Ständig erneut gefundene (gleiche) Infizierungen

Dominik P · 27.04.2013, 09:11

Hallo liebes Trojaner-Board Team!!
Habe seit ein paar Wochen einige laut Spybot Infizierungen am Pc, die er immer wieder "neutralisiert" doch beim nächsten Malwaretest wieder auftreten u.a. snap.do toolbar, die ich bereits vor ein paar Monaten deeinstalliert habe. Zu den anderen habe ich leider keine Ahnung, ob es sich um wirkliche Infizierungen handelt (MS Direct 3D, MS DirectDraw...)
Bitte um Rat für ein gutes Malware-Programm für die Beseitigung sämtlicher Malware auf dem Pc

M-K-D-B · 27.04.2013, 10:18

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Zitat:

Zitat von Dominik P

u.a. snap.do toolbar, die ich bereits vor ein paar Monaten deeinstalliert habe.

Darum kümmern wir uns jetzt dann gleich.

Zitat:

Zitat von Dominik P

Zu den anderen habe ich leider keine Ahnung, ob es sich um wirkliche Infizierungen handelt (MS Direct 3D, MS DirectDraw...)

Das sind keine Infizierungen, unbedeutend.

Zitat:

Zitat von Dominik P

Bitte um Rat für ein gutes Malware-Programm für die Beseitigung sämtlicher Malware auf dem Pc

Folge einfach meinen Anweisungen.

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von GMER.

Dominik P · 27.04.2013, 18:26

Hallo Danke für die schnelle Antwort ich hätte bitte noch eine Frage und zwar ich besitze neben der Gratisversion von Spybot auch noch Avira free, Advanced System Care ultimate und SuperAntiSpyware, muss ich diese gegebenfalls löschen oder sind diese für den von Ihnen beschriebenend Vorgang eine Gefährdung?

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.04.2013 10:02:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
6,74 Gb Total Physical Memory | 4,80 Gb Available Physical Memory | 71,24% Memory free
13,49 Gb Paging File | 10,97 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 575,53 Gb Total Space | 475,95 Gb Free Space | 82,70% Space Free | Partition Type: NTFS
Drive D: | 20,34 Gb Total Space | 2,14 Gb Free Space | 10,54% Space Free | Partition Type: NTFS
 
Computer Name: HP-PAVILION | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.28 09:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
PRC - [2013.04.01 00:44:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 00:43:49 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.01 00:43:48 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 13:21:14 | 000,701,392 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
PRC - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
PRC - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDTRAY.EXE
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.11.07 15:50:40 | 000,512,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
PRC - [2012.10.14 16:22:48 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012.02.21 14:03:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012.02.13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
PRC - [2011.12.11 03:48:26 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
PRC - [2011.12.11 03:48:08 | 000,875,336 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
PRC - [2011.12.11 03:47:40 | 000,148,296 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
PRC - [2011.08.26 14:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\DEC150.bpl
MOD - [2012.11.01 10:21:10 | 000,350,592 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
MOD - [2012.11.01 10:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
MOD - [2012.11.01 10:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
MOD - [2012.09.05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.22 02:36:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.03.21 04:30:26 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.02.22 11:55:50 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2013.04.14 09:20:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.01 00:44:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 00:43:49 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.25 23:14:04 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 13:21:06 | 000,621,008 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe -- (ASCAntivirusSrv)
SRV - [2012.12.13 14:50:32 | 001,051,088 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe -- (AdvancedSystemCareService6)
SRV - [2012.10.14 16:22:48 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.01 20:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012.03.06 06:04:18 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012.02.13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe -- (BBSvc)
SRV - [2012.02.01 18:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.12.11 03:48:26 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2011.12.09 06:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.10 06:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.01 00:44:40 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.01 00:44:40 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.01 00:44:40 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.29 20:00:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.02.11 15:11:05 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.14 04:03:26 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.04.20 09:03:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.04.20 09:03:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.03.22 03:04:24 | 010,826,240 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.03.22 01:35:26 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.10 06:41:16 | 000,685,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.08 21:43:14 | 000,293,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012.03.06 06:04:18 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012.03.02 03:39:42 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.02 03:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 11:55:56 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012.02.22 11:55:24 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.02.05 02:30:06 | 000,189,760 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012.02.02 10:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012.02.02 05:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.02 05:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.02 05:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2012.02.02 05:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.02 05:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.02 05:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.02 05:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.01.14 14:05:54 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.12.13 14:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.12.13 14:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.12.06 13:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.10.26 21:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.10.26 21:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = Qvo6.com
IE:64bit: - HKLM\..\SearchScopes\{451F7B95-7F9C-497F-9FCD-0D02A1D7C529}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://www.ebay.at/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=AT&userid=c22c6999-e612-4e1f-9221-ee0f95d13026&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Qvo6.com
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=AT&userid=c22c6999-e612-4e1f-9221-ee0f95d13026&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Qvo6.com
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\..\SearchScopes\{184DDCB2-CAB5-4E5E-BB29-889FE6FBD119}: "URL" = hxxp://www.mysearchresults.com/search?c=4002&t=01&q={searchTerms}
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.15 21:44:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 13:39:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 21:28:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 21:28:14 | 000,000,000 | ---D | M]
 
[2013.04.02 16:56:10 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2013.04.02 16:56:18 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- \mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2013.01.09 20:10:38 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}
[2013.02.06 22:45:40 | 000,000,000 | ---D | M] (WhiteSmoke B) -- \mozilla\Firefox\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
[2013.04.15 21:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O3 - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2927716307-146540041-1050241088-1001..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2927716307-146540041-1050241088-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2927716307-146540041-1050241088-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43543AB5-C1B8-414D-9F83-3F430934FD50}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.13 20:49:22 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.28 09:57:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2013.04.27 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\USB-Stick
[2013.04.27 10:32:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.04.27 10:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.27 10:30:55 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.27 10:30:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.27 10:30:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.27 10:30:48 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.21 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
[2013.04.21 12:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft
[2013.04.21 11:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.04.21 11:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodusoft ZIP Password Recovery
[2013.04.20 21:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate
[2013.04.20 21:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013.04.20 20:44:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Word
[2013.04.20 20:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.20 20:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.20 20:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.20 09:32:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Weitere
[2013.04.15 21:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.14 13:33:20 | 000,025,472 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013.04.14 13:24:53 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013.04.14 11:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.14 11:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.14 11:49:30 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.14 11:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.13 22:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2013.04.13 22:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
[2013.04.13 22:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.04.13 22:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.04.13 22:07:13 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.13 22:03:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Benutzerdefinierte Office-Vorlagen
[2013.04.13 20:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.04.13 14:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2013.04.13 14:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore
[2013.04.13 14:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.04.13 14:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2013.04.13 13:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.12 22:35:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.12 22:35:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.12 22:35:46 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.12 22:35:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.12 22:35:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.12 22:35:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.12 22:35:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.12 22:35:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.12 22:35:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.12 22:35:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.12 22:35:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.12 22:35:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.12 22:35:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.12 22:35:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.12 22:35:40 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.12 17:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IPACS
[2013.04.11 18:33:58 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 18:33:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 18:33:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 18:33:57 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 18:33:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 18:33:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 21:39:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Battlefield 3
[2013.04.09 21:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.04.09 21:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlefield 3
[2013.04.02 16:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.04.02 16:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2013.04.02 00:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013.04.01 01:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.04.01 00:44:44 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 00:44:44 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 00:44:44 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.31 20:55:58 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2013.03.31 19:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.03.31 19:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.03.31 19:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013.03.31 19:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013.03.31 19:46:21 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2013.03.31 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013.03.31 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.03.31 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.03.31 19:44:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.03.31 19:44:25 | 000,000,000 | RH-D | C] -- \MSOCache
[2013.03.29 20:23:15 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.29 20:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.03.29 20:02:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\Microsoft Toolkit
[2013.03.29 20:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.03.29 20:00:27 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.03.29 20:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.03.29 18:04:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.29 18:04:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.29 17:56:19 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\PutLockerDownloader
[2013.03.29 17:56:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.28 09:59:51 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 09:59:51 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 09:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2013.04.28 09:54:19 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013.04.28 09:52:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.28 09:52:00 | 1135,632,383 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.27 20:24:00 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f45a046-cce2-4f4f-bf46-4c94381b83c6.job
[2013.04.27 20:09:41 | 001,808,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.27 20:09:41 | 000,766,718 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.27 20:09:41 | 000,721,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.27 20:09:41 | 000,174,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.27 20:09:41 | 000,147,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.27 19:30:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.27 10:30:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.27 10:30:25 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.27 10:30:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.27 10:30:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.27 10:30:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.27 10:30:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.20 21:26:28 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2409616e-9353-4977-8974-904b55fc48d4.job
[2013.04.20 21:21:46 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare Ultimate.lnk
[2013.04.20 20:23:25 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.15 21:44:45 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.15 21:07:15 | 000,000,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.04.14 11:49:38 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.14 09:20:02 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.14 09:20:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.13 22:07:13 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.13 20:49:22 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.04.13 16:52:36 | 000,488,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 21:13:30 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.04.07 15:04:50 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDominik.job
[2013.04.02 16:55:01 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight Spielen!.lnk
[2013.04.01 00:44:40 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 00:44:40 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 00:44:40 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.31 19:50:07 | 000,002,837 | ---- | M] () -- C:\Users\Dominik\Desktop\Word 2013.lnk
[2013.03.31 19:50:07 | 000,002,807 | ---- | M] () -- C:\Users\Dominik\Desktop\PowerPoint 2013.lnk
[2013.03.31 19:50:07 | 000,002,789 | ---- | M] () -- C:\Users\Dominik\Desktop\Excel 2013.lnk
[2013.03.29 20:00:27 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.20 21:21:46 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare Ultimate.lnk
[2013.04.20 20:24:11 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f45a046-cce2-4f4f-bf46-4c94381b83c6.job
[2013.04.20 20:24:11 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2409616e-9353-4977-8974-904b55fc48d4.job
[2013.04.20 20:23:25 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.15 21:44:45 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.15 21:44:45 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.15 21:07:15 | 000,000,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.04.14 11:49:39 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.14 11:49:38 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.13 20:49:22 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.04.13 20:49:22 | 000,000,000 | ---- | C] () -- \autoexec.bat
[2013.04.13 14:05:19 | 000,002,346 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.09 21:13:30 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.04.02 16:55:01 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight Spielen!.lnk
[2013.04.02 00:55:35 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDominik.job
[2013.03.31 19:50:07 | 000,002,837 | ---- | C] () -- C:\Users\Dominik\Desktop\Word 2013.lnk
[2013.03.31 19:50:07 | 000,002,807 | ---- | C] () -- C:\Users\Dominik\Desktop\PowerPoint 2013.lnk
[2013.03.31 19:50:07 | 000,002,789 | ---- | C] () -- C:\Users\Dominik\Desktop\Excel 2013.lnk
[2013.03.23 22:57:35 | 000,007,620 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Resmon.ResmonCfg
[2013.02.17 12:23:08 | 000,000,306 | RHS- | C] () -- C:\Users\Dominik\ntuser.pol
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.10.14 16:22:50 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.14 16:22:48 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.08 15:28:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012.07.14 04:30:00 | 1135,632,383 | -HS- | C] () -- \hiberfil.sys
[2012.07.14 04:14:10 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012.07.14 04:12:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.14 04:10:19 | 001,824,324 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.22 01:58:00 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.22 01:58:00 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.21 05:00:38 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.02.09 14:42:58 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2007.01.02 03:25:08 | 000,383,786 | RHS- | C] () -- \bootmgr_
[2007.01.02 03:25:08 | 000,383,786 | RHS- | C] () -- \bootmgr
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.04.2013 10:02:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
6,74 Gb Total Physical Memory | 4,80 Gb Available Physical Memory | 71,24% Memory free
13,49 Gb Paging File | 10,97 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 575,53 Gb Total Space | 475,95 Gb Free Space | 82,70% Space Free | Partition Type: NTFS
Drive D: | 20,34 Gb Total Space | 2,14 Gb Free Space | 10,54% Space Free | Partition Type: NTFS
 
Computer Name: HP-PAVILION | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0943197F-87B2-476A-8593-C47835E15BD4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{25E3A853-14BC-404D-8CB9-BC303E0C5264}" = rport=138 | protocol=17 | dir=out | app=system | 
"{291872F9-2C0C-44A2-A0A7-B54C988286A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2F9E8FB9-7817-4B96-8D1F-054E6707AECE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4C885C03-AE0A-4CDD-84D2-3E376CD09C07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{64CABA6F-C281-4E49-B97D-C43D732A5C34}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B3E80C8-E55E-46E0-83BC-01CB9C40AE15}" = rport=445 | protocol=6 | dir=out | app=system | 
"{730AF4DD-961F-44AE-8C68-D5BD893AC626}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{743A0A12-7B2C-44A3-BD25-5D280D3EC133}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{751AC82B-D60B-4CC4-8A40-8DF122409DD1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{761E8CC7-8264-4759-88AF-FF7703215624}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81AB383F-B88F-47EA-B370-79AB0FFEE152}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{88451B0A-A4CA-4984-83CD-B96CCAF49D6C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8C301A01-A36C-472C-A5EF-DA9EF297F00A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8CEC695B-9954-4E6C-9919-FCD0617B6813}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{97E93214-8FCA-449A-AE76-A092C9D0F0BD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A4BDE87C-51C8-4C6F-AC88-61A35967826D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A931FE18-609D-416A-9709-350DC9452878}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ACDBFA92-4FAB-41B2-80F0-A0EC0055C477}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AE174549-D387-40A3-9371-CBFBDC569062}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE7EAAD8-BECC-417A-B533-ACF3B52F0BA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C16C54A9-1D5A-4260-88F8-B7E4C78FAE2D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC2A3898-6708-4E60-959E-0758B2621E17}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F18CA351-645D-4CF1-9CD3-ED0A65E7F55F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{F20A499F-01BD-4714-A862-C03D059D6E73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DDA80F-8E09-4E7E-8A9B-F203E57EB8CD}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{0958F0C1-B163-4135-9E08-DF48B9F860D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{154A5F3A-3B65-4A13-9E70-38CE95BA5F95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19966C3A-ADB3-452C-B59D-6241F88B140A}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"{1F83000F-FF01-4490-85B2-1327B1ABC191}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DD0239A-8982-4846-97E3-C5D16AC48391}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{40B3A69B-C157-41FE-8482-E0CE05F05DC7}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{463D1E1A-B202-4C7A-8D8F-E58763CE57D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{474FC40E-5AA3-4AB9-8587-BED6B2AC20A5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4784AD6F-6033-42D8-8E48-5E0169F9EA05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{4C909F2D-53FD-4E7D-A1A3-03F6207796B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EBFA5FF-4B46-4B03-AD8E-A0A2A1186C94}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{56C7FB21-9C8E-49BD-B36C-0204C0DAB541}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5C81E614-75C5-4CEA-9FE2-74C3695CA701}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5D3D7EFC-7DA0-4340-A86F-F6333E5CB8BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{5DD22945-A68F-4C24-8197-AEB871233826}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{64A48E56-4093-4354-829B-77D60CB1EF17}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{65C41754-865F-4B56-B1BA-3FB86C7DC0D4}" = protocol=6 | dir=out | app=system | 
"{7655D8E7-D244-42A0-9D75-403E2A6534AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{78447FD2-2DC9-4577-ACC4-A0845051DC6A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{7B4D0CA7-C870-4EC7-8D64-4F52D4AC255B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{89B8DC87-BE94-4344-99C7-2E0900C93789}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{912A2EFE-C1B5-4AC3-998C-74DA87E6F291}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{91828B49-10E0-47DA-BE6B-723792F83D61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{926C6A9E-5D67-45D4-B7AC-5AB7036138CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{967912B3-5E1D-4F3E-B0F3-54C8DE3507B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{97434F71-F4AC-4F16-BA21-BE8598179AB5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A377001D-6878-44F2-A62C-473B0F2CDCE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A4D7BD23-0EAE-41CE-9F79-A081A56BAF36}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{B30765E6-1A49-4059-B3B8-473126C12B9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{BC970FB5-B0CC-45E0-A2C0-57BFDF75F992}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C3C376F2-E958-434C-B659-F9D15C79AF96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C67FB0E1-F739-4FD2-B0E1-36E5B673CCD4}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"{D02B0C2B-A464-4714-AF27-DA85CA54713B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D38A2484-49C9-4F58-AB4D-D0EFC3222A8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3FE71C1-8894-4463-9D62-CDAB250DFBB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1AE912F-B3F3-42AA-9253-000577DD3CE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9E73AC2-DAC5-4EE1-B988-CF46CB05E310}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA30E839-7AE0-4084-B0F3-5C942E5B81FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FCE0C0A8-D53E-423C-B621-C9FC36AA9BE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{FD56B601-66C8-46BB-BBF1-BD793FAF4EDE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"TCP Query User{02169AC6-F2DB-49F3-851D-AC3F5F803717}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{22818B54-B974-413C-8035-F1A73C118FD0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{477172B4-400D-4B64-A9B1-8EC7DE70B11C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8233A9F6-8528-42B8-B440-13FA0A9C4229}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{C70192D7-E68F-435E-82D1-AFCC6F555BD9}C:\users\dominik\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{D85917C9-4326-4EC3-BC0B-32D0AF98DD2A}C:\users\dominik\downloads\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe | 
"UDP Query User{329B19EF-6A48-423B-8FCD-141C173A5B03}C:\users\dominik\downloads\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe | 
"UDP Query User{6E8C3D27-2B35-42C3-B5BD-2FF703586FF3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{875E8F6E-47CA-41C4-8B6A-599EFC82E477}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{ABA89FB6-7E38-4CC4-AEF7-6F0544B13D02}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{C3B0EAC5-BDB0-4072-BE99-A5AD933A5183}C:\users\dominik\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{CED92DB7-53C7-42A0-BD7B-C447A0F574B6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{42719DC3-4982-47DD-B025-B21C4BDD504D}" = HP Security Assistant
"{45CDE0AD-D3D0-CC52-188B-3E7CF54B6D5E}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In 
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{802E2347-A395-8BAA-2F30-3F01AD755DC5}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0017-0407-1000-0000000FF1CE}" = Microsoft SharePoint Designer MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0100-0407-1000-0000000FF1CE}" = Microsoft Office O MUI (German) 2013
"{90150000-0101-0407-1000-0000000FF1CE}" = Microsoft X MUI (German) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B94134E-A125-4D06-ACBE-50747148E406}" = HP 3D DriveGuard
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{A71D708F-C3C4-DA1A-5D89-065A67405855}" = AMD Fuel
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8360C56-B89D-47AA-91A5-8D27A20844FB}" = Validity WBF DDK
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DB8F3717-56A7-AA87-3324-4CEAB9C7964E}" = AMD Catalyst Install Manager
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office15.OMUI.de-de" = Microsoft Office Language Pack 2013  - German/Deutsch
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05030E18-2F7B-7E99-7DD2-0F8F31F21645}" = CCC Help Czech
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08C2FB57-3966-4948-5717-5691D1044C78}" = CCC Help Korean
"{0A7F4FE9-7D04-5903-8146-DC1C98362795}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED41906-21A4-541A-07E2-41536DD8B0E1}" = CCC Help German
"{148B4E77-3527-2E7F-D27F-000B7509A129}" = CCC Help Polish
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E445925-273D-4186-88A0-B8D1B6B119E2}" = WRC FIA World Rally Championship
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2421616B-ECE9-D483-1C64-5A9BC07350F2}" = CCC Help Finnish
"{26367B43-D1A5-44D9-B78A-21F711FE6FBD}" = Solid Edge Standard Parts Administrator
"{26429824-956A-87A1-EA4B-18374A66544E}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31BF9CD1-A904-43B5-A236-53E5E908AD0E}" = Catalyst Control Center - Branding
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{364EE3EF-0DB6-1AD9-2D94-FAF6A7E770BD}" = CCC Help Thai
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{440D848A-89C1-47D6-81FA-53FBE48E9F11}" = Solid Edge Standard Parts Machinery Library
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4F34A145-8CF3-400C-B5DB-2B1BF604304D}" = ESU for Microsoft Windows 7 SP1
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5CA575E6-97CA-95F8-4249-B21BC9814B40}" = CCC Help Greek
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65F341BE-24DD-91E8-DE25-C7ABA916AE11}" = CCC Help Swedish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BADDD61-4B40-4FD1-BAE8-0E8C1E85F806}" = Solid Edge ST4
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77C9D1A1-063D-7D01-FB6A-095B378F7374}" = CCC Help Dutch
"{816B1968-E677-D558-5B4A-35BED09EAA49}" = CCC Help Spanish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8AE92F96-3EA4-3BD7-DA1E-04D7C3CDD80C}" = CCC Help English
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8CFF63D9-0134-1599-ED1F-1431ACE44720}" = Catalyst Control Center Graphics Previews Common
"{8D08AEB8-67F3-A1F5-A3FE-26B03EBCF60C}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92E50540-286A-C034-0B88-E471FE4A7757}" = CCC Help Portuguese
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95754D41-3214-3C7F-B1D1-7BFC6A927D39}" = CCC Help Danish
"{97F8542B-15ED-5060-844A-620579138CAE}" = CCC Help Chinese Standard
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C865AE6-E19E-14C0-5F78-E1B068E0A49F}" = CCC Help Hungarian
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A63C4DDA-3C6B-1714-5928-8EAF5F17CB75}" = CCC Help Russian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF92961E-E652-3990-B083-30A8552C05B7}" = Catalyst Control Center InstallProxy
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4DD53DE-A733-EFD3-5881-C54CA99B0B08}" = CCC Help Japanese
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6E3F2A0-DDBB-4F0A-BA7C-09138605DDAC}" = WRC FIA World Rally Championship
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C0B6930B-37FC-21B4-C68A-6EAC96DC8DC0}" = AMD VISION Engine Control Center
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4141120-2C75-D4D0-0FB7-0FA0756BA20B}" = CCC Help Turkish
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7735C10-89B2-02A9-E69D-2CEF7EC553DE}" = CCC Help French
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CCD707F4-3312-73F0-970E-69AB643BC9C9}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DCD01638-C22B-4AA1-ACCE-1C7150B02076}" = HP Software Framework
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare Ultimate_is1" = Advanced SystemCare Ultimate 6
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlefield 3_is1" = 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"GPL Ghostscript 9.06" = GPL Ghostscript
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WTA-0dfd8de2-aff5-4682-9717-ff5604e1b1cd" = Virtual Villagers 4 - The Tree of Life
"WTA-1205ceb2-6a6c-44b6-959f-ef4feae4588b" = Jewel Match 3
"WTA-19ffeb5f-d270-494b-87ea-7b100bc40c3f" = Cradle of Rome 2
"WTA-1c3cd625-f6b2-4154-a893-0ec1984c65b8" = Cake Mania
"WTA-25a99557-beab-4d8f-be69-e91ac98c7cae" = Farm Frenzy
"WTA-2b5e2265-6a38-44ed-9778-86d933c62da0" = Mahjongg Artifacts
"WTA-59a8606c-ba86-4029-83c6-8467a47658de" = Virtual Families
"WTA-6a8f9244-ed61-4c8d-bc74-30161297ff73" = Insaniquarium Deluxe
"WTA-7cb0007d-214c-4378-a6a7-191705d7ba5a" = Farmscapes
"WTA-8b57f80b-7714-4a86-afab-dcb5d3abc8a0" = Mystery of Mortlake Mansion
"WTA-92a21a35-565f-4291-9f8b-71e358a033eb" = Jewel Quest II
"WTA-9520dfbf-0a19-493e-adc3-f94492d37163" = Fishdom (TM) 2
"WTA-9adea169-7af7-449f-9e54-8db687bf1583" = Torchlight
"WTA-9f62f87c-1227-4765-85b6-f6fa507ab1d2" = Jewel Quest Solitaire 2
"WTA-aa634290-02a6-46bc-a15a-cc8e0169fec1" = Chuzzle Deluxe
"WTA-b9df55ae-a659-4c88-a10b-4e82fa218f71" = Wedding Dash
"WTA-d6dea5b3-608d-439b-8eb2-b446b45e76d7" = Bejeweled 3
"WTA-ddaa0dd4-d24e-44c6-b573-a355f4d9f414" = Zuma's Revenge
"WTA-e41007b6-06bf-41bd-a4a1-7ca777312a10" = Final Drive Fury
"WTA-f995e003-b85c-45d6-97ef-cf4cae64c003" = Plants vs. Zombies - Game of the Year
"WTA-fbb5f945-de6e-4afb-a0a8-ad41a61ad7c4" = Polar Bowler
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2013 03:09:10 | Computer Name = Hp-Pavilion | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 14.04.2013 03:09:10 | Computer Name = Hp-Pavilion | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 14.04.2013 15:15:44 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.04.2013 15:16:03 | Computer Name = Hp-Pavilion | Source = Windows Search Service | ID = 3038
Description = 
 
Error - 14.04.2013 15:16:04 | Computer Name = Hp-Pavilion | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 14.04.2013 15:16:04 | Computer Name = Hp-Pavilion | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 14.04.2013 15:16:06 | Computer Name = Hp-Pavilion | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 14.04.2013 15:16:06 | Computer Name = Hp-Pavilion | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 14.04.2013 15:16:06 | Computer Name = Hp-Pavilion | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 14.04.2013 16:16:00 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 20.02.2013 05:02:16 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 10:02:16 - Fehler beim Herstellen der Internetverbindung.  10:02:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.03.2013 15:04:56 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 20:04:56 - Fehler beim Herstellen der Internetverbindung.  20:04:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.03.2013 10:34:47 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 15:34:47 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 21.03.2013 15:53:05 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 20:53:05 - Fehler beim Herstellen der Internetverbindung.  20:53:05 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.03.2013 10:02:43 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 15:02:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 23.03.2013 11:14:43 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 16:14:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 24.03.2013 09:00:13 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 14:00:13 - Fehler beim Herstellen der Internetverbindung.  14:00:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.03.2013 09:06:28 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 14:06:28 - Fehler beim Herstellen der Internetverbindung.  14:06:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.03.2013 09:06:37 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 14:06:33 - Fehler beim Herstellen der Internetverbindung.  14:06:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.04.2013 08:53:43 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 14:53:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ System Events ]
Error - 22.03.2013 14:20:54 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 22.03.2013 14:20:56 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 22.03.2013 17:54:08 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 23.03.2013 06:23:42 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10005
Description = 
 
Error - 23.03.2013 06:23:42 | Computer Name = Hp-Pavilion | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 23.03.2013 06:23:42 | Computer Name = Hp-Pavilion | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 23.03.2013 06:25:04 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 23.03.2013 06:28:06 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 23.03.2013 12:51:37 | Computer Name = Hp-Pavilion | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 23.03.2013 16:47:07 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

--- --- ---

Hallo nochmal ich bin mit dem Schritt 1 fertig

Darf ich jetzt gleich mit Schritt 2 weitermachen oder muss ich vorher noch etwas bei OTL clicken?

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:54 on 28/04/2013 (Dominik)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:54 on 28/04/2013 (Dominik)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-28 17:14:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\uxliipoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe[904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   0000000075241465 2 bytes [24, 75]
.text  C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe[904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000752414bb 2 bytes [24, 75]
.text  ...                                                                                                                                   * 2
.text  C:\Windows\SysWOW64\svchost.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         0000000075241465 2 bytes [24, 75]
.text  C:\Windows\SysWOW64\svchost.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000752414bb 2 bytes [24, 75]
.text  ...                                                                                                                                   * 2
.text  C:\Windows\SysWOW64\RunDll32.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000075241465 2 bytes [24, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000752414bb 2 bytes [24, 75]
.text  ...                                                                                                                                   * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                               0000000074981a22 2 bytes [98, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                               0000000074981ad0 2 bytes [98, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                               0000000074981b08 2 bytes [98, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                               0000000074981bba 2 bytes [98, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                               0000000074981bda 2 bytes [98, 74]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2524] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69          0000000075241465 2 bytes [24, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2524] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155         00000000752414bb 2 bytes [24, 75]
.text  ...                                                                                                                                   * 2
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000075241465 2 bytes [24, 75]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000752414bb 2 bytes [24, 75]
.text  ...                                                                                                                                   * 2
.text  C:\Program Files (x86)\HP SimplePass\TouchControl.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000075241465 2 bytes [24, 75]
.text  C:\Program Files (x86)\HP SimplePass\TouchControl.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000752414bb 2 bytes [24, 75]
.text  ...                                                                                                                                   * 2
.text  C:\Users\Dominik\Desktop\gmer_2.1.19163.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000075241465 2 bytes [24, 75]
.text  C:\Users\Dominik\Desktop\gmer_2.1.19163.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000752414bb 2 bytes [24, 75]
.text  ...                                                                                                                                   * 2

---- EOF - GMER 2.1 ----

--- --- ---

M-K-D-B · 28.04.2013, 19:54

Servus,

Zitat:

Zitat von Dominik P

Advanced System Care ultimate (...) muss ich diese gegebenfalls löschen oder sind diese für den von Ihnen beschriebenend Vorgang eine Gefährdung?

Advanced System Care Ultimate und CCleaner kann ich nicht empfehlen.

Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall Advanced System Care Ultimate, CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.

Nun starten wir die Bereinigung:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von ComboFix.

Dominik P · 29.04.2013, 18:14

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 29/04/2013 um 19:09:33 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dominik - HP-PAVILION
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dominik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Désinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Désinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Désinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Désinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547564A9E384_J2130053EN27JBEN27JBX&ts=1365854831
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\5f53d68db33beb44
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547564A9E384_J2130053EN27JBEN27JBX&ts=1365854831 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=AT&userid=c22c6999-e612-4e1f-9221-ee0f95d13026&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=AT&userid=c22c6999-e612-4e1f-9221-ee0f95d13026&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547564A9E384_J2130053EN27JBEN27JBX&ts=3276852 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547564A9E384_J2130053EN27JBEN27JBX&ts=3276852 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=AT&userid=c22c6999-e612-4e1f-9221-ee0f95d13026&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=AT&userid=c22c6999-e612-4e1f-9221-ee0f95d13026&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547564A9E384_J2130053EN27JBEN27JBX&ts=1365854831 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547564A9E384_J2130053EN27JBEN27JBX&ts=1365854831 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547564A9E384_J2130053EN27JBEN27JBX&ts=1365854831 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547564A9E384_J2130053EN27JBEN27JBX&ts=1365854831 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\t4i65xmj.default\prefs.js

C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\t4i65xmj.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8209 octets] - [29/04/2013 19:09:33]

########## EOF - C:\AdwCleaner[S1].txt - [8269 octets] ##########

M-K-D-B · 29.04.2013, 19:03

Servus,

fehlt noch die Logdatei von ComboFix.

Dominik P · 29.04.2013, 19:19

ComboFix 13-04-28.01 - Dominik 29.04.2013 19:49:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.6905.5198 [GMT 2:00]
ausgeführt von:: C:\Users\Dominik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Dominik\AppData\Roaming\technic-launcher.jar
C:\Windows\SysWow64\muzapp.exe
C:\Windows\SysWow64\Packet.dll
C:\Windows\SysWow64\pthreadVC.dll
C:\Windows\SysWow64\wpcap.dll

((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf

((((((((((((((((((((((( Dateien erstellt von 2013-03-28 bis 2013-04-29 ))))))))))))))))))))))))))))))

2013-04-29 17:56:56 . 2013-04-29 17:56:56 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-04-29 17:38:25 . 2013-04-29 17:38:25 16712 ----a-w- C:\Windows\system32\drivers\PROCEXP113.SYS
2013-04-27 08:31:25 . 2013-04-27 08:31:25 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-04-27 08:30:48 . 2013-04-27 08:30:28 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-27 07:56:52 . 2013-04-10 03:46:09 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DB99257-229C-4198-9A51-4106FC303512}\mpengine.dll
2013-04-27 07:56:02 . 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2013-04-21 10:19:37 . 2013-04-21 10:19:39 -------- d-----w- C:\Program Files (x86)\ElcomSoft
2013-04-21 09:58:32 . 2013-04-21 10:23:04 -------- d-----w- C:\ProgramData\WinZip
2013-04-20 19:13:39 . 2013-04-20 19:13:39 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-20 18:23:59 . 2013-04-20 18:23:59 -------- d-----w- C:\Users\Dominik\AppData\Roaming\SUPERAntiSpyware.com
2013-04-20 18:23:22 . 2013-04-20 18:23:59 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-04-20 18:23:22 . 2013-04-20 18:23:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-04-15 19:44:40 . 2013-04-15 19:44:45 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-14 19:37:28 . 2013-04-15 19:10:20 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-04-14 11:33:20 . 2012-10-15 08:54:00 25472 ----a-w- C:\Windows\system32\RegistryDefragBootTime.exe
2013-04-14 09:50:13 . 2013-04-29 17:28:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 09:49:30 . 2009-01-25 10:14:02 17272 ----a-w- C:\Windows\system32\sdnclean64.exe
2013-04-14 09:49:19 . 2013-04-14 09:50:11 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-13 20:18:11 . 2013-04-13 20:18:11 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-04-13 20:18:10 . 2013-04-13 20:18:11 -------- d-----w- C:\Users\Dominik\AppData\Roaming\Apple Computer
2013-04-13 20:18:06 . 2013-04-13 20:18:06 -------- d-----w- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-04-13 20:07:42 . 2013-04-20 19:13:51 -------- d-----w- C:\ProgramData\IObit
2013-04-13 20:07:41 . 2013-04-13 20:18:03 -------- d-----w- C:\Users\Dominik\AppData\Roaming\IObit
2013-04-13 20:07:36 . 2013-04-20 19:21:38 -------- d-----w- C:\Program Files (x86)\IObit
2013-04-13 20:07:13 . 2013-04-13 20:07:13 51496 ----a-w- C:\Windows\system32\drivers\stflt.sys
2013-04-13 18:48:24 . 2013-04-15 19:33:13 -------- d-----w- C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-13 18:48:23 . 2013-04-14 19:37:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-04-13 12:22:39 . 2013-04-13 22:06:24 -------- d-----w- C:\Program Files (x86)\Intelore
2013-04-12 15:15:27 . 2013-04-12 15:15:27 -------- d-----w- C:\Program Files (x86)\IPACS
2013-04-12 15:07:11 . 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\system32\win32k.sys
2013-04-11 16:34:24 . 2013-01-24 06:01:01 223752 ----a-w- C:\Windows\system32\drivers\fvevol.sys
2013-04-11 16:33:58 . 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-04-11 16:33:57 . 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-04-11 16:33:57 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-11 16:33:57 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-11 16:33:57 . 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-11 16:33:57 . 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\system32\smss.exe
2013-04-09 19:13:28 . 2013-04-12 16:10:07 -------- d-----w- C:\Program Files (x86)\Battlefield 3
2013-04-08 16:47:40 . 2013-04-19 13:45:13 -------- d-----w- C:\Users\Tamer
2013-04-02 14:58:44 . 2013-04-02 14:58:44 -------- d-----w- C:\Users\Dominik\AppData\Roaming\runic games
2013-04-02 14:53:49 . 2013-04-27 16:35:45 -------- d-----w- C:\Users\Dominik\AppData\Roaming\BitTorrent
2013-04-02 14:51:46 . 2013-04-02 14:51:46 -------- d-----w- C:\Program Files (x86)\JoWooD
2013-04-01 22:46:58 . 2013-04-01 22:46:58 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-04-01 22:46:06 . 2013-04-01 22:47:35 -------- d-----w- C:\Users\Dominik\AppData\Roaming\hpqLog
2013-04-01 15:00:17 . 2013-04-01 15:00:17 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
2013-03-31 23:40:21 . 2013-03-31 23:40:21 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-03-31 22:44:44 . 2013-03-31 22:44:40 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-03-31 22:44:44 . 2013-03-31 22:44:40 130016 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-03-31 22:44:44 . 2013-03-31 22:44:40 100712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-03-31 18:55:58 . 2013-04-14 20:13:49 -------- d-----w- C:\Windows\AutoKMS
2013-03-31 17:49:26 . 2013-03-31 17:49:26 -------- d-----w- C:\Program Files\Common Files\DESIGNER
2013-03-31 17:48:48 . 2013-03-31 17:48:48 -------- d-----w- C:\Program Files\Microsoft.NET
2013-03-31 17:48:37 . 2013-03-31 17:48:37 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-03-31 17:46:21 . 2013-03-31 23:39:59 -------- d-----w- C:\Windows\SHELLNEW
2013-03-31 17:46:06 . 2013-03-31 17:46:06 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-03-31 17:46:06 . 2013-03-31 17:46:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-03-31 17:44:25 . 2013-03-31 17:44:25 -------- d-----r- C:\MSOCache
2013-03-30 21:30:50 . 2013-04-27 16:35:59 -------- d-----w- C:\Users\Dominik\AppData\Roaming\uTorrent
.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-04-27 08:30:24 . 2012-09-09 10:05:21 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-27 08:30:24 . 2012-09-09 10:05:21 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-14 07:20:02 . 2012-04-19 21:27:11 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-14 07:20:01 . 2012-04-19 21:27:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 20:38:40 . 2012-09-09 15:43:15 72702784 ----a-w- C:\Windows\system32\MRT.exe
2013-03-29 18:00:27 . 2013-03-29 18:00:27 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2013-03-27 14:07:43 . 2013-03-27 14:07:43 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-27 14:07:29 . 2013-03-27 14:07:29 824144 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-25 20:36:19 . 2013-03-25 20:36:19 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-25 20:35:46 . 2013-03-25 20:35:46 824144 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16 226304 ----a-w- C:\Windows\system32\elshyph.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-03-22 14:57:16 . 2013-03-22 14:57:16 138752 ----a-w- C:\Windows\SysWow64\wextract.exe
2013-03-22 14:57:16 . 2013-03-22 14:57:16 1054720 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15 97280 ----a-w- C:\Windows\system32\mshtmled.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 905728 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 81408 ----a-w- C:\Windows\system32\icardie.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 762368 ----a-w- C:\Windows\system32\ieapfltr.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx
2013-03-22 14:57:15 . 2013-03-22 14:57:15 599552 ----a-w- C:\Windows\system32\vbscript.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 452096 ----a-w- C:\Windows\system32\dxtmsft.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 441856 ----a-w- C:\Windows\system32\html.iec
2013-03-22 14:57:15 . 2013-03-22 14:57:15 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 361984 ----a-w- C:\Windows\SysWow64\html.iec
2013-03-22 14:57:15 . 2013-03-22 14:57:15 281600 ----a-w- C:\Windows\system32\dxtrans.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 27648 ----a-w- C:\Windows\system32\licmgr10.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 270848 ----a-w- C:\Windows\system32\iedkcs32.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 247296 ----a-w- C:\Windows\system32\webcheck.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 235008 ----a-w- C:\Windows\system32\url.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 216064 ----a-w- C:\Windows\system32\msls31.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 197120 ----a-w- C:\Windows\system32\msrating.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 173568 ----a-w- C:\Windows\system32\ieUnatt.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15 167424 ----a-w- C:\Windows\system32\iexpress.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15 1509376 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-03-22 14:57:15 . 2013-03-22 14:57:15 144896 ----a-w- C:\Windows\system32\wextract.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-03-22 14:57:15 . 2013-03-22 14:57:15 1400416 ----a-w- C:\Windows\system32\ieapfltr.dat
2013-03-22 14:57:15 . 2013-03-22 14:57:15 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15 12800 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15 102912 ----a-w- C:\Windows\system32\inseng.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14 92160 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2013-03-22 14:57:14 . 2013-03-22 14:57:14 77312 ----a-w- C:\Windows\system32\tdc.ocx
2013-03-22 14:57:14 . 2013-03-22 14:57:14 62976 ----a-w- C:\Windows\system32\pngfilt.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14 51200 ----a-w- C:\Windows\system32\imgutil.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14 149504 ----a-w- C:\Windows\system32\occache.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14 13824 ----a-w- C:\Windows\system32\mshta.exe
2013-03-22 14:57:14 . 2013-03-22 14:57:14 136192 ----a-w- C:\Windows\system32\iepeers.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14 135680 ----a-w- C:\Windows\system32\IEAdvpack.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14 12800 ----a-w- C:\Windows\system32\msfeedssync.exe
2013-03-22 14:56:10 . 2013-03-22 14:56:10 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 9728 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 522752 ----a-w- C:\Windows\system32\XpsGdiConverter.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 465920 ----a-w- C:\Windows\system32\WMPhoto.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 4096 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 3928064 ----a-w- C:\Windows\system32\d2d1.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 363008 ----a-w- C:\Windows\system32\dxgi.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 3584 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 2776576 ----a-w- C:\Windows\system32\msmpeg2vdec.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 2560 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 1682432 ----a-w- C:\Windows\system32\XpsPrint.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10 10752 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09 648192 ----a-w- C:\Windows\system32\d3d10level9.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09 333312 ----a-w- C:\Windows\system32\d3d10_1core.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09 296960 ----a-w- C:\Windows\system32\d3d10core.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09 245248 ----a-w- C:\Windows\system32\WindowsCodecsExt.dll

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 16:05:02 1722976 ----a-w- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 16:05:02 1722976 ----a-w- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 16:05:02 1722976 ----a-w- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 19:41:30 5629312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-21 03:04:56 630912]
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 11:38:38 578944]
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 12:48:44 379960]
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 12:37:18 1342008]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-31 22:43:48 345312]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-1 1380128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 09:55:16 86528]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 19:19:20 240408]
R3 esgiguard;esgiguard; [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 18:34:38 178824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
R3 SmbDrv;SmbDrv;C:\Windows\system32\drivers\Smb_driver.sys [2012-03-02 01:39:36 21264]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-09 04:41:00 269640]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 14:08:26 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-09 18:20:52 1255736]
R4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 04:55:12 47128]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 12:07:16 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 12:07:20 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 12:07:24 168384]
R4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 12:28:36 160944]
R4 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 02:23:24 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]
S0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys [2011-12-13 12:52:44 82048]
S0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys [2011-12-13 12:52:44 42624]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\system32\drivers\amdkmpfd.sys [2012-02-02 08:54:56 31872]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-31 22:44:40 28600]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 18:54:58 140672]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-03-22 00:36:56 235520]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-21 02:30:26 361984]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-31 22:44:28 86752]
S2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\system32\DRIVERS\appexDrv.sys [2012-02-05 00:30:06 189760]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 19:19:20 193816]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 01:48:26 260424]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2012-02-22 09:55:50 31000]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 11:38:38 35200]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\drivers\amdhub30.sys [2011-10-26 19:16:46 102528]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\drivers\amdiox64.sys [2010-02-18 07:18:24 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\amdxhc.sys [2011-10-26 19:16:46 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2011-12-06 11:47:30 95248]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys [2012-02-02 03:07:18 134696]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 03:07:18 615976]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys [2012-02-02 03:07:18 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 03:07:12 39976]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 07:13:50 31088]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-29 18:00:27 283200]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys [2012-03-08 19:43:14 293480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-03-10 04:41:16 685160]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2012-01-14 12:05:54 56448]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Inhalt des "geplante Tasks" Ordners

2013-04-29 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 21:27:11 . 2013-04-14 07:20:02]

2013-04-07 C:\Windows\Tasks\HPCeeScheduleForDominik.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43:00 . 2011-07-15 02:43:00]

2013-04-20 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2409616e-9353-4977-8974-904b55fc48d4.job
- C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52:29 . 2011-05-04 17:52:29]

2013-04-28 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f45a046-cce2-4f4f-bf46-4c94381b83c6.job
- C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52:29 . 2011-05-04 17:52:29]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 15:59:34 2325624 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 15:59:34 2325624 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 15:59:34 2325624 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache

------- Zusätzlicher Suchlauf -------

uStart Page = hxxp://www.google.com/
uLocal Page = C:\Windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = hxxp://www.google.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\t4i65xmj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/

- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

Code:

ATTFilter

ComboFix 13-04-28.01 - Dominik 29.04.2013  19:49:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.6905.5198 [GMT 2:00]
ausgeführt von:: C:\Users\Dominik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Dominik\AppData\Roaming\technic-launcher.jar
C:\Windows\SysWow64\muzapp.exe
C:\Windows\SysWow64\Packet.dll
C:\Windows\SysWow64\pthreadVC.dll
C:\Windows\SysWow64\wpcap.dll


(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-29  ))))))))))))))))))))))))))))))


2013-04-29 17:56:56 . 2013-04-29 17:56:56	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2013-04-29 17:38:25 . 2013-04-29 17:38:25	16712	----a-w-	C:\Windows\system32\drivers\PROCEXP113.SYS
2013-04-27 08:31:25 . 2013-04-27 08:31:25	--------	d-----w-	C:\Program Files (x86)\Common Files\Java
2013-04-27 08:30:48 . 2013-04-27 08:30:28	95648	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-27 07:56:52 . 2013-04-10 03:46:09	9317456	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DB99257-229C-4198-9A51-4106FC303512}\mpengine.dll
2013-04-27 07:56:02 . 2013-04-12 14:45:08	1656680	----a-w-	C:\Windows\system32\drivers\ntfs.sys
2013-04-21 10:19:37 . 2013-04-21 10:19:39	--------	d-----w-	C:\Program Files (x86)\ElcomSoft
2013-04-21 09:58:32 . 2013-04-21 10:23:04	--------	d-----w-	C:\ProgramData\WinZip
2013-04-20 19:13:39 . 2013-04-20 19:13:39	--------	d-----w-	C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-20 18:23:59 . 2013-04-20 18:23:59	--------	d-----w-	C:\Users\Dominik\AppData\Roaming\SUPERAntiSpyware.com
2013-04-20 18:23:22 . 2013-04-20 18:23:59	--------	d-----w-	C:\Program Files\SUPERAntiSpyware
2013-04-20 18:23:22 . 2013-04-20 18:23:22	--------	d-----w-	C:\ProgramData\SUPERAntiSpyware.com
2013-04-15 19:44:40 . 2013-04-15 19:44:45	--------	d-----w-	C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-14 19:37:28 . 2013-04-15 19:10:20	--------	d-----w-	C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-04-14 11:33:20 . 2012-10-15 08:54:00	25472	----a-w-	C:\Windows\system32\RegistryDefragBootTime.exe
2013-04-14 09:50:13 . 2013-04-29 17:28:48	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2013-04-14 09:49:30 . 2009-01-25 10:14:02	17272	----a-w-	C:\Windows\system32\sdnclean64.exe
2013-04-14 09:49:19 . 2013-04-14 09:50:11	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-13 20:18:11 . 2013-04-13 20:18:11	--------	d-----w-	C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-04-13 20:18:10 . 2013-04-13 20:18:11	--------	d-----w-	C:\Users\Dominik\AppData\Roaming\Apple Computer
2013-04-13 20:18:06 . 2013-04-13 20:18:06	--------	d-----w-	C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-04-13 20:07:42 . 2013-04-20 19:13:51	--------	d-----w-	C:\ProgramData\IObit
2013-04-13 20:07:41 . 2013-04-13 20:18:03	--------	d-----w-	C:\Users\Dominik\AppData\Roaming\IObit
2013-04-13 20:07:36 . 2013-04-20 19:21:38	--------	d-----w-	C:\Program Files (x86)\IObit
2013-04-13 20:07:13 . 2013-04-13 20:07:13	51496	----a-w-	C:\Windows\system32\drivers\stflt.sys
2013-04-13 18:48:24 . 2013-04-15 19:33:13	--------	d-----w-	C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-13 18:48:23 . 2013-04-14 19:37:27	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-04-13 12:22:39 . 2013-04-13 22:06:24	--------	d-----w-	C:\Program Files (x86)\Intelore
2013-04-12 15:15:27 . 2013-04-12 15:15:27	--------	d-----w-	C:\Program Files (x86)\IPACS
2013-04-12 15:07:11 . 2013-03-01 03:36:04	3153408	----a-w-	C:\Windows\system32\win32k.sys
2013-04-11 16:34:24 . 2013-01-24 06:01:01	223752	----a-w-	C:\Windows\system32\drivers\fvevol.sys
2013-04-11 16:33:58 . 2013-03-19 06:04:06	5550424	----a-w-	C:\Windows\system32\ntoskrnl.exe
2013-04-11 16:33:57 . 2013-03-19 05:46:56	43520	----a-w-	C:\Windows\system32\csrsrv.dll
2013-04-11 16:33:57 . 2013-03-19 05:04:13	3968856	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-11 16:33:57 . 2013-03-19 05:04:10	3913560	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-04-11 16:33:57 . 2013-03-19 04:47:50	6656	----a-w-	C:\Windows\SysWow64\apisetschema.dll
2013-04-11 16:33:57 . 2013-03-19 03:06:33	112640	----a-w-	C:\Windows\system32\smss.exe
2013-04-09 19:13:28 . 2013-04-12 16:10:07	--------	d-----w-	C:\Program Files (x86)\Battlefield 3
2013-04-08 16:47:40 . 2013-04-19 13:45:13	--------	d-----w-	C:\Users\Tamer
2013-04-02 14:58:44 . 2013-04-02 14:58:44	--------	d-----w-	C:\Users\Dominik\AppData\Roaming\runic games
2013-04-02 14:53:49 . 2013-04-27 16:35:45	--------	d-----w-	C:\Users\Dominik\AppData\Roaming\BitTorrent
2013-04-02 14:51:46 . 2013-04-02 14:51:46	--------	d-----w-	C:\Program Files (x86)\JoWooD
2013-04-01 22:46:58 . 2013-04-01 22:46:58	--------	d-----w-	C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-04-01 22:46:06 . 2013-04-01 22:47:35	--------	d-----w-	C:\Users\Dominik\AppData\Roaming\hpqLog
2013-04-01 15:00:17 . 2013-04-01 15:00:17	--------	d-----w-	C:\Users\Default\AppData\Local\Microsoft Help
2013-03-31 23:40:21 . 2013-03-31 23:40:21	--------	d-----w-	C:\Program Files (x86)\Microsoft Visual Studio 8
2013-03-31 22:44:44 . 2013-03-31 22:44:40	28600	----a-w-	C:\Windows\system32\drivers\avkmgr.sys
2013-03-31 22:44:44 . 2013-03-31 22:44:40	130016	----a-w-	C:\Windows\system32\drivers\avipbb.sys
2013-03-31 22:44:44 . 2013-03-31 22:44:40	100712	----a-w-	C:\Windows\system32\drivers\avgntflt.sys
2013-03-31 18:55:58 . 2013-04-14 20:13:49	--------	d-----w-	C:\Windows\AutoKMS
2013-03-31 17:49:26 . 2013-03-31 17:49:26	--------	d-----w-	C:\Program Files\Common Files\DESIGNER
2013-03-31 17:48:48 . 2013-03-31 17:48:48	--------	d-----w-	C:\Program Files\Microsoft.NET
2013-03-31 17:48:37 . 2013-03-31 17:48:37	--------	d-----w-	C:\ProgramData\regid.1991-06.com.microsoft
2013-03-31 17:46:21 . 2013-03-31 23:39:59	--------	d-----w-	C:\Windows\SHELLNEW
2013-03-31 17:46:06 . 2013-03-31 17:46:06	--------	d-----w-	C:\Program Files\Microsoft Analysis Services
2013-03-31 17:46:06 . 2013-03-31 17:46:06	--------	d-----w-	C:\Program Files (x86)\Microsoft Analysis Services
2013-03-31 17:44:25 . 2013-03-31 17:44:25	--------	d-----r-	C:\MSOCache
2013-03-30 21:30:50 . 2013-04-27 16:35:59	--------	d-----w-	C:\Users\Dominik\AppData\Roaming\uTorrent
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-04-27 08:30:24 . 2012-09-09 10:05:21	866720	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-04-27 08:30:24 . 2012-09-09 10:05:21	788896	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-04-14 07:20:02 . 2012-04-19 21:27:11	691592	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-14 07:20:01 . 2012-04-19 21:27:11	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 20:38:40 . 2012-09-09 15:43:15	72702784	----a-w-	C:\Windows\system32\MRT.exe
2013-03-29 18:00:27 . 2013-03-29 18:00:27	283200	----a-w-	C:\Windows\system32\drivers\dtsoftbus01.sys
2013-03-27 14:07:43 . 2013-03-27 14:07:43	48648	----a-w-	C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-27 14:07:29 . 2013-03-27 14:07:29	824144	----a-w-	C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-25 20:36:19 . 2013-03-25 20:36:19	48648	----a-w-	C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-25 20:35:46 . 2013-03-25 20:35:46	824144	----a-w-	C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16	719360	----a-w-	C:\Windows\SysWow64\mshtmlmedia.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16	523264	----a-w-	C:\Windows\SysWow64\vbscript.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16	226304	----a-w-	C:\Windows\system32\elshyph.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16	185344	----a-w-	C:\Windows\SysWow64\elshyph.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16	158720	----a-w-	C:\Windows\SysWow64\msls31.dll
2013-03-22 14:57:16 . 2013-03-22 14:57:16	150528	----a-w-	C:\Windows\SysWow64\iexpress.exe
2013-03-22 14:57:16 . 2013-03-22 14:57:16	138752	----a-w-	C:\Windows\SysWow64\wextract.exe
2013-03-22 14:57:16 . 2013-03-22 14:57:16	1054720	----a-w-	C:\Windows\system32\MsSpellCheckingFacility.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15	97280	----a-w-	C:\Windows\system32\mshtmled.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	905728	----a-w-	C:\Windows\system32\mshtmlmedia.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	81408	----a-w-	C:\Windows\system32\icardie.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	762368	----a-w-	C:\Windows\system32\ieapfltr.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	73728	----a-w-	C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15	61952	----a-w-	C:\Windows\SysWow64\tdc.ocx
2013-03-22 14:57:15 . 2013-03-22 14:57:15	599552	----a-w-	C:\Windows\system32\vbscript.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	48640	----a-w-	C:\Windows\SysWow64\mshtmler.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	452096	----a-w-	C:\Windows\system32\dxtmsft.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	441856	----a-w-	C:\Windows\system32\html.iec
2013-03-22 14:57:15 . 2013-03-22 14:57:15	38400	----a-w-	C:\Windows\SysWow64\imgutil.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	361984	----a-w-	C:\Windows\SysWow64\html.iec
2013-03-22 14:57:15 . 2013-03-22 14:57:15	281600	----a-w-	C:\Windows\system32\dxtrans.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	27648	----a-w-	C:\Windows\system32\licmgr10.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	270848	----a-w-	C:\Windows\system32\iedkcs32.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	247296	----a-w-	C:\Windows\system32\webcheck.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	235008	----a-w-	C:\Windows\system32\url.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	23040	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	216064	----a-w-	C:\Windows\system32\msls31.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	197120	----a-w-	C:\Windows\system32\msrating.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	173568	----a-w-	C:\Windows\system32\ieUnatt.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15	167424	----a-w-	C:\Windows\system32\iexpress.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15	1509376	----a-w-	C:\Windows\system32\inetcpl.cpl
2013-03-22 14:57:15 . 2013-03-22 14:57:15	144896	----a-w-	C:\Windows\system32\wextract.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15	1441280	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2013-03-22 14:57:15 . 2013-03-22 14:57:15	1400416	----a-w-	C:\Windows\system32\ieapfltr.dat
2013-03-22 14:57:15 . 2013-03-22 14:57:15	137216	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15	12800	----a-w-	C:\Windows\SysWow64\mshta.exe
2013-03-22 14:57:15 . 2013-03-22 14:57:15	110592	----a-w-	C:\Windows\SysWow64\IEAdvpack.dll
2013-03-22 14:57:15 . 2013-03-22 14:57:15	102912	----a-w-	C:\Windows\system32\inseng.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14	92160	----a-w-	C:\Windows\system32\SetIEInstalledDate.exe
2013-03-22 14:57:14 . 2013-03-22 14:57:14	77312	----a-w-	C:\Windows\system32\tdc.ocx
2013-03-22 14:57:14 . 2013-03-22 14:57:14	62976	----a-w-	C:\Windows\system32\pngfilt.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14	52224	----a-w-	C:\Windows\system32\msfeedsbs.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14	51200	----a-w-	C:\Windows\system32\imgutil.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14	48640	----a-w-	C:\Windows\system32\mshtmler.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14	149504	----a-w-	C:\Windows\system32\occache.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14	13824	----a-w-	C:\Windows\system32\mshta.exe
2013-03-22 14:57:14 . 2013-03-22 14:57:14	136192	----a-w-	C:\Windows\system32\iepeers.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14	135680	----a-w-	C:\Windows\system32\IEAdvpack.dll
2013-03-22 14:57:14 . 2013-03-22 14:57:14	12800	----a-w-	C:\Windows\system32\msfeedssync.exe
2013-03-22 14:56:10 . 2013-03-22 14:56:10	9728	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	9728	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	5632	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	5632	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	522752	----a-w-	C:\Windows\system32\XpsGdiConverter.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	465920	----a-w-	C:\Windows\system32\WMPhoto.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	417792	----a-w-	C:\Windows\SysWow64\WMPhoto.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	4096	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	4096	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	3928064	----a-w-	C:\Windows\system32\d2d1.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	364544	----a-w-	C:\Windows\SysWow64\XpsGdiConverter.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	363008	----a-w-	C:\Windows\system32\dxgi.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	3584	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	3072	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	3072	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	2776576	----a-w-	C:\Windows\system32\msmpeg2vdec.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	2565120	----a-w-	C:\Windows\system32\d3d10warp.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	2560	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	2560	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	2284544	----a-w-	C:\Windows\SysWow64\msmpeg2vdec.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	220160	----a-w-	C:\Windows\SysWow64\d3d10core.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	1682432	----a-w-	C:\Windows\system32\XpsPrint.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	1504768	----a-w-	C:\Windows\SysWow64\d3d11.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	1247744	----a-w-	C:\Windows\SysWow64\DWrite.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	1158144	----a-w-	C:\Windows\SysWow64\XpsPrint.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	1080832	----a-w-	C:\Windows\SysWow64\d3d10.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	10752	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:56:10 . 2013-03-22 14:56:10	10752	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09	648192	----a-w-	C:\Windows\system32\d3d10level9.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09	604160	----a-w-	C:\Windows\SysWow64\d3d10level9.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09	3419136	----a-w-	C:\Windows\SysWow64\d2d1.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09	333312	----a-w-	C:\Windows\system32\d3d10_1core.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09	296960	----a-w-	C:\Windows\system32\d3d10core.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09	293376	----a-w-	C:\Windows\SysWow64\dxgi.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09	249856	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2013-03-22 14:56:09 . 2013-03-22 14:56:09	245248	----a-w-	C:\Windows\system32\WindowsCodecsExt.dll


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 16:05:02	1722976	----a-w-	C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 16:05:02	1722976	----a-w-	C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 16:05:02	1722976	----a-w-	C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 19:41:30 5629312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-21 03:04:56 630912]
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 11:38:38 578944]
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 12:48:44 379960]
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 12:37:18 1342008]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-31 22:43:48 345312]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-1 1380128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 09:55:16 86528]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 19:19:20 240408]
R3 esgiguard;esgiguard; [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 18:34:38 178824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
R3 SmbDrv;SmbDrv;C:\Windows\system32\drivers\Smb_driver.sys [2012-03-02 01:39:36 21264]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-09 04:41:00 269640]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 14:08:26 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-09 18:20:52 1255736]
R4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 04:55:12 47128]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 12:07:16 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 12:07:20 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 12:07:24 168384]
R4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 12:28:36 160944]
R4 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 02:23:24 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]
S0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys [2011-12-13 12:52:44 82048]
S0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys [2011-12-13 12:52:44 42624]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\system32\drivers\amdkmpfd.sys [2012-02-02 08:54:56 31872]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-31 22:44:40 28600]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 18:54:58 140672]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-03-22 00:36:56 235520]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-21 02:30:26 361984]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-31 22:44:28 86752]
S2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\system32\DRIVERS\appexDrv.sys [2012-02-05 00:30:06 189760]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 19:19:20 193816]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 01:48:26 260424]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2012-02-22 09:55:50 31000]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 11:38:38 35200]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\drivers\amdhub30.sys [2011-10-26 19:16:46 102528]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\drivers\amdiox64.sys [2010-02-18 07:18:24 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\amdxhc.sys [2011-10-26 19:16:46 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2011-12-06 11:47:30 95248]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys [2012-02-02 03:07:18 134696]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 03:07:18 615976]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys [2012-02-02 03:07:18 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 03:07:12 39976]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 07:13:50 31088]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-29 18:00:27 283200]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys [2012-03-08 19:43:14 293480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-03-10 04:41:16 685160]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2012-01-14 12:05:54 56448]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai

Inhalt des "geplante Tasks" Ordners

2013-04-29 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 21:27:11 . 2013-04-14 07:20:02]

2013-04-07 C:\Windows\Tasks\HPCeeScheduleForDominik.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43:00 . 2011-07-15 02:43:00]

2013-04-20 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2409616e-9353-4977-8974-904b55fc48d4.job
- C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52:29 . 2011-05-04 17:52:29]

2013-04-28 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f45a046-cce2-4f4f-bf46-4c94381b83c6.job
- C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52:29 . 2011-05-04 17:52:29]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 15:59:34	2325624	----a-w-	C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 15:59:34	2325624	----a-w-	C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 15:59:34	2325624	----a-w-	C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache

------- Zusätzlicher Suchlauf -------

uStart Page = hxxp://www.google.com/
uLocal Page = C:\Windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = hxxp://www.google.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\t4i65xmj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/

- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

Hallo, ich bedanke mich schon einmal für die tolle Hilfe!!!

Zu Combofix: ich habe versucht, in der Systemsteuerung alle Virensoftware-Prozesse zu beenden, auch in den Programmen deaktiviert was ging, danach ging ich unter services.msc, beendete ebenfalls alles, doch die Virensoftwares ließen sich nie deaktivieren;
Als ich nun alle Programme und Browser geschlossen habe, startete ich Combofix, danach kam die Meldung, das Advanced System Care den Vorgang "Stören" könnte und ich es vor dem Vorgang beenden sollte, bevor ich auf "OK" drücke. So, nun, leider bietet das Programm auser Echtzeitschutz deaktivieren keine wirkliche Methode, darum habe ich es vorübergehend deeinstalliert und danach bei Combofix mit "ok-klicken" weitergemacht. Ich ließ Combofix eine Weile die einzelnen Schritte durchführen;

Als ich wieder ins Zimmer kam, hatte sich der Computer neu gestartet und es stand geschrieben, "Logfile wird erstellt"
Leider starteten gleich nach dem Hochfahren und während des vorgangs alle Viren/Malewaresoftwares neu, darum habe ich die Frage:
Ist dies schlimm? ich weiß mir sonst nicht zu helfen die Softwares richtig zu deaktivieren

Danke im Voraus

M-K-D-B · 30.04.2013, 09:30

Servus,

du hast alles richtig gemacht.

Wir müssen allerdings nochmal ran. Da sind noch einige Reste, die wir entfernen müssen.

Schritt 1
Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Driver::
esgiguard
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt 3
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*eSafe*
*Media Finder*
*PutLockerDownloader*
*SwvUpdater*
*OpenCandy*
*DefaultTab*
*Softonic*
*AmiUpd*
*snap.do*
*qvo6.com*

:folderfind
eSafe*
Media Finder*
PutLockerDownloader*
SwvUpdater*
OpenCandy*
DefaultTab*
Softonic*
AmiUpd*
snap.do*
qvo6.com*

:regfind
eSafe
Media Finder
PutLockerDownloader
SwvUpdater
OpenCandy
DefaultTab
Softonic
AmiUpd
snap.do
qvo6.com

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix,
die Logdateien von OTL,
die Logdatei von SystemLook.

Dominik P · 30.04.2013, 23:43

Werde die Logs spätestens heute um 4 hochladen

M-K-D-B · 01.05.2013, 09:24

Zitat:

Zitat von Dominik P

Werde die Logs spätestens heute um 4 hochladen

Freue mich schon drauf.

Dominik P · 01.05.2013, 09:57

Code:

ATTFilter

ComboFix 13-04-29.01 - Dominik 30.04.2013  21:25:50.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.6905.4979 [GMT 2:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dominik\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Legacy_ESGIGUARD
-------\Service_esgiguard
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-30  ))))))))))))))))))))))))))))))
.
.
2013-04-27 08:31 . 2013-04-27 08:31	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-04-27 08:30 . 2013-04-27 08:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-27 07:56 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-21 10:19 . 2013-04-21 10:19	--------	d-----w-	c:\program files (x86)\ElcomSoft
2013-04-21 09:58 . 2013-04-21 10:23	--------	d-----w-	c:\programdata\WinZip
2013-04-20 19:13 . 2013-04-20 19:13	--------	d-----w-	c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-20 18:23 . 2013-04-20 18:23	--------	d-----w-	c:\users\Dominik\AppData\Roaming\SUPERAntiSpyware.com
2013-04-20 18:23 . 2013-04-20 18:23	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-04-20 18:23 . 2013-04-20 18:23	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-04-15 19:44 . 2013-04-15 19:44	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-04-14 19:37 . 2013-04-15 19:10	--------	d-----w-	c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-04-14 11:33 . 2012-10-15 08:54	25472	----a-w-	c:\windows\system32\RegistryDefragBootTime.exe
2013-04-14 09:50 . 2013-04-29 17:28	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-04-14 09:49 . 2009-01-25 10:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-04-14 09:49 . 2013-04-14 09:50	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-13 20:18 . 2013-04-13 20:18	--------	d-----w-	c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-04-13 20:18 . 2013-04-13 20:18	--------	d-----w-	c:\users\Dominik\AppData\Roaming\Apple Computer
2013-04-13 20:18 . 2013-04-13 20:18	--------	d-----w-	c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-04-13 20:07 . 2013-04-20 19:13	--------	d-----w-	c:\programdata\IObit
2013-04-13 20:07 . 2013-04-13 20:18	--------	d-----w-	c:\users\Dominik\AppData\Roaming\IObit
2013-04-13 20:07 . 2013-04-20 19:21	--------	d-----w-	c:\program files (x86)\IObit
2013-04-13 20:07 . 2013-04-13 20:07	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2013-04-13 18:48 . 2013-04-15 19:33	--------	d-----w-	c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-13 18:48 . 2013-04-14 19:37	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-04-13 12:22 . 2013-04-13 22:06	--------	d-----w-	c:\program files (x86)\Intelore
2013-04-12 15:15 . 2013-04-12 15:15	--------	d-----w-	c:\program files (x86)\IPACS
2013-04-12 15:07 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-11 16:34 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-11 16:33 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-11 16:33 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-11 16:33 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 16:33 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 16:33 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-11 16:33 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-09 19:13 . 2013-04-12 16:10	--------	d-----w-	c:\program files (x86)\Battlefield 3
2013-04-08 16:47 . 2013-04-19 13:45	--------	d-----w-	c:\users\Tamer
2013-04-02 14:58 . 2013-04-02 14:58	--------	d-----w-	c:\users\Dominik\AppData\Roaming\runic games
2013-04-02 14:53 . 2013-04-27 16:35	--------	d-----w-	c:\users\Dominik\AppData\Roaming\BitTorrent
2013-04-02 14:51 . 2013-04-02 14:51	--------	d-----w-	c:\program files (x86)\JoWooD
2013-04-01 22:46 . 2013-04-01 22:46	--------	d-----w-	c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-04-01 22:46 . 2013-04-01 22:47	--------	d-----w-	c:\users\Dominik\AppData\Roaming\hpqLog
2013-04-01 15:00 . 2013-04-01 15:00	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2013-03-31 23:40 . 2013-03-31 23:40	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2013-03-31 22:44 . 2013-03-31 22:44	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-31 22:44 . 2013-03-31 22:44	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-31 22:44 . 2013-03-31 22:44	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-27 08:30 . 2012-09-09 10:05	866720	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-04-27 08:30 . 2012-09-09 10:05	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-14 07:20 . 2012-04-19 21:27	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-14 07:20 . 2012-04-19 21:27	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 20:38 . 2012-09-09 15:43	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-29 18:00 . 2013-03-29 18:00	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-27 14:07 . 2013-03-27 14:07	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-27 14:07 . 2013-03-27 14:07	824144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-25 20:36 . 2013-03-25 20:36	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-25 20:35 . 2013-03-25 20:35	824144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-22 14:57 . 2013-03-22 14:57	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 14:57 . 2013-03-22 14:57	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-22 14:57 . 2013-03-22 14:57	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-22 14:57 . 2013-03-22 14:57	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-22 14:57 . 2013-03-22 14:57	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-22 14:57 . 2013-03-22 14:57	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-22 14:57 . 2013-03-22 14:57	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-22 14:57 . 2013-03-22 14:57	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 14:57 . 2013-03-22 14:57	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-22 14:57 . 2013-03-22 14:57	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-22 14:57 . 2013-03-22 14:57	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-22 14:57 . 2013-03-22 14:57	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-22 14:57 . 2013-03-22 14:57	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 14:57 . 2013-03-22 14:57	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-22 14:57 . 2013-03-22 14:57	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-22 14:57 . 2013-03-22 14:57	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-22 14:57 . 2013-03-22 14:57	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-22 14:57 . 2013-03-22 14:57	441856	----a-w-	c:\windows\system32\html.iec
2013-03-22 14:57 . 2013-03-22 14:57	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-22 14:57 . 2013-03-22 14:57	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-22 14:57 . 2013-03-22 14:57	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-22 14:57 . 2013-03-22 14:57	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-22 14:57 . 2013-03-22 14:57	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-22 14:57 . 2013-03-22 14:57	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-22 14:57 . 2013-03-22 14:57	235008	----a-w-	c:\windows\system32\url.dll
2013-03-22 14:57 . 2013-03-22 14:57	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-22 14:57 . 2013-03-22 14:57	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-22 14:57 . 2013-03-22 14:57	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-22 14:57 . 2013-03-22 14:57	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-22 14:57 . 2013-03-22 14:57	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-22 14:57 . 2013-03-22 14:57	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-22 14:57 . 2013-03-22 14:57	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-22 14:57 . 2013-03-22 14:57	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-22 14:57 . 2013-03-22 14:57	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-22 14:57 . 2013-03-22 14:57	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-22 14:57 . 2013-03-22 14:57	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-22 14:57 . 2013-03-22 14:57	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 14:57 . 2013-03-22 14:57	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-22 14:57 . 2013-03-22 14:57	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 14:57 . 2013-03-22 14:57	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-22 14:57 . 2013-03-22 14:57	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-22 14:57 . 2013-03-22 14:57	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-22 14:57 . 2013-03-22 14:57	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-22 14:57 . 2013-03-22 14:57	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-22 14:57 . 2013-03-22 14:57	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-22 14:57 . 2013-03-22 14:57	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-22 14:57 . 2013-03-22 14:57	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-22 14:57 . 2013-03-22 14:57	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-22 14:57 . 2013-03-22 14:57	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-22 14:56 . 2013-03-22 14:56	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-22 14:56 . 2013-03-22 14:56	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-22 14:56 . 2013-03-22 14:56	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-03-22 14:56 . 2013-03-22 14:56	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-03-22 14:56 . 2013-03-22 14:56	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-22 14:56 . 2013-03-22 14:56	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-03-22 14:56 . 2013-03-22 14:56	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-03-22 14:56 . 2013-03-22 14:56	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-22 14:56 . 2013-03-22 14:56	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-22 14:56 . 2013-03-22 14:56	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-03-22 14:56 . 2013-03-22 14:56	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-03-22 14:56 . 2013-03-22 14:56	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-03-22 14:56 . 2013-03-22 14:56	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-03-22 14:56 . 2013-03-22 14:56	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-03-22 14:56 . 2013-03-22 14:56	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-03-22 14:56 . 2013-03-22 14:56	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-03-22 14:56 . 2013-03-22 14:56	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-03-22 14:56 . 2013-03-22 14:56	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-03-22 14:56 . 2013-03-22 14:56	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-22 14:56 . 2013-03-22 14:56	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-03-22 14:56 . 2013-03-22 14:56	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-03-22 14:56 . 2013-03-22 14:56	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-03-22 14:56 . 2013-03-22 14:56	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 16:05	1722976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 16:05	1722976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 16:05	1722976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-21 630912]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-31 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-03-02 21264]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-09 1255736]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-12-13 82048]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-12-13 42624]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys [2012-02-02 31872]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-31 28600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-22 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-21 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-31 86752]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys [2012-02-05 189760]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 193816]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-22 31000]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-10-26 102528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-10-26 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 240408]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-29 283200]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-03-08 293480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-03-10 685160]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-14 56448]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{438363A8-F486-4C37-834C-4955773CB3D3}]
msiexec [BU]
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:20]
.
2013-04-07 c:\windows\Tasks\HPCeeScheduleForDominik.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2013-04-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2409616e-9353-4977-8974-904b55fc48d4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7f45a046-cce2-4f4f-bf46-4c94381b83c6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 15:59	2325624	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 15:59	2325624	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 15:59	2325624	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\t4i65xmj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-30  22:02:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-30 20:02
.
Vor Suchlauf: 19 Verzeichnis(se), 511.867.011.072 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 513.240.260.608 Bytes frei
.
- - End Of File - - 101F9088D1A30EC7826E11D677D254EC

Code:

ATTFilter

ComboFix 13-04-29.01 - Dominik 30.04.2013  21:25:50.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.6905.4979 [GMT 2:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dominik\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Legacy_ESGIGUARD
-------\Service_esgiguard
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-30  ))))))))))))))))))))))))))))))
.
.
2013-04-27 08:31 . 2013-04-27 08:31	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-04-27 08:30 . 2013-04-27 08:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-27 07:56 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-21 10:19 . 2013-04-21 10:19	--------	d-----w-	c:\program files (x86)\ElcomSoft
2013-04-21 09:58 . 2013-04-21 10:23	--------	d-----w-	c:\programdata\WinZip
2013-04-20 19:13 . 2013-04-20 19:13	--------	d-----w-	c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-20 18:23 . 2013-04-20 18:23	--------	d-----w-	c:\users\Dominik\AppData\Roaming\SUPERAntiSpyware.com
2013-04-20 18:23 . 2013-04-20 18:23	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-04-20 18:23 . 2013-04-20 18:23	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-04-15 19:44 . 2013-04-15 19:44	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-04-14 19:37 . 2013-04-15 19:10	--------	d-----w-	c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-04-14 11:33 . 2012-10-15 08:54	25472	----a-w-	c:\windows\system32\RegistryDefragBootTime.exe
2013-04-14 09:50 . 2013-04-29 17:28	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-04-14 09:49 . 2009-01-25 10:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-04-14 09:49 . 2013-04-14 09:50	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-13 20:18 . 2013-04-13 20:18	--------	d-----w-	c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-04-13 20:18 . 2013-04-13 20:18	--------	d-----w-	c:\users\Dominik\AppData\Roaming\Apple Computer
2013-04-13 20:18 . 2013-04-13 20:18	--------	d-----w-	c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-04-13 20:07 . 2013-04-20 19:13	--------	d-----w-	c:\programdata\IObit
2013-04-13 20:07 . 2013-04-13 20:18	--------	d-----w-	c:\users\Dominik\AppData\Roaming\IObit
2013-04-13 20:07 . 2013-04-20 19:21	--------	d-----w-	c:\program files (x86)\IObit
2013-04-13 20:07 . 2013-04-13 20:07	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2013-04-13 18:48 . 2013-04-15 19:33	--------	d-----w-	c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-13 18:48 . 2013-04-14 19:37	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-04-13 12:22 . 2013-04-13 22:06	--------	d-----w-	c:\program files (x86)\Intelore
2013-04-12 15:15 . 2013-04-12 15:15	--------	d-----w-	c:\program files (x86)\IPACS
2013-04-12 15:07 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-11 16:34 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-11 16:33 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-11 16:33 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-11 16:33 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 16:33 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 16:33 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-11 16:33 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-09 19:13 . 2013-04-12 16:10	--------	d-----w-	c:\program files (x86)\Battlefield 3
2013-04-08 16:47 . 2013-04-19 13:45	--------	d-----w-	c:\users\Tamer
2013-04-02 14:58 . 2013-04-02 14:58	--------	d-----w-	c:\users\Dominik\AppData\Roaming\runic games
2013-04-02 14:53 . 2013-04-27 16:35	--------	d-----w-	c:\users\Dominik\AppData\Roaming\BitTorrent
2013-04-02 14:51 . 2013-04-02 14:51	--------	d-----w-	c:\program files (x86)\JoWooD
2013-04-01 22:46 . 2013-04-01 22:46	--------	d-----w-	c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-04-01 22:46 . 2013-04-01 22:47	--------	d-----w-	c:\users\Dominik\AppData\Roaming\hpqLog
2013-04-01 15:00 . 2013-04-01 15:00	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2013-03-31 23:40 . 2013-03-31 23:40	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2013-03-31 22:44 . 2013-03-31 22:44	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-31 22:44 . 2013-03-31 22:44	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-31 22:44 . 2013-03-31 22:44	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-27 08:30 . 2012-09-09 10:05	866720	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-04-27 08:30 . 2012-09-09 10:05	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-14 07:20 . 2012-04-19 21:27	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-14 07:20 . 2012-04-19 21:27	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 20:38 . 2012-09-09 15:43	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-29 18:00 . 2013-03-29 18:00	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-27 14:07 . 2013-03-27 14:07	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-27 14:07 . 2013-03-27 14:07	824144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-25 20:36 . 2013-03-25 20:36	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-25 20:35 . 2013-03-25 20:35	824144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-22 14:57 . 2013-03-22 14:57	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 14:57 . 2013-03-22 14:57	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-22 14:57 . 2013-03-22 14:57	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-22 14:57 . 2013-03-22 14:57	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-22 14:57 . 2013-03-22 14:57	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-22 14:57 . 2013-03-22 14:57	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-22 14:57 . 2013-03-22 14:57	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-22 14:57 . 2013-03-22 14:57	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 14:57 . 2013-03-22 14:57	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-22 14:57 . 2013-03-22 14:57	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-22 14:57 . 2013-03-22 14:57	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-22 14:57 . 2013-03-22 14:57	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-22 14:57 . 2013-03-22 14:57	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 14:57 . 2013-03-22 14:57	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-22 14:57 . 2013-03-22 14:57	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-22 14:57 . 2013-03-22 14:57	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-22 14:57 . 2013-03-22 14:57	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-22 14:57 . 2013-03-22 14:57	441856	----a-w-	c:\windows\system32\html.iec
2013-03-22 14:57 . 2013-03-22 14:57	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-22 14:57 . 2013-03-22 14:57	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-22 14:57 . 2013-03-22 14:57	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-22 14:57 . 2013-03-22 14:57	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-22 14:57 . 2013-03-22 14:57	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-22 14:57 . 2013-03-22 14:57	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-22 14:57 . 2013-03-22 14:57	235008	----a-w-	c:\windows\system32\url.dll
2013-03-22 14:57 . 2013-03-22 14:57	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-22 14:57 . 2013-03-22 14:57	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-22 14:57 . 2013-03-22 14:57	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-22 14:57 . 2013-03-22 14:57	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-22 14:57 . 2013-03-22 14:57	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-22 14:57 . 2013-03-22 14:57	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-22 14:57 . 2013-03-22 14:57	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-22 14:57 . 2013-03-22 14:57	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-22 14:57 . 2013-03-22 14:57	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-22 14:57 . 2013-03-22 14:57	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-22 14:57 . 2013-03-22 14:57	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-22 14:57 . 2013-03-22 14:57	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 14:57 . 2013-03-22 14:57	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-22 14:57 . 2013-03-22 14:57	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 14:57 . 2013-03-22 14:57	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-22 14:57 . 2013-03-22 14:57	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-22 14:57 . 2013-03-22 14:57	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-22 14:57 . 2013-03-22 14:57	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-22 14:57 . 2013-03-22 14:57	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-22 14:57 . 2013-03-22 14:57	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-22 14:57 . 2013-03-22 14:57	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-22 14:57 . 2013-03-22 14:57	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-22 14:57 . 2013-03-22 14:57	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-22 14:57 . 2013-03-22 14:57	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-22 14:56 . 2013-03-22 14:56	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-22 14:56 . 2013-03-22 14:56	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-22 14:56 . 2013-03-22 14:56	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-03-22 14:56 . 2013-03-22 14:56	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-03-22 14:56 . 2013-03-22 14:56	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-22 14:56 . 2013-03-22 14:56	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-03-22 14:56 . 2013-03-22 14:56	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-03-22 14:56 . 2013-03-22 14:56	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-22 14:56 . 2013-03-22 14:56	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-22 14:56 . 2013-03-22 14:56	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-03-22 14:56 . 2013-03-22 14:56	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-03-22 14:56 . 2013-03-22 14:56	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-03-22 14:56 . 2013-03-22 14:56	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-03-22 14:56 . 2013-03-22 14:56	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-03-22 14:56 . 2013-03-22 14:56	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-03-22 14:56 . 2013-03-22 14:56	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:56 . 2013-03-22 14:56	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-03-22 14:56 . 2013-03-22 14:56	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-03-22 14:56 . 2013-03-22 14:56	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-03-22 14:56 . 2013-03-22 14:56	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-22 14:56 . 2013-03-22 14:56	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-03-22 14:56 . 2013-03-22 14:56	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-03-22 14:56 . 2013-03-22 14:56	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-03-22 14:56 . 2013-03-22 14:56	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 16:05	1722976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 16:05	1722976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 16:05	1722976	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-21 630912]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-31 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-03-02 21264]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-09 1255736]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-12-13 82048]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-12-13 42624]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys [2012-02-02 31872]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-31 28600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-22 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-21 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-31 86752]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys [2012-02-05 189760]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 193816]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-22 31000]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-10-26 102528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-10-26 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 240408]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-29 283200]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-03-08 293480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-03-10 685160]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-14 56448]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{438363A8-F486-4C37-834C-4955773CB3D3}]
msiexec [BU]
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:20]
.
2013-04-07 c:\windows\Tasks\HPCeeScheduleForDominik.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2013-04-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2409616e-9353-4977-8974-904b55fc48d4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7f45a046-cce2-4f4f-bf46-4c94381b83c6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 15:59	2325624	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 15:59	2325624	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 15:59	2325624	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\t4i65xmj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-30  22:02:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-30 20:02
.
Vor Suchlauf: 19 Verzeichnis(se), 511.867.011.072 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 513.240.260.608 Bytes frei
.
- - End Of File - - 101F9088D1A30EC7826E11D677D254EC

Dominik P · 01.05.2013, 10:01

Code:

ATTFilter

OTL logfile created on: 30.04.2013 22:38:58 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
6,74 Gb Total Physical Memory | 4,99 Gb Available Physical Memory | 74,06% Memory free
13,49 Gb Paging File | 11,29 Gb Available in Paging File | 83,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 575,53 Gb Total Space | 478,09 Gb Free Space | 83,07% Space Free | Partition Type: NTFS
Drive D: | 20,34 Gb Total Space | 2,14 Gb Free Space | 10,54% Space Free | Partition Type: NTFS
 
Computer Name: HP-PAVILION | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.28 09:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
PRC - [2013.04.01 00:44:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 00:43:49 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.01 00:43:48 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.14 16:22:48 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012.02.21 14:03:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012.02.13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
PRC - [2012.02.13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
PRC - [2011.12.11 03:48:26 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
PRC - [2011.12.11 03:48:08 | 000,875,336 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
PRC - [2011.12.11 03:47:40 | 000,148,296 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
PRC - [2011.08.26 14:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.22 02:36:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.03.21 04:30:26 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.02.22 11:55:50 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2013.04.14 09:20:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.01 00:44:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 00:43:49 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.25 23:14:04 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.14 16:22:48 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.01 20:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012.03.06 06:04:18 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012.02.13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe -- (BBSvc)
SRV - [2012.02.01 18:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.12.11 03:48:26 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2011.12.09 06:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.10 06:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.01 00:44:40 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.01 00:44:40 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.01 00:44:40 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.29 20:00:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.14 04:03:26 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.04.20 09:03:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.04.20 09:03:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.03.22 03:04:24 | 010,826,240 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.03.22 01:35:26 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.10 06:41:16 | 000,685,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.08 21:43:14 | 000,293,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012.03.06 06:04:18 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012.03.02 03:39:42 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.02 03:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 11:55:56 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012.02.22 11:55:24 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.02.05 02:30:06 | 000,189,760 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012.02.02 10:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012.02.02 05:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.02 05:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.02 05:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2012.02.02 05:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.02 05:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.02 05:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.02 05:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.01.14 14:05:54 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.12.13 14:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.12.13 14:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.12.06 13:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.10.26 21:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.10.26 21:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{451F7B95-7F9C-497F-9FCD-0D02A1D7C529}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://www.ebay.at/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{184DDCB2-CAB5-4E5E-BB29-889FE6FBD119}: "URL" = hxxp://www.mysearchresults.com/search?c=4002&t=01&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.15 21:44:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 13:39:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 21:28:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 21:28:14 | 000,000,000 | ---D | M]
 
[2013.04.02 16:56:10 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2013.04.02 16:56:18 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- \mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2013.01.09 20:10:38 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}
[2013.02.06 22:45:40 | 000,000,000 | ---D | M] (WhiteSmoke B) -- \mozilla\Firefox\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
[2013.04.15 21:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.30 21:41:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43543AB5-C1B8-414D-9F83-3F430934FD50}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.13 20:49:22 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.30 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.04.30 22:03:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.30 21:15:05 | 005,061,928 | R--- | C] (Swearware) -- C:\Users\Dominik\Desktop\ComboFix.exe
[2013.04.29 19:46:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.29 19:46:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.29 19:46:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.29 19:38:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.29 19:38:24 | 000,000,000 | ---D | C] -- \Qoobox
[2013.04.29 19:38:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.28 15:12:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.28 09:57:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2013.04.27 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\USB-Stick
[2013.04.27 10:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.27 10:30:55 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.27 10:30:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.27 10:30:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.27 10:30:48 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.21 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
[2013.04.21 12:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft
[2013.04.21 11:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.04.21 11:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodusoft ZIP Password Recovery
[2013.04.20 21:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013.04.20 20:44:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Word
[2013.04.20 20:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.20 20:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.20 20:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.20 09:32:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Weitere
[2013.04.15 21:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.14 13:33:20 | 000,025,472 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013.04.14 13:24:53 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013.04.14 11:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.14 11:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.14 11:49:30 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.14 11:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.13 22:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2013.04.13 22:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
[2013.04.13 22:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.04.13 22:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.04.13 22:07:13 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.13 22:03:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Benutzerdefinierte Office-Vorlagen
[2013.04.13 20:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.04.13 14:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2013.04.13 14:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore
[2013.04.13 13:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.12 22:35:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.12 22:35:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.12 22:35:46 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.12 22:35:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.12 22:35:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.12 22:35:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.12 22:35:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.12 22:35:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.12 22:35:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.12 22:35:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.12 22:35:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.12 22:35:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.12 22:35:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.12 22:35:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.12 22:35:40 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.12 17:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IPACS
[2013.04.11 18:33:58 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 18:33:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 18:33:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 18:33:57 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 18:33:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 18:33:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 21:39:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Battlefield 3
[2013.04.09 21:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.04.09 21:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlefield 3
[2013.04.02 16:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.04.02 16:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2013.04.02 00:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013.04.01 01:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.04.01 00:44:44 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 00:44:44 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 00:44:44 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.30 22:35:11 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 22:35:11 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 22:30:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.30 22:27:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.30 22:27:06 | 1135,632,383 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 21:41:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.30 21:15:46 | 005,061,928 | R--- | M] (Swearware) -- C:\Users\Dominik\Desktop\ComboFix.exe
[2013.04.29 20:24:00 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f45a046-cce2-4f4f-bf46-4c94381b83c6.job
[2013.04.29 19:07:08 | 000,628,743 | ---- | M] () -- C:\Users\Dominik\Desktop\adwcleaner.exe
[2013.04.28 15:12:25 | 566,474,044 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.28 14:07:05 | 000,377,856 | ---- | M] () -- C:\Users\Dominik\Desktop\gmer_2.1.19163.exe
[2013.04.28 14:05:56 | 000,377,856 | ---- | M] () -- C:\Users\Dominik\Desktop\otyzn6hj.exe
[2013.04.28 13:54:23 | 000,000,188 | ---- | M] () -- C:\Users\Dominik\defogger_reenable
[2013.04.28 10:28:47 | 000,050,477 | ---- | M] () -- C:\Users\Dominik\Desktop\Defogger.exe
[2013.04.28 09:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Desktop\OTL.exe
[2013.04.27 20:09:41 | 001,808,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.27 20:09:41 | 000,766,718 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.27 20:09:41 | 000,721,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.27 20:09:41 | 000,174,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.27 20:09:41 | 000,147,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.27 10:30:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.27 10:30:25 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.27 10:30:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.27 10:30:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.27 10:30:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.27 10:30:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.20 21:26:28 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2409616e-9353-4977-8974-904b55fc48d4.job
[2013.04.20 20:23:25 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.15 21:44:45 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.15 21:07:15 | 000,000,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.04.14 11:49:38 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.14 09:20:02 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.14 09:20:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.13 22:07:13 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.13 20:49:22 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.04.13 16:52:36 | 000,488,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 21:13:30 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.04.07 15:04:50 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDominik.job
[2013.04.02 16:55:01 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight Spielen!.lnk
[2013.04.01 00:44:40 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 00:44:40 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 00:44:40 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.29 19:46:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.29 19:46:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.29 19:46:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.29 19:46:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.29 19:46:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.29 19:07:02 | 000,628,743 | ---- | C] () -- C:\Users\Dominik\Desktop\adwcleaner.exe
[2013.04.28 15:12:25 | 566,474,044 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.28 14:07:04 | 000,377,856 | ---- | C] () -- C:\Users\Dominik\Desktop\gmer_2.1.19163.exe
[2013.04.28 14:05:52 | 000,377,856 | ---- | C] () -- C:\Users\Dominik\Desktop\otyzn6hj.exe
[2013.04.28 13:54:23 | 000,000,188 | ---- | C] () -- C:\Users\Dominik\defogger_reenable
[2013.04.28 10:28:46 | 000,050,477 | ---- | C] () -- C:\Users\Dominik\Desktop\Defogger.exe
[2013.04.20 20:24:11 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f45a046-cce2-4f4f-bf46-4c94381b83c6.job
[2013.04.20 20:24:11 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2409616e-9353-4977-8974-904b55fc48d4.job
[2013.04.20 20:23:25 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.15 21:44:45 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.15 21:44:45 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.15 21:07:15 | 000,000,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.04.14 11:49:39 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.14 11:49:38 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.13 20:49:22 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.04.13 20:49:22 | 000,000,000 | ---- | C] () -- \autoexec.bat
[2013.04.13 14:05:19 | 000,001,079 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.09 21:13:30 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.04.02 16:55:01 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight Spielen!.lnk
[2013.04.02 00:55:35 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDominik.job
[2013.03.23 22:57:35 | 000,007,620 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Resmon.ResmonCfg
[2013.02.17 12:23:08 | 000,000,306 | RHS- | C] () -- C:\Users\Dominik\ntuser.pol
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.10.14 16:22:50 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.14 16:22:48 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.08 15:28:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012.07.14 04:30:00 | 1135,632,383 | -HS- | C] () -- \hiberfil.sys
[2012.07.14 04:14:10 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012.07.14 04:12:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.14 04:10:19 | 001,824,324 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.22 01:58:00 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.22 01:58:00 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.21 05:00:38 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.02.09 14:42:58 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2007.01.02 03:25:08 | 000,383,786 | RHS- | C] () -- \bootmgr_
[2007.01.02 03:25:08 | 000,383,786 | RHS- | C] () -- \bootmgr
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 30.04.2013 22:38:58 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
6,74 Gb Total Physical Memory | 4,99 Gb Available Physical Memory | 74,06% Memory free
13,49 Gb Paging File | 11,29 Gb Available in Paging File | 83,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 575,53 Gb Total Space | 478,09 Gb Free Space | 83,07% Space Free | Partition Type: NTFS
Drive D: | 20,34 Gb Total Space | 2,14 Gb Free Space | 10,54% Space Free | Partition Type: NTFS
 
Computer Name: HP-PAVILION | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0943197F-87B2-476A-8593-C47835E15BD4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{25E3A853-14BC-404D-8CB9-BC303E0C5264}" = rport=138 | protocol=17 | dir=out | app=system | 
"{291872F9-2C0C-44A2-A0A7-B54C988286A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2F9E8FB9-7817-4B96-8D1F-054E6707AECE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4C885C03-AE0A-4CDD-84D2-3E376CD09C07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{64CABA6F-C281-4E49-B97D-C43D732A5C34}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B3E80C8-E55E-46E0-83BC-01CB9C40AE15}" = rport=445 | protocol=6 | dir=out | app=system | 
"{730AF4DD-961F-44AE-8C68-D5BD893AC626}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{743A0A12-7B2C-44A3-BD25-5D280D3EC133}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{751AC82B-D60B-4CC4-8A40-8DF122409DD1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{761E8CC7-8264-4759-88AF-FF7703215624}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81AB383F-B88F-47EA-B370-79AB0FFEE152}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{88451B0A-A4CA-4984-83CD-B96CCAF49D6C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8C301A01-A36C-472C-A5EF-DA9EF297F00A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8CEC695B-9954-4E6C-9919-FCD0617B6813}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{97E93214-8FCA-449A-AE76-A092C9D0F0BD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A4BDE87C-51C8-4C6F-AC88-61A35967826D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A931FE18-609D-416A-9709-350DC9452878}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ACDBFA92-4FAB-41B2-80F0-A0EC0055C477}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AE174549-D387-40A3-9371-CBFBDC569062}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE7EAAD8-BECC-417A-B533-ACF3B52F0BA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C16C54A9-1D5A-4260-88F8-B7E4C78FAE2D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC2A3898-6708-4E60-959E-0758B2621E17}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F18CA351-645D-4CF1-9CD3-ED0A65E7F55F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{F20A499F-01BD-4714-A862-C03D059D6E73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DDA80F-8E09-4E7E-8A9B-F203E57EB8CD}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{0958F0C1-B163-4135-9E08-DF48B9F860D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{154A5F3A-3B65-4A13-9E70-38CE95BA5F95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19966C3A-ADB3-452C-B59D-6241F88B140A}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"{1F83000F-FF01-4490-85B2-1327B1ABC191}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DD0239A-8982-4846-97E3-C5D16AC48391}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{463D1E1A-B202-4C7A-8D8F-E58763CE57D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{474FC40E-5AA3-4AB9-8587-BED6B2AC20A5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4784AD6F-6033-42D8-8E48-5E0169F9EA05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{4C909F2D-53FD-4E7D-A1A3-03F6207796B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EBFA5FF-4B46-4B03-AD8E-A0A2A1186C94}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{56C7FB21-9C8E-49BD-B36C-0204C0DAB541}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5C81E614-75C5-4CEA-9FE2-74C3695CA701}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5D3D7EFC-7DA0-4340-A86F-F6333E5CB8BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{5DD22945-A68F-4C24-8197-AEB871233826}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{64A48E56-4093-4354-829B-77D60CB1EF17}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{65C41754-865F-4B56-B1BA-3FB86C7DC0D4}" = protocol=6 | dir=out | app=system | 
"{7655D8E7-D244-42A0-9D75-403E2A6534AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{78447FD2-2DC9-4577-ACC4-A0845051DC6A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{7B4D0CA7-C870-4EC7-8D64-4F52D4AC255B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{89B8DC87-BE94-4344-99C7-2E0900C93789}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{912A2EFE-C1B5-4AC3-998C-74DA87E6F291}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{91828B49-10E0-47DA-BE6B-723792F83D61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{926C6A9E-5D67-45D4-B7AC-5AB7036138CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{967912B3-5E1D-4F3E-B0F3-54C8DE3507B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{97434F71-F4AC-4F16-BA21-BE8598179AB5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A377001D-6878-44F2-A62C-473B0F2CDCE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A4D7BD23-0EAE-41CE-9F79-A081A56BAF36}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{B30765E6-1A49-4059-B3B8-473126C12B9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{BC970FB5-B0CC-45E0-A2C0-57BFDF75F992}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C3C376F2-E958-434C-B659-F9D15C79AF96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C67FB0E1-F739-4FD2-B0E1-36E5B673CCD4}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"{D02B0C2B-A464-4714-AF27-DA85CA54713B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D38A2484-49C9-4F58-AB4D-D0EFC3222A8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3FE71C1-8894-4463-9D62-CDAB250DFBB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1AE912F-B3F3-42AA-9253-000577DD3CE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9E73AC2-DAC5-4EE1-B988-CF46CB05E310}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA30E839-7AE0-4084-B0F3-5C942E5B81FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FCE0C0A8-D53E-423C-B621-C9FC36AA9BE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{FD56B601-66C8-46BB-BBF1-BD793FAF4EDE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"TCP Query User{02169AC6-F2DB-49F3-851D-AC3F5F803717}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{22818B54-B974-413C-8035-F1A73C118FD0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{477172B4-400D-4B64-A9B1-8EC7DE70B11C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8233A9F6-8528-42B8-B440-13FA0A9C4229}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{C70192D7-E68F-435E-82D1-AFCC6F555BD9}C:\users\dominik\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{D85917C9-4326-4EC3-BC0B-32D0AF98DD2A}C:\users\dominik\downloads\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe | 
"UDP Query User{329B19EF-6A48-423B-8FCD-141C173A5B03}C:\users\dominik\downloads\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe | 
"UDP Query User{6E8C3D27-2B35-42C3-B5BD-2FF703586FF3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{875E8F6E-47CA-41C4-8B6A-599EFC82E477}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{ABA89FB6-7E38-4CC4-AEF7-6F0544B13D02}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{C3B0EAC5-BDB0-4072-BE99-A5AD933A5183}C:\users\dominik\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{CED92DB7-53C7-42A0-BD7B-C447A0F574B6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{42719DC3-4982-47DD-B025-B21C4BDD504D}" = HP Security Assistant
"{45CDE0AD-D3D0-CC52-188B-3E7CF54B6D5E}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In 
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{802E2347-A395-8BAA-2F30-3F01AD755DC5}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0017-0407-1000-0000000FF1CE}" = Microsoft SharePoint Designer MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0100-0407-1000-0000000FF1CE}" = Microsoft Office O MUI (German) 2013
"{90150000-0101-0407-1000-0000000FF1CE}" = Microsoft X MUI (German) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B94134E-A125-4D06-ACBE-50747148E406}" = HP 3D DriveGuard
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{A71D708F-C3C4-DA1A-5D89-065A67405855}" = AMD Fuel
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8360C56-B89D-47AA-91A5-8D27A20844FB}" = Validity WBF DDK
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DB8F3717-56A7-AA87-3324-4CEAB9C7964E}" = AMD Catalyst Install Manager
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office15.OMUI.de-de" = Microsoft Office Language Pack 2013  - German/Deutsch
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05030E18-2F7B-7E99-7DD2-0F8F31F21645}" = CCC Help Czech
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08C2FB57-3966-4948-5717-5691D1044C78}" = CCC Help Korean
"{0A7F4FE9-7D04-5903-8146-DC1C98362795}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED41906-21A4-541A-07E2-41536DD8B0E1}" = CCC Help German
"{148B4E77-3527-2E7F-D27F-000B7509A129}" = CCC Help Polish
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E445925-273D-4186-88A0-B8D1B6B119E2}" = WRC FIA World Rally Championship
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2421616B-ECE9-D483-1C64-5A9BC07350F2}" = CCC Help Finnish
"{26367B43-D1A5-44D9-B78A-21F711FE6FBD}" = Solid Edge Standard Parts Administrator
"{26429824-956A-87A1-EA4B-18374A66544E}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31BF9CD1-A904-43B5-A236-53E5E908AD0E}" = Catalyst Control Center - Branding
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{364EE3EF-0DB6-1AD9-2D94-FAF6A7E770BD}" = CCC Help Thai
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{440D848A-89C1-47D6-81FA-53FBE48E9F11}" = Solid Edge Standard Parts Machinery Library
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4F34A145-8CF3-400C-B5DB-2B1BF604304D}" = ESU for Microsoft Windows 7 SP1
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5CA575E6-97CA-95F8-4249-B21BC9814B40}" = CCC Help Greek
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65F341BE-24DD-91E8-DE25-C7ABA916AE11}" = CCC Help Swedish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BADDD61-4B40-4FD1-BAE8-0E8C1E85F806}" = Solid Edge ST4
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77C9D1A1-063D-7D01-FB6A-095B378F7374}" = CCC Help Dutch
"{816B1968-E677-D558-5B4A-35BED09EAA49}" = CCC Help Spanish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8AE92F96-3EA4-3BD7-DA1E-04D7C3CDD80C}" = CCC Help English
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8CFF63D9-0134-1599-ED1F-1431ACE44720}" = Catalyst Control Center Graphics Previews Common
"{8D08AEB8-67F3-A1F5-A3FE-26B03EBCF60C}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92E50540-286A-C034-0B88-E471FE4A7757}" = CCC Help Portuguese
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95754D41-3214-3C7F-B1D1-7BFC6A927D39}" = CCC Help Danish
"{97F8542B-15ED-5060-844A-620579138CAE}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C865AE6-E19E-14C0-5F78-E1B068E0A49F}" = CCC Help Hungarian
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A63C4DDA-3C6B-1714-5928-8EAF5F17CB75}" = CCC Help Russian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF92961E-E652-3990-B083-30A8552C05B7}" = Catalyst Control Center InstallProxy
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4DD53DE-A733-EFD3-5881-C54CA99B0B08}" = CCC Help Japanese
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6E3F2A0-DDBB-4F0A-BA7C-09138605DDAC}" = WRC FIA World Rally Championship
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C0B6930B-37FC-21B4-C68A-6EAC96DC8DC0}" = AMD VISION Engine Control Center
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4141120-2C75-D4D0-0FB7-0FA0756BA20B}" = CCC Help Turkish
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7735C10-89B2-02A9-E69D-2CEF7EC553DE}" = CCC Help French
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CCD707F4-3312-73F0-970E-69AB643BC9C9}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DCD01638-C22B-4AA1-ACCE-1C7150B02076}" = HP Software Framework
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlefield 3_is1" = 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"GPL Ghostscript 9.06" = GPL Ghostscript
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WTA-0dfd8de2-aff5-4682-9717-ff5604e1b1cd" = Virtual Villagers 4 - The Tree of Life
"WTA-1205ceb2-6a6c-44b6-959f-ef4feae4588b" = Jewel Match 3
"WTA-19ffeb5f-d270-494b-87ea-7b100bc40c3f" = Cradle of Rome 2
"WTA-1c3cd625-f6b2-4154-a893-0ec1984c65b8" = Cake Mania
"WTA-25a99557-beab-4d8f-be69-e91ac98c7cae" = Farm Frenzy
"WTA-2b5e2265-6a38-44ed-9778-86d933c62da0" = Mahjongg Artifacts
"WTA-59a8606c-ba86-4029-83c6-8467a47658de" = Virtual Families
"WTA-6a8f9244-ed61-4c8d-bc74-30161297ff73" = Insaniquarium Deluxe
"WTA-7cb0007d-214c-4378-a6a7-191705d7ba5a" = Farmscapes
"WTA-8b57f80b-7714-4a86-afab-dcb5d3abc8a0" = Mystery of Mortlake Mansion
"WTA-92a21a35-565f-4291-9f8b-71e358a033eb" = Jewel Quest II
"WTA-9520dfbf-0a19-493e-adc3-f94492d37163" = Fishdom (TM) 2
"WTA-9adea169-7af7-449f-9e54-8db687bf1583" = Torchlight
"WTA-9f62f87c-1227-4765-85b6-f6fa507ab1d2" = Jewel Quest Solitaire 2
"WTA-aa634290-02a6-46bc-a15a-cc8e0169fec1" = Chuzzle Deluxe
"WTA-b9df55ae-a659-4c88-a10b-4e82fa218f71" = Wedding Dash
"WTA-d6dea5b3-608d-439b-8eb2-b446b45e76d7" = Bejeweled 3
"WTA-ddaa0dd4-d24e-44c6-b573-a355f4d9f414" = Zuma's Revenge
"WTA-e41007b6-06bf-41bd-a4a1-7ca777312a10" = Final Drive Fury
"WTA-f995e003-b85c-45d6-97ef-cf4cae64c003" = Plants vs. Zombies - Game of the Year
"WTA-fbb5f945-de6e-4afb-a0a8-ad41a61ad7c4" = Polar Bowler
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2013 15:37:09 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.04.2013 15:41:05 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.04.2013 15:42:17 | Computer Name = Hp-Pavilion | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Updater.exe, Version: 1.1.3.7, Zeitstempel:
 0x515c537c  Name des fehlerhaften Moduls: Updater.exe, Version: 1.1.3.7, Zeitstempel:
 0x515c537c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000024f5  ID des fehlerhaften Prozesses:
 0xb5c  Startzeit der fehlerhaften Anwendung: 0x01ce3a111ced08ce  Pfad der fehlerhaften
 Anwendung: C:\Users\Dominik\AppData\Local\SwvUpdater\Updater.exe  Pfad des fehlerhaften
 Moduls: C:\Users\Dominik\AppData\Local\SwvUpdater\Updater.exe  Berichtskennung: 941e50ab-a604-11e2-95fb-08edb9eb98b8
 
Error - 17.04.2013 12:12:27 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2013 13:18:26 | Computer Name = Hp-Pavilion | Source = Application Hang | ID = 1002
Description = Programm AVSCAN.EXE, Version 13.6.0.986 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 18c0    Startzeit:
 01ce3b86afbfd389    Endzeit: 60000    Anwendungspfad: C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR
 DESKTOP\AVSCAN.EXE    Berichts-ID: a653da8e-a782-11e2-99e5-08edb9eb98b8  
 
Error - 19.04.2013 09:45:43 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 03:30:09 | Computer Name = Hp-Pavilion | Source = SDFSSvc.exe | ID = 0
Description = 
 
Error - 20.04.2013 03:30:19 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 13:30:39 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 14:18:47 | Computer Name = Hp-Pavilion | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 20.02.2013 05:02:16 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 10:02:16 - Fehler beim Herstellen der Internetverbindung.  10:02:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.03.2013 15:04:56 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 20:04:56 - Fehler beim Herstellen der Internetverbindung.  20:04:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.03.2013 10:34:47 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 15:34:47 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 21.03.2013 15:53:05 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 20:53:05 - Fehler beim Herstellen der Internetverbindung.  20:53:05 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.03.2013 10:02:43 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 15:02:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 23.03.2013 11:14:43 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 16:14:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 24.03.2013 09:00:13 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 14:00:13 - Fehler beim Herstellen der Internetverbindung.  14:00:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.03.2013 09:06:28 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 14:06:28 - Fehler beim Herstellen der Internetverbindung.  14:06:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.03.2013 09:06:37 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 14:06:33 - Fehler beim Herstellen der Internetverbindung.  14:06:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.04.2013 08:53:43 | Computer Name = Hp-Pavilion | Source = MCUpdate | ID = 0
Description = 14:53:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ System Events ]
Error - 22.03.2013 14:20:54 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 22.03.2013 14:20:56 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 22.03.2013 17:54:08 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 23.03.2013 06:23:42 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10005
Description = 
 
Error - 23.03.2013 06:23:42 | Computer Name = Hp-Pavilion | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 23.03.2013 06:23:42 | Computer Name = Hp-Pavilion | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 23.03.2013 06:25:04 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 23.03.2013 06:28:06 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
Error - 23.03.2013 12:51:37 | Computer Name = Hp-Pavilion | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 23.03.2013 16:47:07 | Computer Name = Hp-Pavilion | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 10:23 on 01/05/2013 by Dominik
Administrator - Elevation successful

========== filefind ==========

Searching for "*eSafe*"
No files found.

Searching for "*Media Finder*"
No files found.

Searching for "*PutLockerDownloader*"
No files found.

Searching for "*SwvUpdater*"
No files found.

Searching for "*OpenCandy*"
No files found.

Searching for "*DefaultTab*"
No files found.

Searching for "*Softonic*"
No files found.

Searching for "*AmiUpd*"
No files found.

Searching for "*snap.do*"
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Toolbar.Snap.do-0000.zip	--a---- 2316 bytes	[19:29 22/04/2013]	[19:29 22/04/2013] B1A71AFEC380B4129389BF8C3DB7AF3E
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Toolbar.Snap.do-0001.zip	--a---- 2014 bytes	[20:42 26/04/2013]	[20:42 26/04/2013] 177651D7A9D1975C6BADFFE0CFDBDBD8
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Toolbar.Snap.do-0002.zip	--a---- 1897 bytes	[21:11 26/04/2013]	[21:11 26/04/2013] 4E4B708AEFEB7C5273031C55F6EFE823
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Toolbar.Snap.do-0003.zip	--a---- 2254 bytes	[10:36 27/04/2013]	[10:36 27/04/2013] C19C86C8009835EF30F49D4A0D55E854
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Toolbar.Snap.do-0000.zip	--a---- 2316 bytes	[19:29 22/04/2013]	[19:29 22/04/2013] B1A71AFEC380B4129389BF8C3DB7AF3E
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Toolbar.Snap.do-0001.zip	--a---- 2014 bytes	[20:42 26/04/2013]	[20:42 26/04/2013] 177651D7A9D1975C6BADFFE0CFDBDBD8
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Toolbar.Snap.do-0002.zip	--a---- 1897 bytes	[21:11 26/04/2013]	[21:11 26/04/2013] 4E4B708AEFEB7C5273031C55F6EFE823
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Toolbar.Snap.do-0003.zip	--a---- 2254 bytes	[10:36 27/04/2013]	[10:36 27/04/2013] C19C86C8009835EF30F49D4A0D55E854

Searching for "*qvo6.com*"
No files found.

========== folderfind ==========

Searching for "eSafe*"
No folders found.

Searching for "Media Finder*"
No folders found.

Searching for "PutLockerDownloader*"
No folders found.

Searching for "SwvUpdater*"
No folders found.

Searching for "OpenCandy*"
No folders found.

Searching for "DefaultTab*"
No folders found.

Searching for "Softonic*"
No folders found.

Searching for "AmiUpd*"
No folders found.

Searching for "snap.do*"
No folders found.

Searching for "qvo6.com*"
No folders found.

========== regfind ==========

Searching for "eSafe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\esafebill.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\esafetylist.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iesafetywarning.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlinesafetypage.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmadesafe.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\youriesafety.com]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\eSafeSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\eSafeSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\eSafeSvc]
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\esafebill.com]
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\esafetylist.com]
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iesafetywarning.com]
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlinesafetypage.com]
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmadesafe.com]
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\youriesafety.com]

Searching for "Media Finder"
[HKEY_CURRENT_USER\Software\Classes\MF]
@="URL:Media Finder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder]
"item"="Media Finder"
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Classes\MF]
@="URL:Media Finder"
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001_Classes\MF]
@="URL:Media Finder"

Searching for "PutLockerDownloader"
No data found.

Searching for "SwvUpdater"
No data found.

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser2F9EF5ECB54E466AA4B9C1D173A3B549]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce1CCADD6BF84547B798C291572820506D]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce20D5BF623130444E8D5E6BD0F98EBB2A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceB7BA191912984CE6B2FB4AE0D0A44BF9]

Searching for "DefaultTab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{184DDCB2-CAB5-4E5E-BB29-889FE6FBD119}]
"FaviconURL"="hxxp://assets.defaulttab.com/search_here_ie.ico"
[HKEY_CURRENT_USER\Software\PrivitizeVPNInstallDates]
"defaulttab"="190446574640"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser]
@="DefaultTab Browser Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1]
@="DefaultTab Browser Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX]
@="DefaultTabBrowserActiveX Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1]
@="DefaultTabBrowserActiveX Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D69495AF-8F32-39EE-BD96-D683D87D6A8E}\15.0.0.0]
"Class"="Microsoft.Office.Interop.Word.WdDefaultTableBehavior"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\DefaultTabBHO.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\DefaultTabUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\DefaultTabBHO.DLL]
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Internet Explorer\SearchScopes\{184DDCB2-CAB5-4E5E-BB29-889FE6FBD119}]
"FaviconURL"="hxxp://assets.defaulttab.com/search_here_ie.ico"
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\PrivitizeVPNInstallDates]
"defaulttab"="190446574640"

Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\18d38e87_0]
@="{0.0.0.00000000}.{0c28c033-1856-47ba-b160-cb17f98c2061}|\Device\HarddiskVolume2\Users\Dominik\Downloads\SoftonicDownloader_fuer_torrent-monster.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\4d213ff4_0]
@="{0.0.0.00000000}.{0c28c033-1856-47ba-b160-cb17f98c2061}|\Device\HarddiskVolume2\Users\Dominik\Downloads\SoftonicDownloader_fuer_draftsight.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\4da5eba6_0]
@="{0.0.0.00000000}.{0c28c033-1856-47ba-b160-cb17f98c2061}|\Device\HarddiskVolume2\Users\Dominik\Downloads\SoftonicDownloader_fuer_cocreate-modeling.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c7a74a3b_0]
@="{0.0.0.00000000}.{0c28c033-1856-47ba-b160-cb17f98c2061}|\Device\HarddiskVolume2\Users\Dominik\Downloads\SoftonicDownloader_fuer_autodesk-dwg-trueview.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_autodesk-dwg-trueview_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_autodesk-dwg-trueview_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cocreate-modeling_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cocreate-modeling_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_draftsight_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_draftsight_RASMANCS]
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\18d38e87_0]
@="{0.0.0.00000000}.{0c28c033-1856-47ba-b160-cb17f98c2061}|\Device\HarddiskVolume2\Users\Dominik\Downloads\SoftonicDownloader_fuer_torrent-monster.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\4d213ff4_0]
@="{0.0.0.00000000}.{0c28c033-1856-47ba-b160-cb17f98c2061}|\Device\HarddiskVolume2\Users\Dominik\Downloads\SoftonicDownloader_fuer_draftsight.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\4da5eba6_0]
@="{0.0.0.00000000}.{0c28c033-1856-47ba-b160-cb17f98c2061}|\Device\HarddiskVolume2\Users\Dominik\Downloads\SoftonicDownloader_fuer_cocreate-modeling.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2927716307-146540041-1050241088-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c7a74a3b_0]
@="{0.0.0.00000000}.{0c28c033-1856-47ba-b160-cb17f98c2061}|\Device\HarddiskVolume2\Users\Dominik\Downloads\SoftonicDownloader_fuer_autodesk-dwg-trueview.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "AmiUpd"
No data found.

Searching for "snap.do"
No data found.

Searching for "qvo6.com"
No data found.

-= EOF =-

Hier noch die letzten Logfiles

Habe noch ein paar Fragen zu der letzten Log, wo etwas von softonic downloader steht - diese habe ich sofort nach dem download gelöscht weil ich noch vor dem Öffnen im Internet rechachiert habe und dort stand das dieser viele viren mit sich bringen (und toolbars)
Habe mir vor gut einem Jahr per Softonic ein Programm heruntergeldaden, was auch überall anders gratis ist, das war ein Fehler da es die Babylon Search Toolbar beeinhaltete (sofort gelöscht)
Sind diese Reste jetzt noch hier oder muss ich ein paar Programme von Ihnen herunterladen?
Ich würde am liebsten alle diese Reste entfernen

Darf ich alle von Avira,Spybot,SuperAntiSpyware gefundenen "Infizierungen",Viren aus der Quarantäne löschen oder gibt es Risiken?

M-K-D-B · 01.05.2013, 11:21

Servus,

Zitat:

Zitat von Dominik P

Habe noch ein paar Fragen zu der letzten Log, wo etwas von softonic downloader steht - diese habe ich sofort nach dem download gelöscht weil ich noch vor dem Öffnen im Internet rechachiert habe und dort stand das dieser viele viren mit sich bringen (und toolbars)
Habe mir vor gut einem Jahr per Softonic ein Programm heruntergeldaden, was auch überall anders gratis ist, das war ein Fehler da es die Babylon Search Toolbar beeinhaltete (sofort gelöscht)
Sind diese Reste jetzt noch hier oder muss ich ein paar Programme von Ihnen herunterladen?
Ich würde am liebsten alle diese Reste entfernen

Darf ich alle von Avira,Spybot,SuperAntiSpyware gefundenen "Infizierungen",Viren aus der Quarantäne löschen oder gibt es Risiken?

Grundsätzlich die Finger von Softonic lassen, da holt man sich nur lauter Mist auf den PC.

Die Funde von Avira, Spybot und SAS kannst du aus der Quarantäne löschen.

Wir entfernen jetzt noch ein paar Reste und kontrollieren nochmal alles:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2013.04.02 16:56:18 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- \mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2013.02.06 22:45:40 | 000,000,000 | ---D | M] (WhiteSmoke B) -- \mozilla\Firefox\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:reg
[-HKEY_CURRENT_USER\Software\Classes\MF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser2F9EF5ECB54E466AA4B9C1D173A3B549]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce1CCADD6BF84547B798C291572820506D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce20D5BF623130444E8D5E6BD0F98EBB2A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceB7BA191912984CE6B2FB4AE0D0A44BF9]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{184DDCB2-CAB5-4E5E-BB29-889FE6FBD119}]

[HKEY_CURRENT_USER\Software\PrivitizeVPNInstallDates]
"defaulttab"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\DefaultTabBHO.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\DefaultTabUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\DefaultTabBHO.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_autodesk-dwg-trueview_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_autodesk-dwg-trueview_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cocreate-modeling_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cocreate-modeling_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_draftsight_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_draftsight_RASMANCS]

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Dominik P · 01.05.2013, 19:32

Hallo!!
Ich bin bereits mit Schritt 3 fertig geworden, muss jedoch morgen bis 5 in der Schule bleiben und danach bis 10 ins Training, darum kann ich die Logs erst Freitag Abend (hab auch lange Schule) hochladen

Wollte nur einmal Bescheid geben

)

M-K-D-B · 02.05.2013, 10:06

Servus,

alles klar. Vielen Dank für den Hinweis.

29.04.2013, 19:03	#6
M-K-D-B /// TB-Ausbilder	Ständig erneut gefundene (gleiche) Infizierungen Servus, fehlt noch die Logdatei von ComboFix.

02.05.2013, 10:06	#15
M-K-D-B /// TB-Ausbilder	Ständig erneut gefundene (gleiche) Infizierungen Servus, alles klar. Vielen Dank für den Hinweis.

Ständig erneut gefundene (gleiche) Infizierungen

Plagegeister aller Art und deren Bekämpfung: Ständig erneut gefundene (gleiche) Infizierungen