:51:35.431    ComputerName: HOME-PC  UserName: Home
11:51:37.303    Initialize success
11:51:44.291    AVAST engine defs: 13032200
11:51:49.658    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:51:49.658    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
11:51:49.907    Disk 0 MBR read successfully
11:51:49.907    Disk 0 MBR scan
11:51:49.923    Disk 0 Windows 7 default MBR code
11:51:49.923    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:51:49.954    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1388712 MB offset 206848
11:51:49.985    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 2844291072
11:51:50.001    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 2928177152
11:51:50.017    Disk 0 scanning sectors +2930275120
11:51:50.126    Disk 0 scanning C:\Windows\system32\drivers
11:52:14.555    Service scanning
11:52:37.316    Modules scanning
11:53:00.310    Disk 0 trace - called modules:
11:53:00.342    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
11:53:00.342    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88234ac8]
11:53:00.342    3 CLASSPNP.SYS[8bb9859e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866f5028]
11:53:03.274    AVAST engine scan C:\Windows
11:53:30.013    AVAST engine scan C:\Windows\system32
11:58:02.501    AVAST engine scan C:\Windows\system32\drivers
11:58:17.088    AVAST engine scan C:\Users\Home
12:33:08.209    AVAST engine scan C:\ProgramData
12:41:01.175    Scan finished successfully
12:42:14.261    Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
12:42:14.261    The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
         
Code:
ATTFilter
12:46:11.0650 6804  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:46:13.0662 6804  ============================================================
12:46:13.0662 6804  Current date / time: 2013/03/22 12:46:13.0662
12:46:13.0662 6804  SystemInfo:
12:46:13.0662 6804  
12:46:13.0662 6804  OS Version: 6.1.7601 ServicePack: 1.0
12:46:13.0662 6804  Product type: Workstation
12:46:13.0662 6804  ComputerName: HOME-PC
12:46:13.0662 6804  UserName: Home
12:46:13.0662 6804  Windows directory: C:\Windows
12:46:13.0662 6804  System windows directory: C:\Windows
12:46:13.0662 6804  Processor architecture: Intel x86
12:46:13.0662 6804  Number of processors: 4
12:46:13.0662 6804  Page size: 0x1000
12:46:13.0662 6804  Boot type: Normal boot
12:46:13.0662 6804  ============================================================
12:46:14.0146 6804  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:46:14.0146 6804  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:46:20.0105 6804  Drive \Device\Harddisk5\DR5 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:46:20.0105 6804  ============================================================
12:46:20.0105 6804  \Device\Harddisk0\DR0:
12:46:20.0105 6804  MBR partitions:
12:46:20.0105 6804  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:46:20.0105 6804  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854000
12:46:20.0105 6804  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000
12:46:20.0105 6804  \Device\Harddisk1\DR1:
12:46:20.0105 6804  MBR partitions:
12:46:20.0105 6804  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
12:46:20.0105 6804  \Device\Harddisk5\DR5:
12:46:20.0105 6804  MBR partitions:
12:46:20.0105 6804  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
12:46:20.0105 6804  ============================================================
12:46:20.0136 6804  C: <-> \Device\Harddisk0\DR0\Partition2
12:46:20.0168 6804  D: <-> \Device\Harddisk0\DR0\Partition3
12:46:20.0168 6804  J: <-> \Device\Harddisk1\DR1\Partition1
12:46:20.0214 6804  L: <-> \Device\Harddisk5\DR5\Partition1
12:46:20.0214 6804  ============================================================
12:46:20.0214 6804  Initialize success
12:46:20.0214 6804  ============================================================
12:47:05.0174 6492  ============================================================
12:47:05.0174 6492  Scan started
12:47:05.0174 6492  Mode: Manual; SigCheck; TDLFS; 
12:47:05.0174 6492  ============================================================
12:47:05.0642 6492  ================ Scan system memory ========================
12:47:05.0642 6492  System memory - ok
12:47:05.0642 6492  ================ Scan services =============================
12:47:05.0813 6492  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:47:05.0954 6492  1394ohci - ok
12:47:06.0063 6492  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:47:06.0110 6492  ACDaemon - ok
12:47:06.0156 6492  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
12:47:06.0172 6492  acedrv11 - ok
12:47:06.0203 6492  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:47:06.0219 6492  ACPI - ok
12:47:06.0234 6492  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:47:06.0312 6492  AcpiPmi - ok
12:47:06.0375 6492  [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
12:47:06.0422 6492  AdobeActiveFileMonitor8.0 - ok
12:47:06.0515 6492  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:47:06.0562 6492  AdobeARMservice - ok
12:47:06.0640 6492  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:47:06.0671 6492  AdobeFlashPlayerUpdateSvc - ok
12:47:06.0718 6492  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:47:06.0734 6492  adp94xx - ok
12:47:06.0749 6492  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:47:06.0765 6492  adpahci - ok
12:47:06.0780 6492  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:47:06.0796 6492  adpu320 - ok
12:47:06.0812 6492  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:47:06.0952 6492  AeLookupSvc - ok
12:47:06.0999 6492  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
12:47:07.0046 6492  AFD - ok
12:47:07.0077 6492  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:47:07.0092 6492  agp440 - ok
12:47:07.0108 6492  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:47:07.0124 6492  aic78xx - ok
12:47:07.0139 6492  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:47:07.0202 6492  ALG - ok
12:47:07.0233 6492  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:47:07.0248 6492  aliide - ok
12:47:07.0264 6492  [ AEFEEE2E852F2774A4491C8EFA6C3B6E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:47:07.0358 6492  AMD External Events Utility - ok
12:47:07.0373 6492  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:47:07.0389 6492  amdagp - ok
12:47:07.0404 6492  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:47:07.0404 6492  amdide - ok
12:47:07.0420 6492  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:47:07.0451 6492  AmdK8 - ok
12:47:07.0623 6492  [ D05CF4523E0C04EF82454ABFD84FDC1D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:47:07.0826 6492  amdkmdag - ok
12:47:07.0841 6492  [ 92DC2E0AE49148F83B24D89C737B0C97 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:47:07.0872 6492  amdkmdap - ok
12:47:07.0888 6492  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:47:07.0919 6492  AmdPPM - ok
12:47:07.0935 6492  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:47:07.0950 6492  amdsata - ok
12:47:07.0966 6492  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:47:07.0982 6492  amdsbs - ok
12:47:07.0997 6492  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:47:08.0013 6492  amdxata - ok
12:47:08.0075 6492  [ 07B0B7175C61F65483D60577AC864B41 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
12:47:08.0138 6492  AntiVirFirewallService - ok
12:47:08.0184 6492  [ 6A8163C6428C5734192E9CF91F7207B7 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
12:47:08.0247 6492  AntiVirMailService - ok
12:47:08.0278 6492  [ BD33282EC067551060DC3A9628160E5B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:47:08.0340 6492  AntiVirSchedulerService - ok
12:47:08.0356 6492  [ 2B73EF0F975642509AB66827C4E9D6C8 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:47:08.0403 6492  AntiVirService - ok
12:47:08.0434 6492  [ 6C77D1B35B70F0710E32DFAE5326F196 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:47:08.0559 6492  AntiVirWebService - ok
12:47:08.0590 6492  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
12:47:08.0652 6492  AppID - ok
12:47:08.0715 6492  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:47:08.0777 6492  AppIDSvc - ok
12:47:08.0808 6492  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
12:47:08.0886 6492  Appinfo - ok
12:47:08.0949 6492  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:47:08.0996 6492  Apple Mobile Device - ok
12:47:09.0011 6492  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:47:09.0027 6492  arc - ok
12:47:09.0058 6492  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:47:09.0058 6492  arcsas - ok
12:47:09.0152 6492  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:47:09.0198 6492  aspnet_state - ok
12:47:09.0230 6492  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:47:09.0354 6492  AsyncMac - ok
12:47:09.0417 6492  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:47:09.0448 6492  atapi - ok
12:47:09.0495 6492  [ 95B1E9804CA10D096C0383F7C6684950 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
12:47:09.0510 6492  AtiHDAudioService - ok
12:47:09.0542 6492  [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
12:47:09.0542 6492  AtiHdmiService - ok
12:47:09.0588 6492  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:47:09.0682 6492  AudioEndpointBuilder - ok
12:47:09.0698 6492  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:47:09.0744 6492  Audiosrv - ok
12:47:09.0776 6492  [ 662ECAEC0FAE2C2069B75EF8A762BE87 ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
12:47:09.0791 6492  avfwim - ok
12:47:09.0807 6492  [ E4DC0228AB7492086B96FCC8298CF3B6 ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
12:47:09.0822 6492  avfwot - ok
12:47:09.0838 6492  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:47:09.0854 6492  avgntflt - ok
12:47:09.0885 6492  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:47:09.0900 6492  avipbb - ok
12:47:09.0916 6492  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:47:09.0932 6492  avkmgr - ok
12:47:09.0978 6492  [ DE54CA336EDCE6BE8FDB83D84AF67AE8 ] AVM BT Connection Service C:\Program Files\avmclient\avmbtservice.exe
12:47:10.0025 6492  AVM BT Connection Service ( UnsignedFile.Multi.Generic ) - warning
12:47:10.0025 6492  AVM BT Connection Service - detected UnsignedFile.Multi.Generic (1)
12:47:10.0056 6492  [ 5860CF10ACE95AE25733B24467D655AA ] AVMBTPARALLEL   C:\Windows\system32\DRIVERS\avmbtpar.sys
12:47:10.0119 6492  AVMBTPARALLEL - ok
12:47:10.0150 6492  [ F9466C032337B3BF6F7323B55B8BD32F ] AVMBTSERIAL     C:\Windows\system32\DRIVERS\avmbtser.sys
12:47:10.0181 6492  AVMBTSERIAL - ok
12:47:10.0212 6492  [ 5685E9F471135E6675D981D5D45C9935 ] AVMCOWAN        C:\Windows\system32\DRIVERS\AVMCOWAN.sys
12:47:10.0228 6492  AVMCOWAN - ok
12:47:10.0275 6492  [ 9A85E9280C7C785EB38EB1053AD1B6BF ] AvmObexService  C:\Program Files\avmclient\AvmObexService.exe
12:47:10.0322 6492  AvmObexService ( UnsignedFile.Multi.Generic ) - warning
12:47:10.0322 6492  AvmObexService - detected UnsignedFile.Multi.Generic (1)
12:47:10.0368 6492  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:47:10.0415 6492  AxInstSV - ok
12:47:10.0509 6492  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:47:10.0618 6492  b06bdrv - ok
12:47:10.0634 6492  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:47:10.0680 6492  b57nd60x - ok
12:47:10.0758 6492  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
12:47:10.0805 6492  BBSvc - ok
12:47:10.0836 6492  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:47:10.0977 6492  BDESVC - ok
12:47:10.0977 6492  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:47:11.0055 6492  Beep - ok
12:47:11.0133 6492  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
12:47:11.0211 6492  BFE - ok
12:47:11.0226 6492  [ 35CF299E5272D64239C1AB35F5C6AFC5 ] BFHU_CFG        C:\Windows\system32\DRIVERS\bfhu_cfg.sys
12:47:11.0242 6492  BFHU_CFG - ok
12:47:11.0273 6492  [ D8B5D5A9C92EFD53198E1F83AD9EF3EB ] bfubase         C:\Windows\system32\DRIVERS\bfubase.sys
12:47:11.0320 6492  bfubase - ok
12:47:11.0382 6492  [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
12:47:11.0429 6492  BingDesktopUpdate - ok
12:47:11.0460 6492  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
12:47:11.0523 6492  BITS - ok
12:47:11.0523 6492  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:47:11.0538 6492  blbdrive - ok
12:47:11.0601 6492  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:47:11.0663 6492  Bonjour Service - ok
12:47:11.0679 6492  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:47:11.0741 6492  bowser - ok
12:47:11.0757 6492  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:47:11.0788 6492  BrFiltLo - ok
12:47:11.0804 6492  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:47:11.0835 6492  BrFiltUp - ok
12:47:11.0897 6492  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
12:47:11.0944 6492  Browser - ok
12:47:11.0975 6492  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:47:12.0022 6492  Brserid - ok
12:47:12.0038 6492  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:47:12.0069 6492  BrSerWdm - ok
12:47:12.0084 6492  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:47:12.0116 6492  BrUsbMdm - ok
12:47:12.0147 6492  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:47:12.0194 6492  BrUsbSer - ok
12:47:12.0194 6492  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:47:12.0240 6492  BTHMODEM - ok
12:47:12.0272 6492  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:47:12.0365 6492  bthserv - ok
12:47:12.0381 6492  [ A1340504561B78E086BA5BC8DAD41212 ] CAPI_CIP        C:\Windows\system32\DRIVERS\capi_cip.sys
12:47:12.0412 6492  CAPI_CIP - ok
12:47:12.0443 6492  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:47:12.0506 6492  cdfs - ok
12:47:12.0537 6492  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:47:12.0568 6492  cdrom - ok
12:47:12.0615 6492  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:47:12.0677 6492  CertPropSvc - ok
12:47:12.0693 6492  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:47:12.0724 6492  circlass - ok
12:47:12.0755 6492  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:47:12.0786 6492  CLFS - ok
12:47:12.0849 6492  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:47:12.0896 6492  clr_optimization_v2.0.50727_32 - ok
12:47:12.0911 6492  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:47:12.0942 6492  clr_optimization_v4.0.30319_32 - ok
12:47:12.0974 6492  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:47:12.0989 6492  CmBatt - ok
12:47:13.0020 6492  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:47:13.0052 6492  cmdide - ok
12:47:13.0083 6492  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:47:13.0114 6492  CNG - ok
12:47:13.0130 6492  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:47:13.0145 6492  Compbatt - ok
12:47:13.0192 6492  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:47:13.0223 6492  CompositeBus - ok
12:47:13.0239 6492  COMSysApp - ok
12:47:13.0254 6492  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:47:13.0254 6492  crcdisk - ok
12:47:13.0301 6492  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:47:13.0410 6492  CryptSvc - ok
12:47:13.0442 6492  [ 48297BF3339BC56DD7D7524D7A1740AA ] DBService       C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
12:47:13.0504 6492  DBService ( UnsignedFile.Multi.Generic ) - warning
12:47:13.0504 6492  DBService - detected UnsignedFile.Multi.Generic (1)
12:47:13.0535 6492  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:47:13.0582 6492  DcomLaunch - ok
12:47:13.0629 6492  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:47:13.0660 6492  defragsvc - ok
12:47:13.0691 6492  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:47:13.0769 6492  DfsC - ok
12:47:13.0832 6492  [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS          C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
12:47:13.0894 6492  DfSdkS ( UnsignedFile.Multi.Generic ) - warning
12:47:13.0894 6492  DfSdkS - detected UnsignedFile.Multi.Generic (1)
12:47:13.0925 6492  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:47:14.0019 6492  Dhcp - ok
12:47:14.0034 6492  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:47:14.0097 6492  discache - ok
12:47:14.0128 6492  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:47:14.0159 6492  Disk - ok
12:47:14.0190 6492  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:47:14.0268 6492  Dnscache - ok
12:47:14.0300 6492  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:47:14.0378 6492  dot3svc - ok
12:47:14.0424 6492  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:47:14.0456 6492  Dot4 - ok
12:47:14.0487 6492  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:47:14.0502 6492  Dot4Print - ok
12:47:14.0502 6492  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:47:14.0534 6492  dot4usb - ok
12:47:14.0565 6492  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
12:47:14.0627 6492  DPS - ok
12:47:14.0658 6492  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:47:14.0705 6492  drmkaud - ok
12:47:14.0736 6492  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:47:14.0783 6492  DXGKrnl - ok
12:47:14.0814 6492  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:47:14.0846 6492  EapHost - ok
12:47:14.0908 6492  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:47:15.0017 6492  ebdrv - ok
12:47:15.0048 6492  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
12:47:15.0126 6492  EFS - ok
12:47:15.0173 6492  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:47:15.0282 6492  ehRecvr - ok
12:47:15.0314 6492  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:47:15.0360 6492  ehSched - ok
12:47:15.0392 6492  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:47:15.0407 6492  elxstor - ok
12:47:15.0438 6492  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:47:15.0454 6492  ErrDev - ok
12:47:15.0485 6492  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:47:15.0532 6492  EventSystem - ok
12:47:15.0563 6492  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:47:15.0579 6492  exfat - ok
12:47:15.0594 6492  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:47:15.0641 6492  fastfat - ok
12:47:15.0688 6492  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
12:47:15.0750 6492  Fax - ok
12:47:15.0797 6492  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:47:15.0813 6492  fdc - ok
12:47:15.0828 6492  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:47:15.0891 6492  fdPHost - ok
12:47:15.0891 6492  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:47:15.0953 6492  FDResPub - ok
12:47:15.0969 6492  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:47:15.0984 6492  FileInfo - ok
12:47:16.0000 6492  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:47:16.0047 6492  Filetrace - ok
12:47:16.0156 6492  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
12:47:16.0218 6492  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
12:47:16.0218 6492  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
12:47:16.0281 6492  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:47:16.0328 6492  FLEXnet Licensing Service - ok
12:47:16.0343 6492  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:47:16.0374 6492  flpydisk - ok
12:47:16.0406 6492  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:47:16.0421 6492  FltMgr - ok
12:47:16.0437 6492  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
12:47:16.0499 6492  FontCache - ok
12:47:16.0562 6492  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:47:16.0593 6492  FontCache3.0.0.0 - ok
12:47:16.0655 6492  [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
12:47:16.0702 6492  FreeAgentGoNext Service - ok
12:47:16.0718 6492  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:47:16.0733 6492  FsDepends - ok
12:47:16.0764 6492  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:47:16.0780 6492  Fs_Rec - ok
12:47:16.0827 6492  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:47:16.0858 6492  fvevol - ok
12:47:16.0874 6492  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:47:16.0889 6492  gagp30kx - ok
12:47:16.0952 6492  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:47:16.0967 6492  GEARAspiWDM - ok
12:47:16.0998 6492  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:47:17.0076 6492  gpsvc - ok
12:47:17.0170 6492  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:47:17.0186 6492  gupdate - ok
12:47:17.0201 6492  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:47:17.0217 6492  gupdatem - ok
12:47:17.0232 6492  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:47:17.0295 6492  hcw85cir - ok
12:47:17.0326 6492  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:47:17.0357 6492  HdAudAddService - ok
12:47:17.0373 6492  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:47:17.0404 6492  HDAudBus - ok
12:47:17.0420 6492  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:47:17.0435 6492  HidBatt - ok
12:47:17.0451 6492  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:47:17.0482 6492  HidBth - ok
12:47:17.0498 6492  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:47:17.0529 6492  HidIr - ok
12:47:17.0544 6492  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:47:17.0591 6492  hidserv - ok
12:47:17.0622 6492  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:47:17.0654 6492  HidUsb - ok
12:47:17.0685 6492  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:47:17.0747 6492  hkmsvc - ok
12:47:17.0778 6492  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:47:17.0856 6492  HomeGroupListener - ok
12:47:17.0888 6492  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:47:17.0919 6492  HomeGroupProvider - ok
12:47:17.0966 6492  [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:47:18.0012 6492  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:47:18.0012 6492  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:47:18.0044 6492  [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:47:18.0075 6492  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:47:18.0075 6492  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:47:18.0090 6492  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:47:18.0106 6492  HpSAMD - ok
12:47:18.0137 6492  [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:47:18.0215 6492  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
12:47:18.0215 6492  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
12:47:18.0262 6492  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:47:18.0309 6492  HTTP - ok
12:47:18.0324 6492  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:47:18.0340 6492  hwpolicy - ok
12:47:18.0356 6492  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:47:18.0371 6492  i8042prt - ok
12:47:18.0418 6492  [ 26541A068572F650A2FA490726FE81BE ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:47:18.0449 6492  iaStor - ok
12:47:18.0512 6492  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:47:18.0527 6492  IAStorDataMgrSvc - ok
12:47:18.0574 6492  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:47:18.0590 6492  iaStorV - ok
12:47:18.0652 6492  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:47:18.0730 6492  idsvc - ok
12:47:18.0761 6492  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:47:18.0777 6492  iirsp - ok
12:47:18.0824 6492  [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
12:47:18.0870 6492  IJPLMSVC - ok
12:47:18.0933 6492  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:47:18.0995 6492  IKEEXT - ok
12:47:19.0120 6492  [ 4BE85CF5831A41104C2DDED55FBC3565 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:47:19.0229 6492  IntcAzAudAddService - ok
12:47:19.0261 6492  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:47:19.0276 6492  intelide - ok
12:47:19.0307 6492  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:47:19.0323 6492  intelppm - ok
12:47:19.0354 6492  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:47:19.0417 6492  IPBusEnum - ok
12:47:19.0448 6492  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:47:19.0495 6492  IpFilterDriver - ok
12:47:19.0541 6492  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:47:19.0604 6492  iphlpsvc - ok
12:47:19.0604 6492  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:47:19.0619 6492  IPMIDRV - ok
12:47:19.0635 6492  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:47:19.0682 6492  IPNAT - ok
12:47:19.0760 6492  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:47:19.0822 6492  iPod Service - ok
12:47:19.0838 6492  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:47:19.0853 6492  IRENUM - ok
12:47:19.0869 6492  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:47:19.0885 6492  isapnp - ok
12:47:19.0885 6492  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:47:19.0900 6492  iScsiPrt - ok
12:47:19.0931 6492  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:47:19.0947 6492  kbdclass - ok
12:47:19.0963 6492  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:47:19.0978 6492  kbdhid - ok
12:47:19.0994 6492  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
12:47:20.0009 6492  KeyIso - ok
12:47:20.0056 6492  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:47:20.0072 6492  KSecDD - ok
12:47:20.0103 6492  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:47:20.0119 6492  KSecPkg - ok
12:47:20.0150 6492  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:47:20.0197 6492  KtmRm - ok
12:47:20.0228 6492  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:47:20.0259 6492  LanmanServer - ok
12:47:20.0306 6492  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:47:20.0353 6492  LanmanWorkstation - ok
12:47:20.0384 6492  [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:47:20.0415 6492  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:47:20.0415 6492  LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:47:20.0462 6492  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:47:20.0509 6492  lltdio - ok
12:47:20.0540 6492  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:47:20.0571 6492  lltdsvc - ok
12:47:20.0571 6492  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:47:20.0602 6492  lmhosts - ok
12:47:20.0618 6492  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:47:20.0618 6492  LSI_FC - ok
12:47:20.0649 6492  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:47:20.0649 6492  LSI_SAS - ok
12:47:20.0665 6492  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:47:20.0665 6492  LSI_SAS2 - ok
12:47:20.0696 6492  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:47:20.0711 6492  LSI_SCSI - ok
12:47:20.0727 6492  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:47:20.0774 6492  luafv - ok
12:47:20.0821 6492  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:47:20.0821 6492  MBAMProtector - ok
12:47:20.0852 6492  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:47:20.0914 6492  MBAMScheduler - ok
12:47:20.0945 6492  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:47:20.0977 6492  MBAMService - ok
12:47:21.0039 6492  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:47:21.0070 6492  Mcx2Svc - ok
12:47:21.0086 6492  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:47:21.0101 6492  megasas - ok
12:47:21.0133 6492  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:47:21.0148 6492  MegaSR - ok
12:47:21.0164 6492  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:47:21.0195 6492  MMCSS - ok
12:47:21.0211 6492  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:47:21.0257 6492  Modem - ok
12:47:21.0289 6492  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:47:21.0304 6492  monitor - ok
12:47:21.0320 6492  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
12:47:21.0335 6492  mouclass - ok
12:47:21.0335 6492  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:47:21.0351 6492  mouhid - ok
12:47:21.0398 6492  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:47:21.0398 6492  mountmgr - ok
12:47:21.0429 6492  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:47:21.0445 6492  mpio - ok
12:47:21.0476 6492  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:47:21.0507 6492  mpsdrv - ok
12:47:21.0554 6492  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:47:21.0632 6492  MpsSvc - ok
12:47:21.0663 6492  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:47:21.0710 6492  MRxDAV - ok
12:47:21.0725 6492  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:47:21.0772 6492  mrxsmb - ok
12:47:21.0803 6492  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:47:21.0835 6492  mrxsmb10 - ok
12:47:21.0850 6492  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:47:21.0897 6492  mrxsmb20 - ok
12:47:21.0913 6492  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:47:21.0944 6492  msahci - ok
12:47:21.0959 6492  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:47:21.0975 6492  msdsm - ok
12:47:21.0991 6492  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:47:22.0037 6492  MSDTC - ok
12:47:22.0069 6492  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:47:22.0115 6492  Msfs - ok
12:47:22.0131 6492  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:47:22.0147 6492  mshidkmdf - ok
12:47:22.0162 6492  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:47:22.0162 6492  msisadrv - ok
12:47:22.0209 6492  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:47:22.0256 6492  MSiSCSI - ok
12:47:22.0256 6492  msiserver - ok
12:47:22.0271 6492  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:47:22.0287 6492  MSKSSRV - ok
12:47:22.0303 6492  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:47:22.0349 6492  MSPCLOCK - ok
12:47:22.0381 6492  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:47:22.0396 6492  MSPQM - ok
12:47:22.0412 6492  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:47:22.0427 6492  MsRPC - ok
12:47:22.0443 6492  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:47:22.0443 6492  mssmbios - ok
12:47:22.0459 6492  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:47:22.0490 6492  MSTEE - ok
12:47:22.0490 6492  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:47:22.0521 6492  MTConfig - ok
12:47:22.0537 6492  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:47:22.0552 6492  Mup - ok
12:47:22.0583 6492  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:47:22.0646 6492  napagent - ok
12:47:22.0693 6492  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:47:22.0724 6492  NativeWifiP - ok
12:47:22.0771 6492  [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:47:22.0802 6492  NBService - ok
12:47:22.0880 6492  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:47:22.0911 6492  NDIS - ok
12:47:22.0942 6492  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:47:22.0973 6492  NdisCap - ok
12:47:23.0005 6492  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:23.0036 6492  NdisTapi - ok
12:47:23.0051 6492  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:23.0083 6492  Ndisuio - ok
12:47:23.0114 6492  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:23.0176 6492  NdisWan - ok
12:47:23.0207 6492  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:47:23.0239 6492  NDProxy - ok
12:47:23.0317 6492  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:47:23.0395 6492  Nero BackItUp Scheduler 4.0 - ok
12:47:23.0410 6492  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:47:23.0426 6492  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:47:23.0426 6492  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:47:23.0441 6492  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:47:23.0473 6492  NetBIOS - ok
12:47:23.0504 6492  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:47:23.0535 6492  NetBT - ok
12:47:23.0551 6492  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
12:47:23.0551 6492  Netlogon - ok
12:47:23.0613 6492  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:47:23.0675 6492  Netman - ok
12:47:23.0707 6492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:47:23.0738 6492  NetMsmqActivator - ok
12:47:23.0800 6492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:47:23.0816 6492  NetPipeActivator - ok
12:47:23.0847 6492  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:47:23.0909 6492  netprofm - ok
12:47:23.0925 6492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:47:23.0941 6492  NetTcpActivator - ok
12:47:23.0941 6492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:47:23.0941 6492  NetTcpPortSharing - ok
12:47:24.0003 6492  [ 450D0D2062C54DDA23583A78C0EB63D9 ] Netzmanager Service C:\Program Files\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
12:47:24.0019 6492  Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
12:47:24.0019 6492  Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
12:47:24.0065 6492  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:47:24.0097 6492  nfrd960 - ok
12:47:24.0128 6492  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:47:24.0143 6492  NlaSvc - ok
12:47:24.0206 6492  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:47:24.0237 6492  NMIndexingService - ok
12:47:24.0237 6492  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:47:24.0268 6492  Npfs - ok
12:47:24.0315 6492  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:47:24.0377 6492  nsi - ok
12:47:24.0377 6492  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:47:24.0409 6492  nsiproxy - ok
12:47:24.0455 6492  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:47:24.0487 6492  Ntfs - ok
12:47:24.0502 6492  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:47:24.0533 6492  Null - ok
12:47:24.0549 6492  [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
12:47:24.0549 6492  nusb3hub - ok
12:47:24.0596 6492  [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:47:24.0611 6492  nusb3xhc - ok
12:47:24.0643 6492  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:47:24.0658 6492  nvraid - ok
12:47:24.0674 6492  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:47:24.0689 6492  nvstor - ok
12:47:24.0705 6492  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:47:24.0721 6492  nv_agp - ok
12:47:24.0736 6492  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:47:24.0752 6492  ohci1394 - ok
12:47:24.0783 6492  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
12:47:24.0814 6492  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
12:47:24.0814 6492  OMSI download service - detected UnsignedFile.Multi.Generic (1)
12:47:24.0861 6492  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:47:24.0892 6492  ose - ok
12:47:25.0033 6492  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:47:25.0173 6492  osppsvc - ok
12:47:25.0220 6492  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:47:25.0298 6492  p2pimsvc - ok
12:47:25.0313 6492  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:47:25.0391 6492  p2psvc - ok
12:47:25.0407 6492  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:47:25.0423 6492  Parport - ok
12:47:25.0454 6492  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:47:25.0469 6492  partmgr - ok
12:47:25.0469 6492  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:47:25.0501 6492  Parvdm - ok
12:47:25.0516 6492  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:47:25.0532 6492  PcaSvc - ok
12:47:25.0547 6492  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
12:47:25.0563 6492  pci - ok
12:47:25.0579 6492  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:47:25.0579 6492  pciide - ok
12:47:25.0610 6492  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:47:25.0625 6492  pcmcia - ok
12:47:25.0641 6492  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:47:25.0641 6492  pcw - ok
12:47:25.0672 6492  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:47:25.0719 6492  PEAUTH - ok
12:47:25.0781 6492  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
12:47:25.0875 6492  pla - ok
12:47:25.0875 6492  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
12:47:25.0891 6492  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
12:47:25.0891 6492  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
12:47:25.0922 6492  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:47:25.0969 6492  PlugPlay - ok
12:47:25.0984 6492  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:47:26.0000 6492  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:47:26.0000 6492  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:47:26.0000 6492  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:47:26.0031 6492  PNRPAutoReg - ok
12:47:26.0047 6492  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:47:26.0062 6492  PNRPsvc - ok
12:47:26.0109 6492  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:47:26.0187 6492  PolicyAgent - ok
12:47:26.0218 6492  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
12:47:26.0281 6492  Power - ok
12:47:26.0312 6492  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:47:26.0390 6492  PptpMiniport - ok
12:47:26.0405 6492  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:47:26.0437 6492  Processor - ok
12:47:26.0452 6492  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:47:26.0499 6492  ProfSvc - ok
12:47:26.0499 6492  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:47:26.0515 6492  ProtectedStorage - ok
12:47:26.0530 6492  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:47:26.0561 6492  Psched - ok
12:47:26.0593 6492  [ E7483BE1E7A6FB16FC9AD6B54F99DEE4 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:47:26.0639 6492  PSI_SVC_2 - ok
12:47:26.0671 6492  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
12:47:26.0686 6492  PxHelp20 - ok
12:47:26.0717 6492  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:47:26.0749 6492  ql2300 - ok
12:47:26.0780 6492  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:47:26.0780 6492  ql40xx - ok
12:47:26.0811 6492  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:47:26.0842 6492  QWAVE - ok
12:47:26.0858 6492  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:47:26.0873 6492  QWAVEdrv - ok
12:47:26.0873 6492  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:47:26.0920 6492  RasAcd - ok
12:47:26.0983 6492  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:27.0061 6492  RasAgileVpn - ok
12:47:27.0076 6492  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:47:27.0123 6492  RasAuto - ok
12:47:27.0123 6492  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:27.0170 6492  Rasl2tp - ok
12:47:27.0185 6492  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:47:27.0263 6492  RasMan - ok
12:47:27.0279 6492  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:27.0310 6492  RasPppoe - ok
12:47:27.0326 6492  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:47:27.0357 6492  RasSstp - ok
12:47:27.0373 6492  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:47:27.0388 6492  rdbss - ok
12:47:27.0404 6492  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:47:27.0435 6492  rdpbus - ok
12:47:27.0451 6492  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:27.0482 6492  RDPCDD - ok
12:47:27.0529 6492  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:47:27.0591 6492  RDPENCDD - ok
12:47:27.0607 6492  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:47:27.0638 6492  RDPREFMP - ok
12:47:27.0669 6492  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:47:27.0731 6492  RdpVideoMiniport - ok
12:47:27.0763 6492  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:47:27.0825 6492  RDPWD - ok
12:47:27.0841 6492  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:47:27.0856 6492  rdyboost - ok
12:47:27.0887 6492  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:47:27.0919 6492  RemoteAccess - ok
12:47:27.0919 6492  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:47:27.0965 6492  RemoteRegistry - ok
12:47:27.0981 6492  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:47:28.0043 6492  RpcEptMapper - ok
12:47:28.0075 6492  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:47:28.0121 6492  RpcLocator - ok
12:47:28.0137 6492  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
12:47:28.0184 6492  RpcSs - ok
12:47:28.0199 6492  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:47:28.0246 6492  rspndr - ok
12:47:28.0277 6492  [ 0516998076AD894AE7E362C3110AA071 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
12:47:28.0309 6492  RTL8167 - ok
12:47:28.0324 6492  [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
12:47:28.0355 6492  RTL8192su - ok
12:47:28.0371 6492  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
12:47:28.0387 6492  SamSs - ok
12:47:28.0418 6492  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:47:28.0418 6492  sbp2port - ok
12:47:28.0449 6492  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:47:28.0480 6492  SCardSvr - ok
12:47:28.0496 6492  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:47:28.0527 6492  scfilter - ok
12:47:28.0558 6492  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:47:28.0621 6492  Schedule - ok
12:47:28.0636 6492  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:47:28.0652 6492  SCPolicySvc - ok
12:47:28.0683 6492  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:47:28.0777 6492  SDRSVC - ok
12:47:28.0839 6492  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
12:47:28.0886 6492  SeaPort - ok
12:47:28.0933 6492  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:47:28.0979 6492  secdrv - ok
12:47:29.0011 6492  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:47:29.0073 6492  seclogon - ok
12:47:29.0104 6492  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
12:47:29.0151 6492  seehcri - ok
12:47:29.0182 6492  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:47:29.0245 6492  SENS - ok
12:47:29.0260 6492  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:47:29.0354 6492  SensrSvc - ok
12:47:29.0369 6492  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:47:29.0385 6492  Serenum - ok
12:47:29.0401 6492  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:47:29.0432 6492  Serial - ok
12:47:29.0463 6492  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:47:29.0494 6492  sermouse - ok
12:47:29.0557 6492  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:47:29.0619 6492  SessionEnv - ok
12:47:29.0650 6492  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:47:29.0666 6492  sffdisk - ok
12:47:29.0681 6492  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:47:29.0713 6492  sffp_mmc - ok
12:47:29.0713 6492  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:47:29.0728 6492  sffp_sd - ok
12:47:29.0744 6492  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:47:29.0775 6492  sfloppy - ok
12:47:29.0806 6492  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:47:29.0869 6492  SharedAccess - ok
12:47:29.0900 6492  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:47:29.0947 6492  ShellHWDetection - ok
12:47:29.0947 6492  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:47:29.0962 6492  sisagp - ok
12:47:29.0978 6492  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:29.0993 6492  SiSRaid2 - ok
12:47:29.0993 6492  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:47:30.0009 6492  SiSRaid4 - ok
12:47:30.0009 6492  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:47:30.0056 6492  Smb - ok
12:47:30.0103 6492  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:47:30.0134 6492  SNMPTRAP - ok
12:47:30.0149 6492  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:47:30.0165 6492  spldr - ok
12:47:30.0196 6492  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
12:47:30.0274 6492  Spooler - ok
12:47:30.0368 6492  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:47:30.0493 6492  sppsvc - ok
12:47:30.0524 6492  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:47:30.0586 6492  sppuinotify - ok
12:47:30.0617 6492  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:47:30.0649 6492  srv - ok
12:47:30.0664 6492  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:47:30.0711 6492  srv2 - ok
12:47:30.0711 6492  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:47:30.0742 6492  srvnet - ok
12:47:30.0758 6492  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:47:30.0789 6492  SSDPSRV - ok
12:47:30.0820 6492  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
12:47:30.0820 6492  ssmdrv - ok
12:47:30.0836 6492  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:47:30.0867 6492  SstpSvc - ok
12:47:30.0976 6492  [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
12:47:31.0023 6492  StarMoney 8.0 OnlineUpdate - ok
12:47:31.0054 6492  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:47:31.0085 6492  stexstor - ok
12:47:31.0117 6492  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:47:31.0148 6492  StillCam - ok
12:47:31.0195 6492  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:47:31.0257 6492  StiSvc - ok
12:47:31.0273 6492  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:47:31.0288 6492  swenum - ok
12:47:31.0335 6492  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:47:31.0429 6492  swprv - ok
12:47:31.0475 6492  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
12:47:31.0553 6492  SysMain - ok
12:47:31.0553 6492  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:47:31.0569 6492  TabletInputService - ok
12:47:31.0600 6492  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:47:31.0647 6492  TapiSrv - ok
12:47:31.0663 6492  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:47:31.0709 6492  TBS - ok
12:47:31.0756 6492  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:47:31.0803 6492  Tcpip - ok
12:47:31.0834 6492  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:47:31.0865 6492  TCPIP6 - ok
12:47:31.0897 6492  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:47:31.0943 6492  tcpipreg - ok
12:47:31.0959 6492  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:47:32.0037 6492  TDPIPE - ok
12:47:32.0053 6492  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:47:32.0068 6492  TDTCP - ok
12:47:32.0099 6492  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:47:32.0146 6492  tdx - ok
12:47:32.0146 6492  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:47:32.0162 6492  TermDD - ok
12:47:32.0209 6492  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
12:47:32.0255 6492  TermService - ok
12:47:32.0271 6492  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:47:32.0302 6492  Themes - ok
12:47:32.0302 6492  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:47:32.0333 6492  THREADORDER - ok
12:47:32.0349 6492  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:47:32.0380 6492  TrkWks - ok
12:47:32.0458 6492  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:47:32.0536 6492  TrustedInstaller - ok
12:47:32.0552 6492  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:32.0599 6492  tssecsrv - ok
12:47:32.0630 6492  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:47:32.0661 6492  TsUsbFlt - ok
12:47:32.0708 6492  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:47:32.0755 6492  tunnel - ok
12:47:32.0786 6492  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:47:32.0801 6492  uagp35 - ok
12:47:32.0833 6492  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:47:32.0895 6492  udfs - ok
12:47:32.0926 6492  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:47:32.0957 6492  UI0Detect - ok
12:47:32.0957 6492  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:47:32.0989 6492  uliagpkx - ok
12:47:33.0020 6492  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
12:47:33.0035 6492  umbus - ok
12:47:33.0098 6492  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:47:33.0145 6492  UmPass - ok
12:47:33.0176 6492  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:47:33.0223 6492  upnphost - ok
12:47:33.0301 6492  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService     C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
12:47:33.0347 6492  UPnPService ( UnsignedFile.Multi.Generic ) - warning
12:47:33.0347 6492  UPnPService - detected UnsignedFile.Multi.Generic (1)
12:47:33.0394 6492  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:33.0425 6492  usbccgp - ok
12:47:33.0457 6492  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:47:33.0503 6492  usbcir - ok
12:47:33.0535 6492  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:47:33.0550 6492  usbehci - ok
12:47:33.0566 6492  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:47:33.0597 6492  usbhub - ok
12:47:33.0628 6492  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:47:33.0659 6492  usbohci - ok
12:47:33.0659 6492  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:47:33.0706 6492  usbprint - ok
12:47:33.0753 6492  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:47:33.0784 6492  usbscan - ok
12:47:33.0784 6492  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:33.0847 6492  USBSTOR - ok
12:47:33.0862 6492  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:47:33.0893 6492  usbuhci - ok
12:47:33.0909 6492  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:47:33.0956 6492  UxSms - ok
12:47:33.0971 6492  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:47:33.0971 6492  VaultSvc - ok
12:47:33.0987 6492  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:47:33.0987 6492  vdrvroot - ok
12:47:34.0034 6492  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
12:47:34.0081 6492  vds - ok
12:47:34.0096 6492  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:34.0127 6492  vga - ok
12:47:34.0127 6492  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:47:34.0159 6492  VgaSave - ok
12:47:34.0174 6492  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:47:34.0190 6492  vhdmp - ok
12:47:34.0221 6492  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:47:34.0237 6492  viaagp - ok
12:47:34.0237 6492  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:47:34.0268 6492  ViaC7 - ok
12:47:34.0299 6492  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:47:34.0299 6492  viaide - ok
12:47:34.0315 6492  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:47:34.0330 6492  volmgr - ok
12:47:34.0361 6492  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:47:34.0377 6492  volmgrx - ok
12:47:34.0393 6492  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:47:34.0408 6492  volsnap - ok
12:47:34.0424 6492  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:34.0424 6492  vsmraid - ok
12:47:34.0502 6492  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
12:47:34.0549 6492  VSS - ok
12:47:34.0564 6492  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:47:34.0595 6492  vwifibus - ok
12:47:34.0595 6492  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:47:34.0611 6492  vwififlt - ok
12:47:34.0627 6492  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:47:34.0658 6492  vwifimp - ok
12:47:34.0673 6492  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:47:34.0720 6492  W32Time - ok
12:47:34.0720 6492  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:47:34.0751 6492  WacomPen - ok
12:47:34.0767 6492  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:47:34.0798 6492  WANARP - ok
12:47:34.0798 6492  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:47:34.0829 6492  Wanarpv6 - ok
12:47:34.0861 6492  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:47:34.0954 6492  wbengine - ok
12:47:35.0001 6492  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:47:35.0048 6492  WbioSrvc - ok
12:47:35.0095 6492  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:47:35.0126 6492  wcncsvc - ok
12:47:35.0126 6492  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:47:35.0188 6492  WcsPlugInService - ok
12:47:35.0188 6492  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:47:35.0204 6492  Wd - ok
12:47:35.0251 6492  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:47:35.0297 6492  Wdf01000 - ok
12:47:35.0313 6492  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:47:35.0360 6492  WdiServiceHost - ok
12:47:35.0375 6492  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:47:35.0391 6492  WdiSystemHost - ok
12:47:35.0422 6492  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
12:47:35.0438 6492  WebClient - ok
12:47:35.0453 6492  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:47:35.0485 6492  Wecsvc - ok
12:47:35.0500 6492  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:47:35.0531 6492  wercplsupport - ok
12:47:35.0531 6492  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:47:35.0563 6492  WerSvc - ok
12:47:35.0594 6492  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:35.0656 6492  WfpLwf - ok
12:47:35.0672 6492  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:47:35.0687 6492  WIMMount - ok
12:47:35.0750 6492  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:47:35.0828 6492  WinDefend - ok
12:47:35.0843 6492  WinHttpAutoProxySvc - ok
12:47:35.0890 6492  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:47:35.0953 6492  Winmgmt - ok
12:47:35.0984 6492  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:47:36.0031 6492  WinRM - ok
12:47:36.0093 6492  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
12:47:36.0109 6492  WinUsb - ok
12:47:36.0155 6492  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:47:36.0218 6492  Wlansvc - ok
12:47:36.0311 6492  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:47:36.0343 6492  wlcrasvc - ok
12:47:36.0405 6492  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:47:36.0499 6492  wlidsvc - ok
12:47:36.0514 6492  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:47:36.0530 6492  WmiAcpi - ok
12:47:36.0561 6492  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:47:36.0623 6492  wmiApSrv - ok
12:47:36.0717 6492  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:47:36.0779 6492  WMPNetworkSvc - ok
12:47:36.0795 6492  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:47:36.0826 6492  WPCSvc - ok
12:47:36.0857 6492  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:47:36.0904 6492  WPDBusEnum - ok
12:47:36.0935 6492  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:47:36.0967 6492  ws2ifsl - ok
12:47:36.0998 6492  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:47:37.0013 6492  wscsvc - ok
12:47:37.0013 6492  WSearch - ok
12:47:37.0076 6492  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:47:37.0169 6492  wuauserv - ok
12:47:37.0185 6492  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:47:37.0247 6492  WudfPf - ok
12:47:37.0263 6492  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:37.0279 6492  WUDFRd - ok
12:47:37.0310 6492  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:47:37.0341 6492  wudfsvc - ok
12:47:37.0388 6492  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:47:37.0450 6492  WwanSvc - ok
12:47:37.0466 6492  ================ Scan global ===============================
12:47:37.0497 6492  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:47:37.0544 6492  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:47:37.0544 6492  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:47:37.0575 6492  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:47:37.0606 6492  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:47:37.0606 6492  [Global] - ok
12:47:37.0606 6492  ================ Scan MBR ==================================
12:47:37.0622 6492  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:47:37.0903 6492  \Device\Harddisk0\DR0 - ok
12:47:37.0903 6492  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:47:37.0981 6492  \Device\Harddisk1\DR1 - ok
12:47:38.0027 6492  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
12:47:38.0183 6492  \Device\Harddisk5\DR5 - ok
12:47:38.0183 6492  ================ Scan VBR ==================================
12:47:38.0199 6492  [ 4BA4FAB1AB1BB0938C5CE8CA9A40EC46 ] \Device\Harddisk0\DR0\Partition1
12:47:38.0199 6492  \Device\Harddisk0\DR0\Partition1 - ok
12:47:38.0215 6492  [ F9492EBE7210EBCAC2A978DF4BAE06BA ] \Device\Harddisk0\DR0\Partition2
12:47:38.0215 6492  \Device\Harddisk0\DR0\Partition2 - ok
12:47:38.0246 6492  [ 4A6508FACEA94B9FCABE01BDC850863E ] \Device\Harddisk0\DR0\Partition3
12:47:38.0246 6492  \Device\Harddisk0\DR0\Partition3 - ok
12:47:38.0246 6492  [ D01E1E0222E978B80AFE19A41123C2B9 ] \Device\Harddisk1\DR1\Partition1
12:47:38.0246 6492  \Device\Harddisk1\DR1\Partition1 - ok
12:47:38.0246 6492  [ 1ACBDCCB69AD16CB512D6189DCC1530F ] \Device\Harddisk5\DR5\Partition1
12:47:38.0261 6492  \Device\Harddisk5\DR5\Partition1 - ok
12:47:38.0261 6492  ============================================================
12:47:38.0261 6492  Scan finished
12:47:38.0261 6492  ============================================================
12:47:38.0261 11496  Detected object count: 15
12:47:38.0261 11496  Actual detected object count: 15
12:47:57.0605 11496  AVM BT Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496  AVM BT Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0605 11496  AvmObexService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496  AvmObexService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0605 11496  DBService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496  DBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0605 11496  DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496  DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0605 11496  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:47:57.0621 11496  UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496  UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 22.03.2013, 13:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.Blubbers - Standard

PUP.Blubbers



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 14:28   #11
pfaffe33
 
PUP.Blubbers - Standard

PUP.Blubbers



Hier die Datei:
Code:
ATTFilter
ComboFix 13-03-21.02 - Home 22.03.2013  14:03:32.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3063.1637 [GMT 1:00]
ausgeführt von:: c:\users\Home\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Internet Explorer
c:\internet explorer\Custom\eBay.ico
c:\internet explorer\NPSWF32.dll
c:\users\Home\AppData\Roaming\Microsoft\Office\unins000.exe
c:\windows\IsUn0407.exe
c:\windows\system\olepro32.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
L:\Autorun.inf
L:\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-22 bis 2013-03-22  ))))))))))))))))))))))))))))))
.
.
2013-03-22 13:13 . 2013-03-22 13:13 -------- d-----w- c:\users\Home\AppData\Local\temp
2013-03-22 13:13 . 2013-03-22 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-22 07:30 . 2013-03-22 07:30 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2C2EB93-45EA-429C-B50D-80F3C51DC321}\offreg.dll
2013-03-22 07:20 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2C2EB93-45EA-429C-B50D-80F3C51DC321}\mpengine.dll
2013-03-20 09:12 . 2013-03-20 09:12 -------- d-----w- c:\users\Home\AppData\Roaming\Malwarebytes
2013-03-20 09:12 . 2013-03-20 09:12 -------- d-----w- c:\programdata\Malwarebytes
2013-03-20 09:12 . 2013-03-20 09:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-20 09:12 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 16:05 . 2012-11-22 09:50 92184 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-03-13 15:24 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-10 09:53 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-09 09:52 . 2013-03-09 09:53 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-03-09 09:52 . 2013-03-09 09:53 -------- d-----w- c:\program files\iTunes
2013-03-09 09:52 . 2013-03-09 09:52 -------- d-----w- c:\program files\iPod
2013-03-07 17:42 . 2013-03-07 17:42 5664768 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 14:33 . 2012-10-09 16:02 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-21 14:33 . 2012-10-09 16:02 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-21 14:33 . 2012-10-09 16:02 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-18 15:36 . 2012-04-03 14:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-18 15:36 . 2011-05-22 16:16 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 13:58 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 13:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-06 12:50 . 2013-02-06 12:50 53248 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{F5D84887-8A6F-4993-8560-B3AA44CB620D}\ARPPRODUCTICON.exe
2013-02-06 12:25 . 2012-10-09 16:02 92448 ----a-w- c:\windows\system32\drivers\avfwim.sys
2013-02-06 12:25 . 2012-10-09 16:02 113024 ----a-w- c:\windows\system32\drivers\avfwot.sys
2013-01-17 00:28 . 2010-08-30 16:46 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-16 18:21 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 18:21 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-16 18:20 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-16 18:21 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-16 18:21 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-16 18:21 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"SansaDispatch"="c:\users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-10-24 79872]
"HP ENVY 110 series (NET)"="c:\program files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe" [2011-09-19 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AVMBlueClient"="c:\program files\avmclient\bluefritz.exe" [2007-07-03 1859584]
"AVMBLUEOBEX"="c:\program files\avmclient\AvmObex.exe" [2007-07-03 491520]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-21 345312]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-10-13 296096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-03-19 380416]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-03-07 2387048]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MC light-Alarm.lnk - c:\mc-light\MCLWIN\PRG\LOADER.EXE [2010-12-2 90112]
tbhcn.lnk - c:\users\Home\AppData\Roaming\BrowserCompanion\tbhcn.exe [2012-7-2 695448]
Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
Philips GoGear SA4RGA Device Manager.lnk - c:\program files\Philips\GoGear SA4RGA Device Manager\GoGear_SA4RGA_DeviceManager.exe [2012-12-20 1420928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
R2 AvmObexService;AVM BT OBEX Service;c:\program files\avmclient\AvmObexService.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 bfubase;BlueFRITZ! USB;c:\windows\system32\DRIVERS\bfubase.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 AVM BT Connection Service;AVM BT Connection Service;c:\program files\avmclient\avmbtservice.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 AVMBTPARALLEL;AVM Bluetooth Druckeranschluss;c:\windows\system32\DRIVERS\avmbtpar.sys [x]
S3 AVMBTSERIAL;AVM Bluetooth Kommunikationsanschluss;c:\windows\system32\DRIVERS\avmbtser.sys [x]
S3 AVMCOWAN;AVMCOWAN;c:\windows\system32\DRIVERS\AVMCOWAN.sys [x]
S3 BFHU_CFG;AVM BlueFRITZ!USB 2.0 HCI Config Switch Driver;c:\windows\system32\DRIVERS\bfhu_cfg.sys [x]
S3 CAPI_CIP;AVM Bluetooth CAPI-Controller;c:\windows\system32\DRIVERS\capi_cip.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 42067701
*NewlyCreated* - ASWMBR
*Deregistered* - 42067701
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ    HPSLPSVC
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
GPSvcGroup REG_MULTI_SZ    GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-16 09:50 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:36]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 19:09]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 19:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
AddRemove-DATA BECKER Die große Weihnachts Druckerei 2000 - c:\windows\IsUn0407.exe
AddRemove-DOCexpertComfort - c:\windows\system32\uninst.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1 - c:\users\Home\AppData\Roaming\Microsoft\Office\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-22  14:21:36
ComboFix-quarantined-files.txt  2013-03-22 13:21
.
Vor Suchlauf: 21 Verzeichnis(se), 1.221.731.069.952 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 1.224.188.715.008 Bytes frei
.
- - End Of File - - D4E734C1313C65FE0F837ACE0E68B29C
         

Alt 22.03.2013, 16:54   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.Blubbers - Standard

PUP.Blubbers



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 17:08   #13
pfaffe33
 
PUP.Blubbers - Standard

PUP.Blubbers



Nächste Dateien:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by Home on 22.03.2013 at 17:04:29,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\blabbers
Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\base64
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\prox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2769726
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
 
~~~ Files
 
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Users\Home\appdata\locallow\pricegong"
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2013 at 17:06:39,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 22.03.2013, 17:13   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.Blubbers - Standard

PUP.Blubbers



Bitte poste nach Möglichkeit alle Logs in einem Rutsch
Sonst muss ich immer reinschauen obwohl es nichts zu tun gibt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 17:28   #15
pfaffe33
 
PUP.Blubbers - Standard

PUP.Blubbers



'tschuldigung!. Hatte Angst, daß die Datei vielleicht weg ist nach dem Runterfahren...
Also nochmal komplett jetzt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by Home on 22.03.2013 at 17:04:29,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\blabbers
Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\base64
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\prox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2769726
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
 
~~~ Files
 
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Users\Home\appdata\locallow\pricegong"
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2013 at 17:06:39,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 22/03/2013 um 17:09:32 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Home - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Home\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Ordner Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Home\AppData\Local\PackageAware
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\Software\DigitalVolcano\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.8] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",
Gelöscht [l.36] : icon_url = "hxxp://www.plusnetwork.com/assets/56674c9b/img/favicon.ico",
Gelöscht [l.39] : keyword = "www.searchplusnetwork.com",
Gelöscht [l.42] : search_url = "hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}",
Gelöscht [l.1288] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",
*************************
AdwCleaner[S1].txt - [2550 octets] - [22/03/2013 17:09:32]
########## EOF - C:\AdwCleaner[S1].txt - [2610 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 22.03.2013 17:14:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Home\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,95% Memory free
5,98 Gb Paging File | 4,69 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356,16 Gb Total Space | 1140,17 Gb Free Space | 84,07% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 21,20 Gb Free Space | 53,00% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 910,09 Gb Free Space | 97,70% Space Free | Partition Type: NTFS
Drive L: | 298,09 Gb Total Space | 297,90 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Programme\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\avmclient\bluefritz.exe (AVM Berlin)
PRC - C:\Programme\avmclient\AvmObex.exe (AVM Berlin)
PRC - C:\Programme\avmclient\avmbtservice.exe (AVM Berlin)
PRC - C:\Programme\avmclient\AvmObexService.exe (AVM Berlin)
PRC - C:\MC-Light\MCLWIN\PRG\ZBASE32.EXE (Omikron Systemhaus)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BingDesktopUpdate) -- C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (Netzmanager Service) -- C:\Programme\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (AVM BT Connection Service) -- C:\Programme\avmclient\avmbtservice.exe (AVM Berlin)
SRV - (AvmObexService) -- C:\Programme\avmclient\AvmObexService.exe (AVM Berlin)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Home\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (bfubase) -- C:\Windows\System32\drivers\bfubase.sys (AVM Berlin)
DRV - (CAPI_CIP) -- C:\Windows\System32\drivers\capi_cip.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (AVMBTPARALLEL) -- C:\Windows\System32\drivers\avmbtpar.sys (AVM GmbH)
DRV - (AVMBTSERIAL) -- C:\Windows\System32\drivers\avmbtser.sys (AVM GmbH)
DRV - (BFHU_CFG) -- C:\Windows\System32\drivers\bfhu_cfg.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Bing
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{EDD09B12-5276-4B4E-A76E-D92EAC628DA8}: "URL" = {searchTerms} - Google Search
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Home\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.08 18:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 14:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.11.11 14:46:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.08 18:03:42 | 000,000,000 | ---D | M]
 
[2013.02.03 16:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2011.03.09 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.02.03 16:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.03.09 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Sunbird\Profiles\rojy113b.default\extensions
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Plus! Network (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Home\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5\
CHR - Extension: Google Mail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.22 14:13:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe (AVM Berlin)
O4 - HKLM..\Run: [AVMBLUEOBEX] C:\Program Files\avmclient\AvmObex.exe (AVM Berlin)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [HP ENVY 110 series (NET)] C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [SansaDispatch] C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC light-Alarm.lnk = C:\MC-Light\MCLWIN\PRG\LOADER.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013.03.22 17:11:33 | 000,000,062 | ---- | M] () - L:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.22 17:04:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.22 17:04:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.22 17:03:36 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Home\Desktop\JRT.exe
[2013.03.22 14:21:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.22 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\temp
[2013.03.22 14:01:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.22 14:01:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.22 14:01:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.22 14:01:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.22 14:00:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.22 13:57:15 | 005,042,224 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
[2013.03.22 12:44:45 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\tdsskiller.exe
[2013.03.22 11:19:52 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe
[2013.03.21 18:27:14 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\mbar-1.01.0.1021
[2013.03.21 16:40:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013.03.20 10:12:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2013.03.20 10:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.20 10:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.20 10:12:41 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.20 10:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.13 16:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013.03.13 16:26:48 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.13 16:26:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.13 16:26:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.13 16:26:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.13 16:26:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.13 16:26:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.13 16:26:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 16:26:47 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 16:26:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 16:26:47 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 16:26:47 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.13 16:26:47 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.13 16:26:47 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.13 16:26:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 16:26:47 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 16:26:47 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.13 16:26:47 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.13 16:26:47 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.13 16:26:47 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 16:26:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.13 16:26:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.13 16:26:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.13 16:26:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 16:26:47 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.13 16:26:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.13 16:26:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.13 16:26:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.13 16:26:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.13 16:26:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.13 16:26:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.13 16:26:47 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.13 16:26:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.13 16:26:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.13 16:26:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.13 16:26:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.13 16:26:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.13 16:24:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.10 10:53:01 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.03.10 10:52:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.10 10:52:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.10 10:52:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.10 10:52:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.10 10:52:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.10 10:52:52 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.10 10:52:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.10 10:52:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.10 10:52:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.10 10:52:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.10 10:52:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.10 10:52:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.10 10:52:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.10 10:52:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.03.10 10:52:51 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.10 10:52:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.10 10:52:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.10 10:52:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.03.10 10:52:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.10 10:52:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.10 10:52:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.10 10:52:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.03.10 10:52:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.10 10:52:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.03.09 10:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.24 18:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
[6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.22 17:11:49 | 000,001,926 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk
[2013.03.22 17:11:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.22 17:11:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.22 17:11:20 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.22 17:03:36 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Home\Desktop\JRT.exe
[2013.03.22 17:01:59 | 000,609,993 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe
[2013.03.22 16:50:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.22 16:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.22 14:13:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.22 13:57:26 | 005,042,224 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
[2013.03.22 12:44:46 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\tdsskiller.exe
[2013.03.22 12:42:14 | 000,000,512 | ---- | M] () -- C:\Users\Home\Desktop\MBR.dat
[2013.03.22 11:22:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe
[2013.03.21 18:53:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 18:53:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 18:01:38 | 013,786,977 | ---- | M] () -- C:\Users\Home\Desktop\mbar-1.01.0.1021.zip
[2013.03.21 17:51:19 | 000,377,856 | ---- | M] () -- C:\Users\Home\Desktop\gmer_2.1.19155.exe
[2013.03.21 16:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013.03.21 15:33:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.21 15:33:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.21 15:33:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.21 11:09:19 | 000,707,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.21 11:09:19 | 000,660,934 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.21 11:09:19 | 000,152,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.21 11:09:19 | 000,125,124 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.21 10:44:54 | 000,250,727 | ---- | M] () -- C:\Windows\hpwins21.dat
[2013.03.21 09:48:00 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe
[2013.03.20 18:31:27 | 002,522,934 | ---- | M] () -- C:\Users\Home\AppData\Local\[j0004]-[p08].bmp
[2013.03.20 18:31:25 | 002,522,934 | ---- | M] () -- C:\Users\Home\AppData\Local\[j0004]-[p07].bmp
[2013.03.20 10:12:42 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 11:47:51 | 000,001,120 | ---- | M] () -- C:\Users\Home\Desktop\Content Manager 2.lnk
[2013.03.18 16:36:45 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.18 16:36:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.13 16:26:48 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.13 16:26:48 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.13 16:26:48 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.13 16:26:48 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.13 16:26:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.13 16:26:48 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.13 16:26:48 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 16:26:47 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 16:26:47 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 16:26:47 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 16:26:47 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.13 16:26:47 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.13 16:26:47 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.13 16:26:47 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 16:26:47 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 16:26:47 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.13 16:26:47 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.13 16:26:47 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.13 16:26:47 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 16:26:47 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.13 16:26:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.13 16:26:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.13 16:26:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 16:26:47 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.13 16:26:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.13 16:26:47 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.13 16:26:47 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.13 16:26:47 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.13 16:26:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.13 16:26:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.13 16:26:47 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.13 16:26:47 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.13 16:26:47 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.13 16:26:47 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.13 16:26:47 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.13 16:26:47 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.13 16:26:47 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.09 10:53:17 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.27 18:41:07 | 016,356,254 | ---- | M] () -- C:\Users\Home\AppData\Roaming\sa4rga04kf_12_fuz_eng.zip
[2013.02.27 18:37:59 | 000,002,348 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA4RGA Device Manager.lnk
[2013.02.27 18:37:58 | 000,002,314 | ---- | M] () -- C:\Users\Public\Desktop\Philips GoGear SA4RGA Device Manager.lnk
[2013.02.24 18:45:06 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk
[6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.22 17:01:59 | 000,609,993 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe
[2013.03.22 14:01:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.22 14:01:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.22 14:01:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.22 14:01:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.22 14:01:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.22 12:42:14 | 000,000,512 | ---- | C] () -- C:\Users\Home\Desktop\MBR.dat
[2013.03.21 18:01:35 | 013,786,977 | ---- | C] () -- C:\Users\Home\Desktop\mbar-1.01.0.1021.zip
[2013.03.21 17:51:18 | 000,377,856 | ---- | C] () -- C:\Users\Home\Desktop\gmer_2.1.19155.exe
[2013.03.21 09:48:00 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe
[2013.03.20 18:31:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0004]-[p08].bmp
[2013.03.20 18:31:24 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0004]-[p07].bmp
[2013.03.20 10:12:42 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 11:46:39 | 000,001,120 | ---- | C] () -- C:\Users\Home\Desktop\Content Manager 2.lnk
[2013.03.13 16:26:47 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.09 10:53:17 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.24 18:45:06 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk
[2013.02.03 18:12:23 | 016,356,254 | ---- | C] () -- C:\Users\Home\AppData\Roaming\sa4rga04kf_12_fuz_eng.zip
[2013.01.12 17:42:01 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.01.06 18:48:49 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p34].bmp
[2013.01.06 18:48:35 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p33].bmp
[2013.01.06 18:48:33 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p32].bmp
[2013.01.06 18:48:31 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p31].bmp
[2013.01.06 18:48:29 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p30].bmp
[2013.01.06 18:48:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p29].bmp
[2013.01.06 18:48:24 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p28].bmp
[2013.01.06 18:48:20 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p27].bmp
[2013.01.06 18:48:18 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p26].bmp
[2013.01.06 18:48:15 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p25].bmp
[2013.01.06 18:48:13 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p24].bmp
[2013.01.06 18:48:11 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p23].bmp
[2013.01.06 18:48:08 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p22].bmp
[2013.01.06 18:48:06 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p21].bmp
[2013.01.06 18:48:03 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p20].bmp
[2013.01.06 18:48:01 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p19].bmp
[2013.01.06 18:47:58 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p18].bmp
[2013.01.06 18:47:56 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p17].bmp
[2013.01.06 18:47:54 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p16].bmp
[2013.01.06 18:47:51 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p15].bmp
[2013.01.06 18:47:49 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p14].bmp
[2013.01.06 18:47:46 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p13].bmp
[2013.01.06 18:47:44 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p12].bmp
[2013.01.06 18:47:41 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p11].bmp
[2013.01.06 18:47:39 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p10].bmp
[2013.01.06 18:47:37 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p09].bmp
[2013.01.06 18:47:34 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p08].bmp
[2013.01.06 18:47:32 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p07].bmp
[2013.01.06 18:47:30 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p06].bmp
[2013.01.06 18:47:28 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p05].bmp
[2013.01.06 18:47:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p04].bmp
[2013.01.06 18:47:23 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p03].bmp
[2013.01.06 18:47:21 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p02].bmp
[2012.09.02 21:22:21 | 000,000,740 | ---- | C] () -- C:\Windows\Magix.ini
[2012.08.11 18:58:34 | 000,000,393 | ---- | C] () -- C:\Users\Home\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.07.16 15:01:58 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0036]-[p02].bmp
[2012.02.25 23:59:47 | 000,000,016 | ---- | C] () -- C:\Windows\TSHIRT.INI
[2012.02.25 23:58:21 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE
[2011.10.19 16:42:15 | 000,000,186 | ---- | C] () -- C:\Users\Home\AppData\Roaming\default.rss
[2011.08.22 19:57:42 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{8E61E117-7632-461D-96AF-1D5467EB5383}
[2011.07.08 09:35:55 | 000,000,103 | ---- | C] () -- C:\Windows\MCHBPL32.INI
[2011.04.04 14:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl01.dat.temp
[2011.04.04 14:43:02 | 000,048,367 | ---- | C] () -- C:\Windows\hpiins01.dat.temp
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 22.03.2013 17:14:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Home\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,95% Memory free
5,98 Gb Paging File | 4,69 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356,16 Gb Total Space | 1140,17 Gb Free Space | 84,07% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 21,20 Gb Free Space | 53,00% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 910,09 Gb Free Space | 97,70% Space Free | Partition Type: NTFS
Drive L: | 298,09 Gb Total Space | 297,90 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB397A1-6996-4227-A254-0D003E68752B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3681C921-7D05-42D4-AA5F-63144B061307}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5BCACACA-325D-4221-A578-7CFCA270E86E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{61E37E18-F421-4FAD-987C-C6A5840770C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A198C39A-8590-4913-9A75-5B8CE0B53A8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A469E627-A16B-462C-A0C1-C7DC9C096A75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC8FFDB7-CBA1-45BF-AECA-0C3B34854C75}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AE98CC6E-71C1-490E-B18D-F5C977DA7C13}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{B4E589EF-82F7-418B-8D4B-F9E87D6DEE3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B511ED13-A335-46C6-9D0A-495F45A8A24C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B6B97598-0689-4365-BF40-165BDFE8D936}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CDDFB7AE-0E52-44D5-BA78-F3FA56E0AECE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD785397-BCD6-4781-AEB5-5ACF753259C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EEBE195F-775F-4145-A964-66B5FAB9E4B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04246E6F-DE7D-4B55-BA08-EC2175B9E9C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{082FD3A8-0636-458A-B980-2B7312D5B150}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 apoedition\app\starmoney.exe | 
"{0E317D00-D4D2-4960-A72A-FE8E897E75F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1703CC13-3BBB-4C6B-86DE-5055E1E77873}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{19E290E8-D909-4C5B-A7D4-D1AD141A9A63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{1B2A5A5C-64E6-4ADE-AC81-2D16BE750A09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{233BA796-EF9A-49B9-844A-69917B608785}" = dir=in | app=e:\setup\hpznui01.exe | 
"{242CA202-DD5D-4B57-BF61-406620C3D0EA}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 apoedition\ouservice\starmoneyonlineupdate.exe | 
"{25BD7991-3329-46C4-83BA-8CA5ED2D66AF}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs27ac\hppiw.exe | 
"{25C21D7F-CA3E-48DD-88FC-DC31E9EBA4F4}" = protocol=6 | dir=out | app=system | 
"{293BAD13-A235-413A-A34F-5C435B34F4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C2B3AAA-6C21-4B55-9508-D1A7CB88B737}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{2C35796D-0997-4620-B9DC-C41D2D46AA81}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs2a64\hpdiagnosticcoreui.exe | 
"{33DD6D46-6BF7-437F-833C-508E910AFE4A}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\devicesetup.exe | 
"{34B828D1-2BE4-4672-9380-E492DFB792FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3A24B9BC-664F-43C6-9033-D8662A0A07D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3F255F46-823B-45DE-8F11-01AD9529A899}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs1fca\hpdiagnosticcoreui.exe | 
"{451492B2-47D5-4721-B0BA-CF5D1B6CAE5F}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 apoedition\ouservice\starmoneyonlineupdate.exe | 
"{530F2ADC-A878-4C11-B194-4555E99E95C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5596FB10-CBCA-4174-8BD6-2988B5CE85F4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{664FA9CB-C6AC-4A0F-871D-E007B7D01EDE}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6B913BCE-C9DD-4A4B-A2D9-54722A79E9DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6EBA8046-967F-4DA4-8547-8901DCA58E90}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{7079E0AB-4A6B-4007-AC3E-5D69A98C8DDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{71CDFFC1-7489-4F40-A78D-5F01B98AEE8B}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs1fca\hpdiagnosticcoreui.exe | 
"{74AF0EB5-BAC8-4305-9DB0-1CFC8C944789}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8412B01E-C7B3-419E-B47F-0503C078636C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{89B9E925-DAEB-445D-B20E-4E55D4097F10}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{9B8298D9-068F-4BAC-A938-8FFFA805FD75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F07E192-804E-431F-8F52-D23ECEE5E31E}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 apoedition\app\starmoney.exe | 
"{A27B7226-6EF7-4149-9794-907848A86663}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{A2BD277C-FE15-4F4B-A9C9-FFD0A9AED202}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A7CD8BED-7699-4377-A084-B15C601F70E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{AE923602-42AC-4B2E-AA8D-305106B51B34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{B376E4F9-3879-44CA-81F6-D57692C3C3DA}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs2a64\hpdiagnosticcoreui.exe | 
"{B4735C2E-2883-4933-BF5A-3533DAEA8DFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4AC4CCA-0E3C-4F17-9CFF-FF2B27233738}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs27ac\hppiw.exe | 
"{B4B1505A-858A-418E-8036-6509C8CA02C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B52C01AD-A933-4726-A36F-FD9408FF6C61}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{B688FA93-24AE-43A1-9CC9-DF52D2990834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDC7BA54-38C8-4031-AD38-0EE3F61117BF}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\hpnetworkcommunicator.exe | 
"{C4B120AF-60EC-4532-A5AF-7A629789BC9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{C8E99D43-EAA3-4443-BD9E-7D223B14D94F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{D87B1C77-03CE-48C3-84FA-031C9997E05E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{DD9B5286-31EF-4094-AB56-149A2484183F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{DDA53C83-3FAE-4C62-A77D-2416B79CBA73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0AB2124-29AB-4962-982B-A17380C26C9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6CCE1C5-7055-44F6-9EB6-B571318B625E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{F8ED9470-6624-424B-9C56-73322642BE61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{9301285A-574F-4A90-ABAB-BC7D049CE161}C:\mc-light\mclwin\prg\zbase32.exe" = protocol=6 | dir=in | app=c:\mc-light\mclwin\prg\zbase32.exe | 
"UDP Query User{7F363FF2-FF5C-4B6F-B9D4-097B628BCA8E}C:\mc-light\mclwin\prg\zbase32.exe" = protocol=17 | dir=in | app=c:\mc-light\mclwin\prg\zbase32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02c5230b-9da5-46bc-a2e4-1047895041e2}" = Nero 9 Essentials
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{07D0F003-4C56-45F2-9D9D-613BEC6FD5A7}" = .NET Utilities
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5229C090-842B-1CB0-1676-43E421294B5C}" = AMD Drag and Drop Transcoding
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{562B89CE-2FF3-4573-B67C-67EB8CF8063D}" = HP ENVY 110 series - Grundlegende Software für das Gerät
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A6F6041-013B-4C45-861E-3E2BA6C894B8}" = Studie zur Verbesserung von HP Officejet Pro 8600 Produkten
"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D846456-C32B-43B9-99ED-B1AC43D6A233}" = GoGear SA4RGA Device Manager
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729713E3-CFD5-4E9F-A301-5BD8EA25A28B}" = COMPUTERBILD-PC-Schnellstarter
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7419582C-1E2E-4848-88F6-9FF638D9EA87}" = LightScribe Diagnostic Utility
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B69FE75-3AF9-4714-89EE-D3F64CB08F90}" = HP Officejet Pro 8000 A809 Series
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7F2B12E7-2302-4A86-AE26-33DDD84E478A}" = MAGIX Burn routines
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85092B90-AEB2-2E30-0EF1-432EC61F6BD1}" = Catalyst Control Center InstallProxy
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0CBFC47-690E-4277-82BB-13BE18CF0C2E}" = CEWE FOTOBUCH PRO Designvorlagen
"{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}" = HP Digital Photo Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Kameras 9.0
"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09E526E-586C-4AD1-B2C0-A632CAA59C25}" = Studie zur Verbesserung von HP ENVY 110 series Produkten
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7EA1AF1-F908-0832-AA52-5EDBE128FD6B}" = ccc-core-static
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}" = HP ENVY 110 series Hilfe
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E6FCA24F-1192-4C9D-B1AA-F93C3DA80851}" = DDBAC
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9D4FBA9-FB46-A5CE-F52F-516C4B8F0373}" = ccc-utility
"{EB0E062C-575D-8154-2682-C84EF432CCF0}" = Catalyst Control Center Graphics Previews Common
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EDD7B70D-36D0-694D-AA34-D566A13CE98D}" = WMV9/VC-1 Video Playback
"{EEA54973-AFC8-21C8-1414-246AA9435890}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB8927C5-0232-4DFF-8D13-CAEDCDB4C1A3}" = StarMoney 8.0 apoEdition
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"ABEURO_is1" = AB-Euro 2.2.0.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Internet Security
"AVMBLUECLI" = AVM BlueFRITZ! USB
"B81055EA372C9E3EA5000B4BD9585D992D51F1DE" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002)
"BlazePhoto 2.0_is1" = BlazePhoto 2.0
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CD-DVD Druckerei 7_is1" = DATA BECKER CD-DVD Druckerei 7
"Content Manager 2" = Content Manager 2
"DATA BECKER - Etikettendruckerei 2000" = DATA BECKER - Etikettendruckerei 2000
"DPP" = Canon Utilities Digital Photo Professional 3.5
"Duplicate Cleaner" = Duplicate Cleaner 1.4.7c
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MC light" = MC light
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"Netzmanager" = Netzmanager
"nLite_is1" = nLite 1.4.9.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineFotoservice" = OnlineFotoservice
"Philips Songbird" = Philips Songbird
"PhotoStitch" = Canon Utilities PhotoStitch
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva
"SetEditEdision1600" = SetEditEdision1600 (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"Visitenkarten-Druckerei 11_is1" = DATA BECKER Visitenkarten-Druckerei 11
"WinLiveSuite" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"Sansa Updater" = Sansa Updater
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 22.03.2013 12:11:37 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 StarMoney 8.0 OnlineUpdate erreicht.
 
 
< End of report >
         

Antwort

Themen zu PUP.Blubbers
anti-malware, bezahlversion, diverse, dringend, forums, gefunde, geladen, google, helfer, helferteam, inter, interne, internet, malwarebytes, neuer, nichts, objekte, problem, programme, quarantäne, werbeseite, wirklich, woche, wochen




Zum Thema PUP.Blubbers - Hallo liebes Helferteam! Nachdem ich seit einigen Wochen beim Öffnen des IE-Explorers immer wieder eine zusätzl. Werbeseite (ad.adserverplus.com) darunter liegen hatte, habe ich aufgrund eig. Recherchen " Malwarebytes Anti-Malware " - PUP.Blubbers...
Archiv
Du betrachtest: PUP.Blubbers auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.