Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.06.2013, 13:38   #1
Pooly
 
PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Hallo zusammen,
obwohl ich kein Newbie bin habe ich mich selten dämlich angestellt!

Zuerst habe ich mir den lästigen PC Performer Manager eingefangen, wie genau kann ich nicht sagen. Als ich dann merkte, wie mein Rechner ziemlich lahmte, habe ich nach Lösungsmöglichkeiten gegoogelt und bin dabei auf das Problem PC Performer gestossen.
Doch dummerweise bin ich dabei auf verschiedenen Seiten gelandet, die alle zur Beseitigung die gleiche "einfache" Softwarelösung empfohlen haben und die bestand in Spyhunter. Dieser Spyhunter meldete bei einem Scan etliche Probleme. Erst als beim Versuch, diese Probleme zu beseitigen die Aufforderung kam, die Vollversion zu kaufen dämmerte mir, dass ich da wohl den Teufel mit dem Beelzebub austreiben wollte!

Jetzt bitte ich hier um eure Hilfe beim Beseitigen dieser lästigen Plagegeister.
Ich hoffe, ich habe die benötigten Informationen und Scans richtig laufen lassen und bekomme sie hier korrekt gepostet.

OTL.txt habe ich gezippt anhängen müssen, da die Logfiles zu groß waren.


Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 30.06.2013 02:47:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pooly\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,07% Memory free
7,96 Gb Paging File | 5,77 Gb Available in Paging File | 72,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1688,45 Gb Free Space | 93,19% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,47 Gb Free Space | 50,95% Space Free | Partition Type: NTFS
Drive E: | 1,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 931,28 Gb Total Space | 685,75 Gb Free Space | 73,63% Space Free | Partition Type: FAT32
 
Computer Name: POOLY-PC | User Name: Pooly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-239419753-1080600804-101104263-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CD6417-B9C3-45DF-B0D3-0076CC40509B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{06CA7039-7F35-4229-AB4A-89E4A45219B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0B62B67A-14BA-4569-A979-F18033F297B7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0BB604AA-9CAD-4A58-A964-EA43B321D79E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C03794C-0BA8-4B4B-B3A6-F3557C3690FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E3D509F-2AE4-4983-ACB0-ADF2F314D35C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{25422746-A780-470D-B3DA-039B85A7428D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2BCCFDAD-3DA6-4FFD-891B-7EC043E2E2E8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{311EC8F9-6669-48D3-AD8F-8624B7CB19E3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3A9D733F-5EC6-4750-BFF1-5FE5673B83A5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3BE5203E-E85E-4F56-8D24-096BBD01B687}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port | 
"{409F0B87-C049-421E-90EC-D6FB7F0D37F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4E06C5A0-DD8E-45B7-BF32-D8BAF8EF280C}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 | 
"{55C1EA9A-971E-41A9-BE0F-99CE5F0A09ED}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 | 
"{61A79E05-28AC-492A-857E-9207FB809A7B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{69F620D5-78A5-4BED-8C92-413A49B39000}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1\wnt500x64\rpcsandrasrv.exe | 
"{70AA039D-8D5E-4F35-B0BF-D95E8C752762}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{89305781-FD8A-4A9B-B260-2135CA988536}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90061D85-0A6E-493F-BCE2-ED135951BB10}" = lport=53 | protocol=6 | dir=in | name=rtldns-port | 
"{A4A04FD5-C39E-462E-8FF0-DB8AA04A26FA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BF989B9E-0B4F-4C82-AD16-92D05625C7CC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C8742CC4-CA13-4488-BC51-0B5FF2E468C1}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{CEEC5E97-F169-4A85-A433-80CAB4E35945}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D286020A-3F28-44A9-877D-AE91A55024BB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D2D728A4-B6AC-4D3D-A097-BC07E6FA1A23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4989ACE-D711-413F-B969-28B3C770E7E1}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{D752BEE1-8A60-433D-B4E6-9E718D5E51B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC30766A-B0E1-4BBC-B9C6-D0C5E205C882}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{DE918BE6-0777-4623-BEDF-4EFD36BA7F65}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DFD82233-6AB0-4DE7-9E34-463BAA0495C5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E860F687-ACF6-4A17-80D1-5BFA50B679DE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1\rpcagentsrv.exe | 
"{EB52C4AB-EDE3-418B-BFED-5FA3E01324E2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{FF7BDF46-EC69-4678-854E-C08E7D3BC198}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EAF41D-9EFE-4E65-B43D-E5C6D1210B71}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{0B8F701E-47D6-40A5-A7C5-104265D86B14}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{15BC3DB2-B386-4B26-8D62-F930643328C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1CA8CBB6-B927-4491-8374-F3DB8A8662FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1E9941FD-E724-491C-8FC8-23F8521B4D41}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2086F8C9-7636-4E9B-9A47-4ACAB9B3618D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{21F1B7B5-EF9A-4116-845B-DD9976AE42E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{28EB9F9F-9B00-44BA-AC5A-4E05BF2A81E6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{2E26B0F9-A9BF-434C-98A5-EBB6AFEB15EA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2F98984C-BCB1-436D-A90E-AC771DBB2283}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe | 
"{323B3E79-96DC-4C7E-AA47-95767F02400C}" = protocol=6 | dir=in | app=c:\ph-shop\adobe version cue cs2\bin\versioncuecs2.exe | 
"{32F3ED34-530D-46CC-8911-606122C53BF8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{357B0CC7-4D6E-43BC-B4D0-97C1E2321D87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3958A5FD-99D7-4B08-902A-9A0B3BE8AA7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3BCF67AF-AA14-416E-BD22-2C85D0D82DFD}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe | 
"{46307F7B-B9BF-4943-8897-27DE6FCF8A4C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{49183AAB-B5B6-4C3D-9F1A-CE168239E18C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4A467E52-D70F-42B6-8BA7-AAE1C79DD436}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5549D867-4091-4C32-B0E1-7BA41B938ECE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{5A8D9204-61CB-4750-BF8D-CC2CA34C1CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{6BB69473-947C-4CE3-8A3B-0D46DABA6B84}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7527C1CA-1E2D-4D4E-BD0D-E9D4DFE9E62C}" = dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe | 
"{80936326-7EFF-4C88-9C16-B69EEEAB6F70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{84EB0877-5A20-4262-B54F-9D85CDE0EE3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{853C972C-D29E-470C-A280-12CB9202D5F4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{87254A6D-091C-4A96-8520-B2784146A0FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{909FD7B5-40CD-4655-8BF0-1EED4A2B9A59}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe | 
"{97622819-7B1F-45EA-8A43-FDEBF311E4AD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A42126E2-9F15-4230-9E33-8FE9D5A5267C}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{A525D2BC-4F11-4859-97D0-F3D1F086A8E3}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{AE0C0281-F340-48D1-BDBC-9892D2E349C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AFD3C62D-CB07-46D0-931F-BAFF90B268D2}" = protocol=6 | dir=out | app=system | 
"{C61FACA3-1EC9-4D94-8283-E24BACC36A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{CEA8785F-508B-4629-8735-5CD99E2D69C4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{D072A819-748F-4316-AD0A-0E1DA81F16BB}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{D07DF7D3-201D-44FF-8B6A-93539DB49EA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5B9E6CB-6906-4710-B7FC-44FF349B1447}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{D60271B5-B482-4A25-AD29-96AE1AD4F237}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe | 
"{DB5B2BEB-A473-4EFD-8C2A-4201CC366B51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7035F7F-631E-495C-84A7-B76D692F73E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EF326660-E6E6-493A-B435-676C2FF31634}" = protocol=17 | dir=in | app=c:\ph-shop\adobe version cue cs2\bin\versioncuecs2.exe | 
"{FA27D4EF-C38B-4908-9524-6BC6F7C7B826}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FAEC80C0-196F-40D1-949B-9EFF21678BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{FEF5A4EF-3249-4589-87BF-BA46DA0EF48A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{4F1E33E4-ABAB-49F6-BB38-1C7F74BCF522}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{76917E20-BE79-4907-91DC-F74575773B32}C:\program files (x86)\milouz corp\milouz market\milouz market.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milouz corp\milouz market\milouz market.exe | 
"UDP Query User{7CF79AA5-B7EA-488F-AF02-114786186AF1}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{B22B8DF8-4EA0-4A6A-AF96-25362C535098}C:\program files (x86)\milouz corp\milouz market\milouz market.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milouz corp\milouz market\milouz market.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Process_Hacker2_is1" = Process Hacker 2.30 (r5267)
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11 WM Edition
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1AD2EC5E-9A73-452B-8C87-43D2E32C3831}" = Fritz11 WM Edition
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{36A19DE0-7C35-41E3-9BA6-DB85C74B3021}" = SlimDrivers
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 12 Free
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{875FD277-1D33-4321-BDD8-5D776DE81117}" = Windows Internet Explorer 10
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AD1C7ACE-30DC-4107-B6A7-9495D12DC846}" = TinEye Internet Explorer plugin 1.2
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BD528233-D102-4CA6-93AB-EE4FE4941C37}" = Milouz Market
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C7A8AA10-B632-42F8-9F57-A16FDCE0601E}" = Clock Screen Saver
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CF652E2D-6128-49E9-833E-F131C4FC42CA}" = ChessBase 10
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D5B11428-F4C4-4FC2-AF89-4D2163BD1D28}" = ChessBase 10
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Ashampoo WinOptimizer 2012_is1" = Ashampoo WinOptimizer 2012 v.8.1.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"BurnAware Free_is1" = BurnAware Free 6.3
"CBReader " = CBReader 
"EdenCity Download" = EdenCity Download
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"Google Chrome" = Google Chrome
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Kill-ID für Chrome_is1" = Kill-ID 1.2.4.0 für Chrome
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Full)
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myMugle3.0.0.0" = myMugle
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PlayChess" = PlayChess 
"Sim AQUARIUM 2_is1" = Sim AQUARIUM 2
"SopCast" = SopCast 3.5.0
"TeamViewer 7" = TeamViewer 7
"tvbrowser" = TV-Browser 3.3a
"Visual Subst" = Visual Subst
"VLC media player" = VLC media player 2.0.7
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-239419753-1080600804-101104263-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2013 11:38:30 | Computer Name = Pooly-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 05.02.2013 11:38:30 | Computer Name = Pooly-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 05.02.2013 11:38:30 | Computer Name = Pooly-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 05.02.2013 11:38:30 | Computer Name = Pooly-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 05.02.2013 18:06:12 | Computer Name = Pooly-PC | Source = Application Hang | ID = 1002
Description = Programm ChessProgram11.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f64    Startzeit: 01ce03b7fc6845d8    Endzeit: 16    Anwendungspfad: 
C:\Program Files (x86)\ChessBase\ChessProgram11\ChessProgram11.exe    Berichts-ID:   
 
Error - 15.02.2013 09:57:29 | Computer Name = Pooly-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.584 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 112c    Startzeit:
 01ce0b7da0650271    Endzeit: 60000    Anwendungspfad: c:\program files (x86)\avira\antivir
 desktop\avscan.exe    Berichts-ID: 78a32c48-7777-11e2-b5bd-8c89a56d6f00  
 
Error - 15.02.2013 13:05:09 | Computer Name = Pooly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 15.02.2013 13:05:09 | Computer Name = Pooly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 16.02.2013 09:51:58 | Computer Name = Pooly-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Pooly\Downloads\SoftonicDownloader_fuer_cat-licking-screensaver.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 19.02.2013 15:55:00 | Computer Name = Pooly-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.584 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d5c    Startzeit: 
01ce0ed59e9dd08d    Endzeit: 54070    Anwendungspfad: C:\program files (x86)\avira\antivir
 desktop\avscan.exe    Berichts-ID: 1b3a6b75-7ace-11e2-9fa4-742f68a87d52  
 
[ Media Center Events ]
Error - 29.06.2013 07:44:31 | Computer Name = Pooly-PC | Source = MCUpdate | ID = 0
Description = 13:44:25 - Fehler beim Herstellen der Internetverbindung.  13:44:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 28.06.2013 05:45:28 | Computer Name = Pooly-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 28.06.2013 19:25:06 | Computer Name = Pooly-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.06.2013 07:43:52 | Computer Name = Pooly-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 29.06.2013 07:43:52 | Computer Name = Pooly-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 29.06.2013 12:09:00 | Computer Name = Pooly-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Realtek11nSU erreicht.
 
Error - 29.06.2013 12:11:21 | Computer Name = Pooly-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 29.06.2013 12:11:21 | Computer Name = Pooly-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 29.06.2013 15:05:19 | Computer Name = Pooly-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.06.2013 15:09:04 | Computer Name = Pooly-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 29.06.2013 15:09:04 | Computer Name = Pooly-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
Gmer.txt:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-30 13:41:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST2000DL rev.CC45 1863,02GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Pooly\AppData\Local\Temp\kwdoapod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                  fffff80003806000 63 bytes [00, 00, 21, 02, 41, 4C, 50, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624                                                                                                  fffff80003806040 1 byte [08]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                             0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                         0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!free                                                                    0000000075ad9894 5 bytes JMP 000000010a90d2d0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!malloc                                                                  0000000075ad9cee 5 bytes JMP 000000010a90d230
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z                                                            0000000075adb0b9 5 bytes JMP 000000010a90d2d0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z                                                            0000000075adb0c9 5 bytes JMP 000000010a90d480
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!realloc                                                                 0000000075adb10d 5 bytes JMP 000000010a90d2b0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!calloc                                                                  0000000075adc456 5 bytes JMP 000000010a90d270
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_msize                                                                  0000000075adf43b 5 bytes JMP 000000010a90d2e0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_aligned_free                                                           0000000075af5942 5 bytes JMP 000000010a90d2d0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc                                                         0000000075b0028d 5 bytes JMP 000000010a90d3c0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc                                                  0000000075b002a9 5 bytes JMP 000000010a90d3e0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z                                      0000000075b2bfd1 5 bytes JMP 000000010a90d500
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc                                                 0000000075b2bfe1 5 bytes JMP 000000010a90d420
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc                                                        0000000075b2c16b 5 bytes JMP 000000010a90d400
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_expand                                                                 0000000075b2c18a 5 bytes JMP 000000010a90d3a0
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_heapadd                                                                0000000075b2dd03 5 bytes JMP 000000010a90d550
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_heapchk                                                                0000000075b2dd17 5 bytes JMP 000000010a90d560
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_heapset + 1                                                            0000000075b2de16 4 bytes {JMP 0xffffffff94ddf76b}
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_heapmin                                                                0000000075b2de1f 5 bytes JMP 000000010a90d650
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_heapused                                                               0000000075b2df05 5 bytes JMP 000000010a90d620
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\msvcrt.dll!_heapwalk                                                               0000000075b2df18 5 bytes JMP 000000010a90d590
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                00000000753e1465 2 bytes [3E, 75]
.text     C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                   0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe[1544] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000753e1465 2 bytes [3E, 75]
.text     C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\PDF Architect\HelperService.exe[2052] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                         0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\PDF Architect\HelperService.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\PDF Architect\HelperService.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\PDF Architect\ConversionService.exe[2192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                     0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\PDF Architect\ConversionService.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\PDF Architect\ConversionService.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2232] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                  0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000753e1465 2 bytes [3E, 75]
.text     c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe[2260] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                     0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2332] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                 0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Ph-Shop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2456] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                               0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Ph-Shop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      00000000753e1465 2 bytes [3E, 75]
.text     C:\Ph-Shop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[2772] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                              0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2816] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2992] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe[3136] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000753e1465 2 bytes [3E, 75]
.text     C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[3716] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                         0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[1344] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                   0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2228] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                        0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3692] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                          000000007734000c 1 byte [C3]
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3692] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                     00000000773cf85a 5 bytes JMP 000000017737d571
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3692] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                       0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1036] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                        0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Google\Drive\googledrivesync.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4404] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                  0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[4428] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                            0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   00000000753e1465 2 bytes [3E, 75]
.text     C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4596] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                               0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4604] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                  0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4616] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                          0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5804] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                            0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                 0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4028] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                 0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        00000000753e1465 2 bytes [3E, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2
.text     C:\Users\Pooly\Downloads\gmer_2.1.19163.exe[528] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                     0000000075c0cfca 5 bytes JMP 00000001749b4bb0
.text     C:\Users\Pooly\Downloads\gmer_2.1.19163.exe[528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            00000000753e1465 2 bytes [3E, 75]
.text     C:\Users\Pooly\Downloads\gmer_2.1.19163.exe[528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                           00000000753e14bb 2 bytes [3E, 75]
.text     ...                                                                                                                                                                 * 2

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                               unknown MBR code

---- Files - GMER 2.1 ----

File      C:\Users\Pooly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E6DG1NM\clients[1].txt                                                         0 bytes

---- EOF - GMER 2.1 ----
         

Danke schon mal im Voraus für eure Hilfe!

Alt 30.06.2013, 14:30   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 30.06.2013, 15:05   #3
Pooly
 
PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Hi Schrauber,
danke dass du mir hilfst!

Hier FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Pooly (administrator) on 30-06-2013 15:47:13
Running from C:\Users\Pooly\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Ph-Shop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Sytems Incorporated) C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2000-01-01] (Realtek Semiconductor)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Process Hacker 2] "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide [1415680 2013-01-14] (wj32)
HKCU\...\Run: [Visual Subst] "C:\Program Files (x86)\Visual Subst\VSubst.exe" /startup [139672 2008-02-02] (NTWind Software)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3642312 2013-05-16] (Safer-Networking Ltd.)
MountPoints2: {640148b8-7dad-11e2-b462-8c89a56d6f00} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
MountPoints2: {aa99d9ff-c936-11e1-90fb-806e6f6e6963} - E:\Setup.exe
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Sarah\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin [x]
HKU\UpdatusUser\...\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\UpdatusUser\...\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
AppInit_DLLs-x32: c:\progra~3\pcperf~1\261339~1.144\{61d8b~1\pcpmngr.dll  [2521552 2013-06-03] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default
FF user.js: detected! => C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\user.js
FF Homepage: hxxp://www.yahoo.de/
FF NetworkProxy: "no_proxies_on", "fritz.box"
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\fb_add_on@avm.de
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\ich@maltegoetz.de
FF Extension: Flagfox - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: images - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\images@snark.co.il.xpi
FF Extension: personas - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\personas@christopher.beard.xpi
FF Extension: tineye - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome: 
=======
CHR HomePage: hxxp://de.yahoo.com/
CHR RestoreOnStartup: "hxxp://www.yahoo.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.0.147) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Search by Image for Google\u2122) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdigejhabbnmfbbebmchkkjhcdjmeli\1.2_0
CHR Extension: (Google Drive) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Brushed) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0
CHR Extension: (YouTube) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search by Image (by Google)) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0
CHR Extension: (Gantter for Google Drive) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo\4.0.1_0
CHR Extension: (Forecastfox) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0
CHR Extension: (TicoYoutube Downloader) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnbiapfcobgpmcebclkhkdfdnkdchjp\0.1_0
CHR Extension: (Google Maps) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.8_0
CHR Extension: (Gmail) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-17] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PC Performer Manager; C:\ProgramData\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe [3085264 2013-06-03] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [95896 2008-12-06] (SiSoftware)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-07-07] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-06-18] ()
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-09-13] (ZTE Incorporated)
U3 DfSdkS; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S1 kkavmlpb; \??\C:\Windows\system32\drivers\kkavmlpb.sys [x]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 15:47 - 2013-06-30 15:47 - 00000000 ____D C:\FRST
2013-06-30 15:45 - 2013-06-30 15:45 - 00001130 ____A C:\Users\Pooly\Desktop\FRST64 - Verknüpfung.lnk
2013-06-30 15:42 - 2013-06-30 15:43 - 01933592 ____A (Farbar) C:\Users\Pooly\Downloads\FRST64.exe
2013-06-30 14:30 - 2013-06-30 14:30 - 00016590 ____A C:\Users\Pooly\Downloads\OTL.zip
2013-06-30 13:41 - 2013-06-30 13:41 - 00029038 ____A C:\Users\Pooly\Desktop\gmer.txt
2013-06-30 03:30 - 2013-06-30 03:30 - 734114243 ____A C:\Windows\MEMORY.DMP
2013-06-30 03:30 - 2013-06-30 03:30 - 00293136 ____A C:\Windows\Minidump\063013-23431-01.dmp
2013-06-30 03:30 - 2013-06-30 03:30 - 00000000 ____D C:\Windows\Minidump
2013-06-30 02:56 - 2013-06-30 02:56 - 00089942 ____A C:\Users\Pooly\Downloads\Extras.Txt
2013-06-30 02:55 - 2013-06-30 03:00 - 00123378 ____A C:\Users\Pooly\Downloads\OTL.Txt
2013-06-30 02:40 - 2013-06-30 02:40 - 00000472 ____A C:\Users\Pooly\Downloads\defogger_disable.log
2013-06-30 02:40 - 2013-06-30 02:40 - 00000000 ____A C:\Users\Pooly\defogger_reenable
2013-06-30 01:54 - 2013-06-30 03:24 - 00001517 ____A C:\Users\Pooly\Desktop\gmer_2.1.19163 - Verknüpfung.lnk
2013-06-30 01:54 - 2013-06-30 01:54 - 00377856 ____A C:\Users\Pooly\Downloads\gmer_2.1.19163.exe
2013-06-30 01:52 - 2013-06-30 02:46 - 00001412 ____A C:\Users\Pooly\Desktop\OTL - Verknüpfung.lnk
2013-06-30 01:52 - 2013-06-30 01:52 - 00602112 ____A (OldTimer Tools) C:\Users\Pooly\Downloads\OTL.exe
2013-06-30 01:50 - 2013-06-30 02:39 - 00001064 ____A C:\Users\Pooly\Desktop\Defogger - Verknüpfung.lnk
2013-06-30 01:49 - 2013-06-30 01:49 - 00050477 ____A C:\Users\Pooly\Downloads\Defogger.exe
2013-06-29 18:08 - 2013-06-30 13:53 - 00000280 ____A C:\Windows\setupact.log
2013-06-29 18:08 - 2013-06-29 18:08 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 17:58 - 2013-06-29 17:58 - 00001298 ____A C:\Users\Pooly\Documents\cc_20130629_175824.reg
2013-06-29 17:51 - 2013-06-29 17:52 - 04396440 ____A (Piriform Ltd) C:\Users\Pooly\Downloads\ccsetup403.exe
2013-06-29 15:23 - 2013-06-29 15:23 - 00000000 ____A C:\autoexec.bat
2013-06-29 15:22 - 2013-06-29 15:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 15:21 - 2013-06-29 18:03 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-29 14:54 - 2013-06-29 14:54 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Pooly\Downloads\SpyHunter-Installer.exe
2013-06-28 14:12 - 2013-06-28 14:12 - 00000439 ____A C:\Users\Pooly\Downloads\Landesliga Nord.ini
2013-06-28 12:53 - 2013-06-28 14:12 - 00001448 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgi
2013-06-28 12:52 - 2013-06-28 12:52 - 00272117 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgn
2013-06-28 12:48 - 2013-06-28 12:48 - 00329804 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cib
2013-06-28 12:48 - 2013-06-28 12:48 - 00031852 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cit
2013-06-28 12:47 - 2013-06-28 12:47 - 00186316 ____A C:\Users\Pooly\Downloads\GES_LGA op.cib
2013-06-28 12:47 - 2013-06-28 12:47 - 00023932 ____A C:\Users\Pooly\Downloads\GES_LGA op.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00202700 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00063500 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00025492 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00013852 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cit
2013-06-28 12:45 - 2013-06-28 12:45 - 00151372 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cib
2013-06-28 12:45 - 2013-06-28 12:45 - 00023612 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00203404 ____A C:\Users\Pooly\Downloads\mfr_em.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00025292 ____A C:\Users\Pooly\Downloads\mfr_em.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00006540 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00003212 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00286988 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00033132 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00005132 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00001212 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cit
2013-06-28 01:22 - 2013-06-28 01:22 - 01491980 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cib
2013-06-28 01:22 - 2013-06-28 01:22 - 00140852 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cit
2013-06-27 11:25 - 2013-06-27 11:25 - 02828552 ____A (AVAST Software) C:\Users\Pooly\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-22 16:23 - 2013-06-22 16:23 - 00000000 ____D C:\Users\Pooly\Documents\Fax
2013-06-21 09:56 - 2013-06-21 10:25 - 00000363 ____A C:\Users\Pooly\AppData\Roaming\burnaware.ini
2013-06-21 09:37 - 2013-06-21 09:37 - 00001058 ____A C:\Users\Public\Desktop\BurnAware Free.lnk
2013-06-21 09:37 - 2013-06-21 09:37 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-06-21 09:34 - 2013-06-21 09:34 - 11554288 ____A (Burnaware                                                   ) C:\Users\Pooly\Downloads\burnaware_free(1).exe
2013-06-20 19:23 - 2013-06-20 19:23 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 19:23 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-20 19:23 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-20 19:23 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-20 19:23 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 20:57 - 2013-06-19 20:57 - 00014336 ____A C:\Users\Pooly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 20:20 - 2013-06-19 20:20 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-18 17:15 - 2013-06-18 17:15 - 00001042 ____A C:\Users\Pooly\Documents\cc_20130618_171551.reg
2013-06-18 17:01 - 2013-06-19 10:17 - 00000000 ____D C:\ProgramData\PC Performer Manager
2013-06-18 17:01 - 2013-06-18 17:01 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-06-18 13:29 - 2013-06-18 13:29 - 00000000 ____D C:\Users\Pooly\AppData\Local\Apps\2.0
2013-06-15 09:57 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 09:57 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 09:57 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 09:57 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 09:57 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:27 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 01:27 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:27 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:27 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 01:27 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 01:26 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:26 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:26 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:26 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:26 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:26 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:04 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:04 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:04 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:04 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:04 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:04 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:04 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:04 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:04 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:04 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:04 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:04 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:04 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:14 - 2013-06-11 20:14 - 00006265 ____A C:\Users\Leonie.Pooly-PC.000\Documents\Renaissance.odt
2013-06-06 10:22 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130606-102242.backup
2013-06-06 09:54 - 2013-06-29 21:02 - 00002210 ____A C:\Windows\wininit.ini
2013-06-06 09:20 - 2013-06-06 09:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-06 09:20 - 2013-06-06 09:20 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-06-06 09:20 - 2013-06-06 09:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-06 09:20 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-06-06 09:17 - 2013-06-06 09:18 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\Pooly\Downloads\spybot-2.1.exe
2013-06-05 10:24 - 2013-06-05 10:25 - 00013018 ____A C:\Users\Pooly\Documents\cc_20130605_102455.reg
2013-06-05 00:50 - 2013-06-05 00:51 - 00002613 ____A C:\Users\Public\Desktop\Milouz Market.lnk
2013-06-05 00:50 - 2013-06-05 00:50 - 00000000 ____D C:\Program Files (x86)\Milouz Corp
2013-06-05 00:49 - 2013-06-05 00:49 - 00001749 ____A C:\Windows\unins000.dat
2013-06-05 00:49 - 2013-06-05 00:48 - 00809973 ____A C:\Windows\unins000.exe
2013-06-05 00:48 - 2013-06-05 00:48 - 02105245 ____A (Milouz Corp                                                 ) C:\Users\Pooly\Downloads\setupMarket.exe

==================== One Month Modified Files and Folders =======

2013-06-30 15:47 - 2013-06-30 15:47 - 00000000 ____D C:\FRST
2013-06-30 15:45 - 2013-06-30 15:45 - 00001130 ____A C:\Users\Pooly\Desktop\FRST64 - Verknüpfung.lnk
2013-06-30 15:45 - 2009-07-14 06:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 15:45 - 2009-07-14 06:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 15:44 - 2011-12-01 15:00 - 00000000 ____D C:\Users\Pooly\Documents\Outlook-Dateien
2013-06-30 15:43 - 2013-06-30 15:42 - 01933592 ____A (Farbar) C:\Users\Pooly\Downloads\FRST64.exe
2013-06-30 15:39 - 2012-07-08 13:06 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 15:37 - 2012-07-16 09:37 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 14:30 - 2013-06-30 14:30 - 00016590 ____A C:\Users\Pooly\Downloads\OTL.zip
2013-06-30 14:00 - 2011-05-16 16:04 - 00654150 ____A C:\Windows\System32\perfh007.dat
2013-06-30 14:00 - 2011-05-16 16:04 - 00130022 ____A C:\Windows\System32\perfc007.dat
2013-06-30 14:00 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 13:54 - 2012-09-28 23:17 - 00000000 ___SD C:\Users\Pooly\Google Drive
2013-06-30 13:53 - 2013-06-29 18:08 - 00000280 ____A C:\Windows\setupact.log
2013-06-30 13:53 - 2012-07-08 13:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 13:53 - 2011-09-06 00:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 13:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 13:47 - 2012-07-08 13:03 - 01621607 ____A C:\Windows\WindowsUpdate.log
2013-06-30 13:41 - 2013-06-30 13:41 - 00029038 ____A C:\Users\Pooly\Desktop\gmer.txt
2013-06-30 03:30 - 2013-06-30 03:30 - 734114243 ____A C:\Windows\MEMORY.DMP
2013-06-30 03:30 - 2013-06-30 03:30 - 00293136 ____A C:\Windows\Minidump\063013-23431-01.dmp
2013-06-30 03:30 - 2013-06-30 03:30 - 00000000 ____D C:\Windows\Minidump
2013-06-30 03:24 - 2013-06-30 01:54 - 00001517 ____A C:\Users\Pooly\Desktop\gmer_2.1.19163 - Verknüpfung.lnk
2013-06-30 03:00 - 2013-06-30 02:55 - 00123378 ____A C:\Users\Pooly\Downloads\OTL.Txt
2013-06-30 02:56 - 2013-06-30 02:56 - 00089942 ____A C:\Users\Pooly\Downloads\Extras.Txt
2013-06-30 02:46 - 2013-06-30 01:52 - 00001412 ____A C:\Users\Pooly\Desktop\OTL - Verknüpfung.lnk
2013-06-30 02:40 - 2013-06-30 02:40 - 00000472 ____A C:\Users\Pooly\Downloads\defogger_disable.log
2013-06-30 02:40 - 2013-06-30 02:40 - 00000000 ____A C:\Users\Pooly\defogger_reenable
2013-06-30 02:40 - 2012-07-08 13:17 - 00000000 ____D C:\users\Pooly
2013-06-30 02:39 - 2013-06-30 01:50 - 00001064 ____A C:\Users\Pooly\Desktop\Defogger - Verknüpfung.lnk
2013-06-30 02:38 - 2012-07-09 01:10 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\ChessBase
2013-06-30 01:54 - 2013-06-30 01:54 - 00377856 ____A C:\Users\Pooly\Downloads\gmer_2.1.19163.exe
2013-06-30 01:52 - 2013-06-30 01:52 - 00602112 ____A (OldTimer Tools) C:\Users\Pooly\Downloads\OTL.exe
2013-06-30 01:49 - 2013-06-30 01:49 - 00050477 ____A C:\Users\Pooly\Downloads\Defogger.exe
2013-06-29 21:02 - 2013-06-06 09:54 - 00002210 ____A C:\Windows\wininit.ini
2013-06-29 18:08 - 2013-06-29 18:08 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 18:06 - 2012-08-11 14:52 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\NetSpeedMonitor
2013-06-29 18:03 - 2013-06-29 15:21 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-29 17:58 - 2013-06-29 17:58 - 00001298 ____A C:\Users\Pooly\Documents\cc_20130629_175824.reg
2013-06-29 17:52 - 2013-06-29 17:51 - 04396440 ____A (Piriform Ltd) C:\Users\Pooly\Downloads\ccsetup403.exe
2013-06-29 17:52 - 2012-07-09 00:34 - 00000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-29 17:52 - 2012-07-09 00:34 - 00000000 ____D C:\Program Files\CCleaner
2013-06-29 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-29 15:23 - 2013-06-29 15:23 - 00000000 ____A C:\autoexec.bat
2013-06-29 15:22 - 2013-06-29 15:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 14:54 - 2013-06-29 14:54 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Pooly\Downloads\SpyHunter-Installer.exe
2013-06-29 01:24 - 2013-04-20 13:30 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\TV-Browser
2013-06-28 15:43 - 2012-11-23 03:54 - 00000787 ____A C:\Users\Pooly\Downloads\GES_Zabo op.ini
2013-06-28 15:43 - 2012-10-09 05:02 - 00000901 ____A C:\Users\Pooly\Downloads\GES_LGA op.ini
2013-06-28 15:43 - 2012-08-09 04:28 - 00001040 ____A C:\Users\Pooly\Downloads\GES_Seebach op.ini
2013-06-28 14:12 - 2013-06-28 14:12 - 00000439 ____A C:\Users\Pooly\Downloads\Landesliga Nord.ini
2013-06-28 14:12 - 2013-06-28 12:53 - 00001448 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgi
2013-06-28 14:08 - 2012-11-11 08:04 - 00000619 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.ini
2013-06-28 14:08 - 2012-07-23 01:27 - 00000572 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.ini
2013-06-28 14:07 - 2013-02-09 15:28 - 00000567 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.ini
2013-06-28 14:05 - 2012-11-12 06:32 - 00000589 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.ini
2013-06-28 14:05 - 2012-04-07 15:56 - 00000641 ____A C:\Users\Pooly\Downloads\mfr_em.ini
2013-06-28 14:05 - 2012-04-07 15:48 - 00000808 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.ini
2013-06-28 14:04 - 2012-04-09 04:16 - 00000565 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.ini
2013-06-28 12:52 - 2013-06-28 12:52 - 00272117 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgn
2013-06-28 12:48 - 2013-06-28 12:48 - 00329804 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cib
2013-06-28 12:48 - 2013-06-28 12:48 - 00031852 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cit
2013-06-28 12:47 - 2013-06-28 12:47 - 00186316 ____A C:\Users\Pooly\Downloads\GES_LGA op.cib
2013-06-28 12:47 - 2013-06-28 12:47 - 00023932 ____A C:\Users\Pooly\Downloads\GES_LGA op.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00202700 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00063500 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00025492 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00013852 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cit
2013-06-28 12:45 - 2013-06-28 12:45 - 00151372 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cib
2013-06-28 12:45 - 2013-06-28 12:45 - 00023612 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00203404 ____A C:\Users\Pooly\Downloads\mfr_em.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00025292 ____A C:\Users\Pooly\Downloads\mfr_em.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00006540 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00003212 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00286988 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00033132 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00005132 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00001212 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cit
2013-06-28 01:22 - 2013-06-28 01:22 - 01491980 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cib
2013-06-28 01:22 - 2013-06-28 01:22 - 00140852 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cit
2013-06-28 01:20 - 2012-10-09 00:47 - 00001021 ____A C:\Users\Pooly\Downloads\Wiessee2012sen.ini
2013-06-28 01:17 - 2013-01-10 13:14 - 00000582 ____A C:\Users\Pooly\Downloads\BL2-Ost 2012_13 R1-4.ini
2013-06-28 01:17 - 2012-07-23 01:40 - 00000560 ____A C:\Users\Pooly\Downloads\BL2-Ost 2011_12.ini
2013-06-28 01:16 - 2012-10-09 00:46 - 00000964 ____A C:\Users\Pooly\Downloads\Arber op 2012 1st.ini
2013-06-27 11:25 - 2013-06-27 11:25 - 02828552 ____A (AVAST Software) C:\Users\Pooly\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-27 11:17 - 2012-07-08 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 20:53 - 2013-05-21 02:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 11:20 - 2013-05-07 13:16 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-22 16:23 - 2013-06-22 16:23 - 00000000 ____D C:\Users\Pooly\Documents\Fax
2013-06-21 10:25 - 2013-06-21 09:56 - 00000363 ____A C:\Users\Pooly\AppData\Roaming\burnaware.ini
2013-06-21 09:37 - 2013-06-21 09:37 - 00001058 ____A C:\Users\Public\Desktop\BurnAware Free.lnk
2013-06-21 09:37 - 2013-06-21 09:37 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-06-21 09:34 - 2013-06-21 09:34 - 11554288 ____A (Burnaware                                                   ) C:\Users\Pooly\Downloads\burnaware_free(1).exe
2013-06-20 19:23 - 2013-06-20 19:23 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 19:23 - 2013-03-08 01:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 21:00 - 2012-07-24 13:06 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\vlc
2013-06-19 20:57 - 2013-06-19 20:57 - 00014336 ____A C:\Users\Pooly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 20:20 - 2013-06-19 20:20 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-19 10:23 - 2013-01-14 21:44 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\PerformerSoft
2013-06-19 10:17 - 2013-06-18 17:01 - 00000000 ____D C:\ProgramData\PC Performer Manager
2013-06-18 17:15 - 2013-06-18 17:15 - 00001042 ____A C:\Users\Pooly\Documents\cc_20130618_171551.reg
2013-06-18 17:15 - 2011-07-18 22:54 - 00000000 ____D C:\Windows\Panther
2013-06-18 17:01 - 2013-06-18 17:01 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-06-18 17:00 - 2013-01-04 23:34 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-18 13:29 - 2013-06-18 13:29 - 00000000 ____D C:\Users\Pooly\AppData\Local\Apps\2.0
2013-06-18 01:37 - 2013-05-08 08:32 - 00000464 ____A C:\Windows\Tasks\SlimDrivers Scan.job
2013-06-16 12:21 - 2012-08-13 00:22 - 00000000 ____D C:\Users\Pooly\Documents\Schach
2013-06-14 19:11 - 2012-01-02 22:27 - 00000000 ____D C:\Users\Pooly\Documents\Bewerbungsunterlagen
2013-06-14 13:27 - 2012-01-24 14:14 - 00000000 ____D C:\Users\Pooly\Documents\Sonstiges
2013-06-13 16:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 01:27 - 2011-07-18 22:31 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2013-02-16 15:02 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2011-07-18 23:13 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-20 19:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-20 19:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-20 19:23 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-20 19:23 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 13:37 - 2012-07-16 09:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 13:37 - 2011-08-10 21:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 20:14 - 2013-06-11 20:14 - 00006265 ____A C:\Users\Leonie.Pooly-PC.000\Documents\Renaissance.odt
2013-06-09 18:29 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 16:08 - 2013-06-15 09:57 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 09:57 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 09:57 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 09:57 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 09:57 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 09:59 - 2013-06-06 09:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-06 09:20 - 2013-06-06 09:20 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-06-06 09:20 - 2013-06-06 09:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-06 09:18 - 2013-06-06 09:17 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\Pooly\Downloads\spybot-2.1.exe
2013-06-05 10:25 - 2013-06-05 10:24 - 00013018 ____A C:\Users\Pooly\Documents\cc_20130605_102455.reg
2013-06-05 10:22 - 2013-05-10 12:26 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-05 00:51 - 2013-06-05 00:50 - 00002613 ____A C:\Users\Public\Desktop\Milouz Market.lnk
2013-06-05 00:50 - 2013-06-05 00:50 - 00000000 ____D C:\Program Files (x86)\Milouz Corp
2013-06-05 00:49 - 2013-06-05 00:49 - 00001749 ____A C:\Windows\unins000.dat
2013-06-05 00:48 - 2013-06-05 00:49 - 00809973 ____A C:\Windows\unins000.exe
2013-06-05 00:48 - 2013-06-05 00:48 - 02105245 ____A (Milouz Corp                                                 ) C:\Users\Pooly\Downloads\setupMarket.exe
2013-06-03 20:57 - 2012-04-21 13:49 - 00019968 ____A C:\Users\Public\Documents\Dienstplan.xls

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 16:41

==================== End Of Log ============================
         
--- --- ---


und hier Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2013 01
Ran by Pooly at 2013-06-30 15:47:46
Running from C:\Users\Pooly\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Creative Suite 2 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe Illustrator CS2 (x32 Version: 12.000.000)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Adobe SVG Viewer 3.0 (x32 Version:  3.0)
Adobe Version Cue CS2 (x32 Version: 2.0)
ALDI SÜD Mah Jong (x32)
Ashampoo Burning Studio (x32 Version: 10.0.10)
Ashampoo Internet Accelerator 3.20 (x32 Version: 3.2.0)
Ashampoo Photo Commander (x32 Version: 9.2.0)
Ashampoo Photo Optimizer (x32 Version: 4.0.0)
Ashampoo Snap (x32 Version: 4.3.0)
Ashampoo WinOptimizer 2012 v.8.1.4 (x32 Version: 8.1.4)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0)
Avira Free Antivirus (x32 Version: 13.0.0.3736)
BurnAware Free 6.3 (x32)
CBReader  (x32 Version: )
CCleaner (Version: 4.03)
CDDRV_Installer (Version: 4.60)
ChessBase 10 (x32 Version: 10)
Clock Screen Saver (x32 Version: 1.6)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686)
CorelDRAW Essentials X5 - Common (x32 Version: 15.3)
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3)
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3)
CorelDRAW Essentials X5 - DE (x32 Version: 15.3)
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3)
CorelDRAW Essentials X5 - EN (x32 Version: 15.3)
CorelDRAW Essentials X5 - ES (x32 Version: 15.3)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0)
CorelDRAW Essentials X5 - Extra Content (x32)
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3)
CorelDRAW Essentials X5 - FR (x32 Version: 15.3)
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3)
CorelDRAW Essentials X5 - IT (x32 Version: 15.3)
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3)
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0)
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3)
CorelDRAW Essentials X5 - WT (x32 Version: 15.3)
CorelDRAW Essentials X5 (x32 Version: 15.2.0.686)
CorelDRAW Essentials X5 (x32 Version: 15.3)
CyberLink PowerRecover (x32 Version: 5.5.4125)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
EdenCity Download (x32 Version: 12.0)
ElsterFormular (x32 Version: 14.0.0.10960)
erLT (x32 Version: 1.20.0137)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych (x32 Version: 15.4.5722.2)
Fritz11 WM Edition (x32 Version: 1.0)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Earth (x32 Version: 6.2.2.6613)
Google Update Helper (x32 Version: 1.3.21.145)
HP LaserJet Professional P1100-P1560-P1600 Series
Intel(R) Management Engine Components (x32 Version: 8.1.0.1281)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
KhalInstallWrapper (Version: 2.00.0000)
Kill-ID 1.2.4.0 für Chrome (x32 Version: 1.2.5.0)
K-Lite Codec Pack 9.2.0 (Full) (x32 Version: 9.2.0)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Licking Dog Screen Clean Screensaver (x32)
Logitech SetPoint (x32 Version: 4.80)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Milouz Market (x32 Version: 1.1.46)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MyFreeCodec (HKCU)
myMugle (x32 Version: 3.0.0.0)
NetSpeedMonitor 2.5.4.0 x64 (Version: 2.5.4.0)
NVIDIA 3D Vision Controller-Treiber 310.70 (Version: 310.70)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
Paragon Partition Manager™ 12 Free (x32 Version: 90.00.0003)
PDF Architect (x32 Version: 1.0.52.8917)
PDFCreator (x32 Version: 1.7.0)
Picasa 3 (x32 Version: 3.8)
PlayChess  (x32 Version: )
PlayReady PC Runtime amd64 (Version: 1.3.0)
Process Hacker 2.30 (r5267) (Version: 2.30.0.5267)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0187)
Recuva (Version: 1.44)
Samsung Kies (x32 Version: 2.3.2.12054_20)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
Sim AQUARIUM 2 (x32 Version: 2.5)
SiSoftware Sandra Lite 2012.SP1 (Version: 18.20.2012.1)
SlimDrivers (x32 Version: 2.2.29035)
SopCast 3.5.0 (x32 Version: 3.5.0)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
Spybot - Search & Destroy (x32 Version: 2.1.19)
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (x32 Version: 15.4.5722.2)
Suite Specific (x32 Version: 2.0.0)
swMSM (x32 Version: 12.0.0.1)
TeamViewer 7 (x32 Version: 7.0.15723)
TinEye Internet Explorer plugin 1.2 (x32 Version: 1.2.0)
TV-Browser 3.3a (x32 Version: 3.3a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
Visual Subst (x32 Version: 1.0.6)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows Internet Explorer 10 (x32 Version: 10.0)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
ZTE Handset USB Driver
ZTE Handset USB Driver (Version: 5.2066.1.A11B02)

==================== Restore Points  =========================

20-06-2013 17:22:29 Installed Java 7 Update 25
21-06-2013 18:47:00 Windows Update
23-06-2013 17:00:24 Windows-Sicherung
25-06-2013 17:36:19 Windows Update
25-06-2013 18:05:07 S
26-06-2013 09:18:08 S
26-06-2013 09:23:24 S
29-06-2013 13:22:16 Installed SpyHunter
29-06-2013 16:00:04 Removed SpyHunter
29-06-2013 16:05:01 Removed Adblock IE 2.2
29-06-2013 16:19:56 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0A6890F6-8E3F-48C5-9516-DED6C7416408} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {2615795F-1784-4E0E-B4FA-EA9748FE0969} - System32\Tasks\WPD\SqmUpload_S-1-5-21-239419753-1080600804-101104263-1005 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {2CF97972-B91D-4171-9FDC-20D249ECF439} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {34585AC7-E24A-4A1A-96CA-4EE5FD34F3BB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {531F695E-AB63-4C04-A4DD-BEC76BB5DBEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: {69CD7CCF-1FE5-44C9-BD55-AE5C26BEC73F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {97E9FB57-1786-40CC-8AC8-C576DBB1192C} - System32\Tasks\SlimDrivers Scan => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-04-24] (SlimWare Utilities, Inc.)
Task: {99AD5108-DDA2-4535-B0F8-FC37E1979BFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {A641A837-4D37-404D-AA63-18C1F8BE1617} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08] (Google Inc.)
Task: {BF99B7AF-4E67-40F2-BB15-DE2ABC5A00B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {C7D130F2-E396-4EC5-8AA8-F523311EA3E9} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {DEE9111D-C656-4BB5-9089-D67586B208F0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {EC6C9A43-12B7-43E4-918F-119452E160F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08] (Google Inc.)
Task: {FAE4FE84-8885-4ADE-805A-3FB50673A7F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Scan.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2013 03:04:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ChessProgram11.exe, Version: 0.0.0.0, Zeitstempel: 0x48d2079e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x33000000
ID des fehlerhaften Prozesses: 0x17d8
Startzeit der fehlerhaften Anwendung: 0xChessProgram11.exe0
Pfad der fehlerhaften Anwendung: ChessProgram11.exe1
Pfad des fehlerhaften Moduls: ChessProgram11.exe2
Berichtskennung: ChessProgram11.exe3

Error: (06/29/2013 01:47:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDTray.exe, Version: 2.1.18.127, Zeitstempel: 0x51949fd1
Name des fehlerhaften Moduls: wship6.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bdb56
Ausnahmecode: 0xc0000005
Fehleroffset: 0x70001414
ID des fehlerhaften Prozesses: 0x12ac
Startzeit der fehlerhaften Anwendung: 0xSDTray.exe0
Pfad der fehlerhaften Anwendung: SDTray.exe1
Pfad des fehlerhaften Moduls: SDTray.exe2
Berichtskennung: SDTray.exe3

Error: (06/28/2013 02:12:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CBase10.exe, Version: 10.0.0.3, Zeitstempel: 0x4873d57e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0150010
Fehleroffset: 0x000847db
ID des fehlerhaften Prozesses: 0x1140
Startzeit der fehlerhaften Anwendung: 0xCBase10.exe0
Pfad der fehlerhaften Anwendung: CBase10.exe1
Pfad des fehlerhaften Moduls: CBase10.exe2
Berichtskennung: CBase10.exe3

Error: (06/28/2013 02:12:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CBase10.exe, Version: 10.0.0.3, Zeitstempel: 0x4873d57e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc015000f
Fehleroffset: 0x00084621
ID des fehlerhaften Prozesses: 0x1140
Startzeit der fehlerhaften Anwendung: 0xCBase10.exe0
Pfad der fehlerhaften Anwendung: CBase10.exe1
Pfad des fehlerhaften Moduls: CBase10.exe2
Berichtskennung: CBase10.exe3

Error: (06/28/2013 02:00:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CBase10.exe, Version: 10.0.0.3, Zeitstempel: 0x4873d57e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0150010
Fehleroffset: 0x000847db
ID des fehlerhaften Prozesses: 0x9cc
Startzeit der fehlerhaften Anwendung: 0xCBase10.exe0
Pfad der fehlerhaften Anwendung: CBase10.exe1
Pfad des fehlerhaften Moduls: CBase10.exe2
Berichtskennung: CBase10.exe3

Error: (06/28/2013 02:00:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CBase10.exe, Version: 10.0.0.3, Zeitstempel: 0x4873d57e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc015000f
Fehleroffset: 0x00084621
ID des fehlerhaften Prozesses: 0x9cc
Startzeit der fehlerhaften Anwendung: 0xCBase10.exe0
Pfad der fehlerhaften Anwendung: CBase10.exe1
Pfad des fehlerhaften Moduls: CBase10.exe2
Berichtskennung: CBase10.exe3

Error: (06/28/2013 01:03:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CBase10.exe, Version: 10.0.0.3, Zeitstempel: 0x4873d57e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0150010
Fehleroffset: 0x000847db
ID des fehlerhaften Prozesses: 0x1850
Startzeit der fehlerhaften Anwendung: 0xCBase10.exe0
Pfad der fehlerhaften Anwendung: CBase10.exe1
Pfad des fehlerhaften Moduls: CBase10.exe2
Berichtskennung: CBase10.exe3

Error: (06/28/2013 01:03:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CBase10.exe, Version: 10.0.0.3, Zeitstempel: 0x4873d57e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc015000f
Fehleroffset: 0x00084621
ID des fehlerhaften Prozesses: 0x1850
Startzeit der fehlerhaften Anwendung: 0xCBase10.exe0
Pfad der fehlerhaften Anwendung: CBase10.exe1
Pfad des fehlerhaften Moduls: CBase10.exe2
Berichtskennung: CBase10.exe3

Error: (06/26/2013 00:01:16 PM) (Source: Application Hang) (User: )
Description: Programm SDCleaner.exe, Version 2.1.18.110 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17c8

Startzeit: 01ce724dbb659da0

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe

Berichts-ID: 549c2887-de47-11e2-83ca-8c89a56d6f00

Error: (06/06/2013 00:06:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (06/30/2013 01:55:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/30/2013 01:55:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/30/2013 00:14:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/30/2013 00:14:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/30/2013 03:31:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet: 
%%1747

Error: (06/30/2013 03:31:08 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.

Error: (06/30/2013 03:31:08 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (06/30/2013 03:30:24 AM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0x00000001016dd41c, 0x0000000000000008, 0x00000001016dd41c)C:\Windows\MEMORY.DMP063013-23431-01

Error: (06/30/2013 03:30:24 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?30.?06.?2013 um 03:28:09 unerwartet heruntergefahren.

Error: (06/29/2013 09:09:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (06/29/2013 03:04:04 PM) (Source: Application Error)(User: )
Description: ChessProgram11.exe0.0.0.048d2079eunknown0.0.0.000000000c00000053300000017d801ce74c829bf25c5C:\Program Files (x86)\ChessBase\ChessProgram11\ChessProgram11.exeunknown5f6231e7-e0bc-11e2-9c63-8c89a56d6f00

Error: (06/29/2013 01:47:53 PM) (Source: Application Error)(User: )
Description: SDTray.exe2.1.18.12751949fd1wship6.dll_unloaded0.0.0.04a5bdb56c00000057000141412ac01ce74be79f6fe78C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exewship6.dllbb2c1441-e0b1-11e2-9c63-742f68a87d52

Error: (06/28/2013 02:12:36 PM) (Source: Application Error)(User: )
Description: CBase10.exe10.0.0.34873d57entdll.dll6.1.7601.177254ec49b8fc0150010000847db114001ce73f725b73aecC:\Program Files (x86)\ChessBase\CBase10\CBase10.exeC:\Windows\SysWOW64\ntdll.dll047bd447-dfec-11e2-9d7f-742f68a87d52

Error: (06/28/2013 02:12:22 PM) (Source: Application Error)(User: )
Description: CBase10.exe10.0.0.34873d57entdll.dll6.1.7601.177254ec49b8fc015000f00084621114001ce73f725b73aecC:\Program Files (x86)\ChessBase\CBase10\CBase10.exeC:\Windows\SysWOW64\ntdll.dllfbf285c8-dfeb-11e2-9d7f-742f68a87d52

Error: (06/28/2013 02:00:36 PM) (Source: Application Error)(User: )
Description: CBase10.exe10.0.0.34873d57entdll.dll6.1.7601.177254ec49b8fc0150010000847db9cc01ce73f6e895b26fC:\Program Files (x86)\ChessBase\CBase10\CBase10.exeC:\Windows\SysWOW64\ntdll.dll57735eed-dfea-11e2-9d7f-742f68a87d52

Error: (06/28/2013 02:00:31 PM) (Source: Application Error)(User: )
Description: CBase10.exe10.0.0.34873d57entdll.dll6.1.7601.177254ec49b8fc015000f000846219cc01ce73f6e895b26fC:\Program Files (x86)\ChessBase\CBase10\CBase10.exeC:\Windows\SysWOW64\ntdll.dll543af7aa-dfea-11e2-9d7f-742f68a87d52

Error: (06/28/2013 01:03:43 PM) (Source: Application Error)(User: )
Description: CBase10.exe10.0.0.34873d57entdll.dll6.1.7601.177254ec49b8fc0150010000847db185001ce73ebe2da7fc1C:\Program Files (x86)\ChessBase\CBase10\CBase10.exeC:\Windows\SysWOW64\ntdll.dll64c64e3b-dfe2-11e2-9d7f-742f68a87d52

Error: (06/28/2013 01:03:24 PM) (Source: Application Error)(User: )
Description: CBase10.exe10.0.0.34873d57entdll.dll6.1.7601.177254ec49b8fc015000f00084621185001ce73ebe2da7fc1C:\Program Files (x86)\ChessBase\CBase10\CBase10.exeC:\Windows\SysWOW64\ntdll.dll59a35930-dfe2-11e2-9d7f-742f68a87d52

Error: (06/26/2013 00:01:16 PM) (Source: Application Hang)(User: )
Description: SDCleaner.exe2.1.18.11017c801ce724dbb659da00C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe549c2887-de47-11e2-83ca-8c89a56d6f00

Error: (06/06/2013 00:06:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Pooly\Downloads\SoftonicDownloader_fuer_cat-licking-screensaver.exe


CodeIntegrity Errors:
===================================
  Date: 2013-02-15 17:25:51.101
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:51.077
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:48.990
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:48.965
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:46.915
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:46.891
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:44.820
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:44.805
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:42.714
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-15 17:25:42.683
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 4077.64 MB
Available physical RAM: 2198.16 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 5940.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1687.36 GB) NTFS (Disk=0 Partition=2)
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.47 GB) NTFS (Disk=0 Partition=3)
Drive e: (Fritztrainer) (CDROM) (Total:1.18 GB) (Free:0 GB) UDF
Drive j: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:685.75 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-253492199424) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 80EFAD12)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
         
Gruß
Pooly
__________________

Alt 30.06.2013, 16:09   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.06.2013, 17:07   #5
Pooly
 
PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Hi Schrauber,
sorry dass es etwas gedauert hat aber ich hatte Probleme, das Avira Antivir wirklich abzustellen, also nicht nur den Echtzeitscanner. Aber es ist mir dann doch gelungen und hier ist das Logfile von Combofix:

Code:
ATTFilter
ComboFix 13-06-30.01 - Pooly 30.06.2013  17:37:21.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.2322 [GMT 2:00]
ausgeführt von:: c:\users\Pooly\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Leonie.Pooly-PC.000\AppData\Roaming\.#
c:\users\Leonie\AppData\Roaming\.#
c:\users\Pooly\AppData\Local\Temp\_MEI46002\_ctypes.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\_elementtree.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\_hashlib.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\_multiprocessing.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\_socket.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\_ssl.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\pyexpat.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\pysqlite2._sqlite.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\python27.dll
c:\users\Pooly\AppData\Local\Temp\_MEI46002\pythoncom27.dll
c:\users\Pooly\AppData\Local\Temp\_MEI46002\PyWinTypes27.dll
c:\users\Pooly\AppData\Local\Temp\_MEI46002\select.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\unicodedata.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32api.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32com.shell.shell.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32crypt.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32event.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32file.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32inet.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32pdh.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32process.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32profile.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32security.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\win32ts.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\windows._cacheinvalidation.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wx._controls_.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wx._core_.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wx._gdi_.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wx._html2.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wx._misc_.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wx._windows_.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wx._wizard.pyd
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wxbase294u_net_vc90.dll
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wxbase294u_vc90.dll
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wxmsw294u_adv_vc90.dll
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wxmsw294u_core_vc90.dll
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wxmsw294u_html_vc90.dll
c:\users\Pooly\AppData\Local\Temp\_MEI46002\wxmsw294u_webview_vc90.dll
c:\users\Pooly\AppData\Roaming\.#
c:\users\Sarah\AppData\Roaming\.#
c:\users\Schneckchen.Pooly-PC\AppData\Roaming\.#
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-28 bis 2013-06-30  ))))))))))))))))))))))))))))))
.
.
2013-06-30 15:47 . 2013-06-30 15:47	--------	d-----w-	c:\windows\SysWow64\searchplugins
2013-06-30 15:47 . 2013-06-30 15:47	--------	d-----w-	c:\windows\SysWow64\Extensions
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\Schneckchen.Pooly-PC\AppData\Local\temp
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\Schneckchen\AppData\Local\temp
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\Sarah\AppData\Local\temp
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\Sarah.Pooly-PC\AppData\Local\temp
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\Leonie\AppData\Local\temp
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\Leonie.Pooly-PC\AppData\Local\temp
2013-06-30 15:46 . 2013-06-30 15:46	--------	d-----w-	c:\users\Leonie.Pooly-PC.000\AppData\Local\temp
2013-06-30 13:56 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6293C3D5-F5CE-4BC7-814C-3FE677A67FCD}\mpengine.dll
2013-06-30 13:47 . 2013-06-30 13:47	--------	d-----w-	C:\FRST
2013-06-29 13:22 . 2013-06-29 13:22	--------	d-----w-	c:\program files\Enigma Software Group
2013-06-29 13:21 . 2013-06-29 16:03	--------	d-----w-	c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-29 13:21 . 2013-06-29 13:21	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-28 16:16 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 18:48 . 2013-06-21 18:47	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64F5B073-0121-454A-8593-B9C8FC075E0B}\gapaengine.dll
2013-06-21 07:37 . 2013-06-21 07:37	--------	d-----w-	c:\program files (x86)\BurnAware Free
2013-06-20 17:23 . 2013-06-12 19:47	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 18:53 . 2013-06-19 18:53	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-06-19 18:53 . 2013-06-19 18:53	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-19 18:52 . 2013-06-19 18:52	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-18 15:01 . 2013-06-18 15:01	--------	d-----w-	c:\programdata\IBUpdaterService
2013-06-18 15:01 . 2013-06-19 08:17	--------	d-----w-	c:\programdata\PC Performer Manager
2013-06-18 11:29 . 2013-06-18 11:29	--------	d-----w-	c:\users\Pooly\AppData\Local\Apps
2013-06-12 23:27 . 2013-05-17 01:25	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-06-12 23:26 . 2013-05-17 01:25	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-06-12 23:26 . 2013-05-17 00:58	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-06-12 23:26 . 2013-05-17 00:58	148992	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 23:26 . 2013-05-17 01:25	817664	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 23:26 . 2013-05-17 01:25	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-12 23:26 . 2013-05-17 00:58	1084928	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 23:26 . 2013-05-17 01:25	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-06-12 23:26 . 2013-05-17 00:59	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-06-12 23:26 . 2013-05-17 00:58	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-06-06 07:20 . 2013-06-06 07:59	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-06-06 07:20 . 2009-01-25 11:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-06-06 07:20 . 2013-06-06 07:20	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-06-04 22:50 . 2013-06-04 22:50	--------	d-----w-	c:\program files (x86)\Milouz Corp
2013-06-04 22:49 . 2013-06-04 22:48	809973	----a-w-	c:\windows\unins000.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 09:20 . 2013-05-07 11:16	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-18 15:00 . 2013-01-04 21:34	16152	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2013-06-12 23:27 . 2011-07-18 20:31	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 19:48 . 2013-02-16 13:02	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2011-07-18 21:13	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-12 11:37 . 2012-07-16 07:37	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 11:37 . 2011-08-10 19:09	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 16:33 . 2012-09-28 12:44	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 10:58	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:58	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:58	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:58	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:58	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:58	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:23	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-12 07:36 . 2013-04-12 07:36	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-12 07:36 . 2013-04-12 07:36	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-12 07:36 . 2013-04-12 07:36	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-12 07:36 . 2013-04-12 07:36	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-12 07:36 . 2013-04-12 07:36	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-12 07:36 . 2013-04-12 07:36	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-12 07:36 . 2013-04-12 07:36	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-12 07:36 . 2013-04-12 07:36	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-12 07:36 . 2013-04-12 07:36	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-12 07:36 . 2013-04-12 07:36	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-12 07:36 . 2013-04-12 07:36	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-12 07:36 . 2013-04-12 07:36	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-12 07:36 . 2013-04-12 07:36	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-12 07:36 . 2013-04-12 07:36	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-12 07:36 . 2013-04-12 07:36	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-12 07:36 . 2013-04-12 07:36	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-12 07:36 . 2013-04-12 07:36	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-12 07:36 . 2013-04-12 07:36	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-12 07:36 . 2013-04-12 07:36	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-12 07:36 . 2013-04-12 07:36	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-12 07:36 . 2013-04-12 07:36	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-12 07:36 . 2013-04-12 07:36	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-12 07:36 . 2013-04-12 07:36	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-12 07:36 . 2013-04-12 07:36	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-12 07:36 . 2013-04-12 07:36	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-12 07:36 . 2013-04-12 07:36	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-12 07:36 . 2013-04-12 07:36	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-12 07:36 . 2013-04-12 07:36	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-12 07:36 . 2013-04-12 07:36	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-12 07:36 . 2013-04-12 07:36	441856	----a-w-	c:\windows\system32\html.iec
2013-04-12 07:36 . 2013-04-12 07:36	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-12 07:36 . 2013-04-12 07:36	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-12 07:36 . 2013-04-12 07:36	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-12 07:36 . 2013-04-12 07:36	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-12 07:36 . 2013-04-12 07:36	235008	----a-w-	c:\windows\system32\url.dll
2013-04-12 07:36 . 2013-04-12 07:36	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-12 07:36 . 2013-04-12 07:36	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-12 07:36 . 2013-04-12 07:36	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-12 07:36 . 2013-04-12 07:36	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-12 07:36 . 2013-04-12 07:36	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-12 07:36 . 2013-04-12 07:36	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-12 07:36 . 2013-04-12 07:36	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-12 07:36 . 2013-04-12 07:36	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-12 07:36 . 2013-04-12 07:36	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-12 07:36 . 2013-04-12 07:36	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-12 07:36 . 2013-04-12 07:36	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-12 07:36 . 2013-04-12 07:36	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-12 07:36 . 2013-04-12 07:36	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-12 07:36 . 2013-04-12 07:36	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-10 06:01 . 2013-05-15 10:58	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 10:58	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 10:58	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-09 13:13 . 2013-05-10 10:26	110264	----a-w-	c:\windows\system32\pdfcmon.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Process Hacker 2"="c:\program files\Process Hacker 2\ProcessHacker.exe" [2013-01-14 1415680]
"Visual Subst"="c:\program files (x86)\Visual Subst\VSubst.exe" [2008-02-02 139672]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-06 19676256]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-26 345144]
"Adobe Version Cue CS2"="c:\ph-shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-7-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\PCPERF~1\261339~1.144\{61D8B~1\pcpmngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
R1 kkavmlpb;kkavmlpb;c:\windows\system32\drivers\kkavmlpb.sys;c:\windows\SYSNATIVE\drivers\kkavmlpb.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 PC Performer Manager;PC Performer Manager;c:\programdata\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe;c:\programdata\PC Performer Manager\2.6.1339.144\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 09:39	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 11:37]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08 11:06]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-08 11:06]
.
2013-06-17 c:\windows\Tasks\SlimDrivers Scan.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-04-24 12:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57	778192	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57	778192	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57	778192	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57	778192	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57	778192	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57	778192	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12503184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Search Image on TinEye - file://c:\users\Pooly\Documents\TinEye IE Plugin\TinEye.js
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.de/
FF - prefs.js: network.proxy.type - 1
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 204c3cc0000000000000742f68a87d52
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15719
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.520:45
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 204c3cc0000000000000742f68a87d52
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15755
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\ph-shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\schtasks.exe
c:\ph-shop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-30  17:53:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-30 15:53
.
Vor Suchlauf: 16 Verzeichnis(se), 1.811.603.202.048 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 1.811.423.039.488 Bytes frei
.
- - End Of File - - A35BA326193938BF8D8EF07C3E3CFC45
D41D8CD98F00B204E9800998ECF8427E
         
Bin jetzt erst mal für ca. 2-3 Std. Afk. Bis später!

Gruß
Pooly


Alt 30.06.2013, 19:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.
__________________
--> PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen

Alt 30.06.2013, 21:35   #7
Pooly
 
PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Hi Schrauber,


hier die beiden gewünschten Logfiles:

Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 30/06/2013 um 22:47:45 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Pooly - POOLY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Pooly\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : PC Performer Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\searchplugins\claro.xml
Gelöscht mit Neustart : C:\ProgramData\pc performer manager
Ordner Gelöscht : C:\Program Files (x86)\file scout
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Pooly\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Pooly\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\jetpack
Ordner Gelöscht : C:\Users\Pooly\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Pooly\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Schneckchen.Pooly-PC\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\596da8ab76fbf41
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\596da8ab76fbf41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKU\S-1-5-21-239419753-1080600804-101104263-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\prefs.js

C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119649&babsrc[...]
Gelöscht : user_pref("extensions.aniweather.timeShifted", 395939);
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "204c3cc0000000000000742f68a87d52");
Gelöscht : user_pref("extensions.claro.instlDay", "15719");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gelöscht : user_pref("extensions.claro_i.excTlbr", false);
Gelöscht : user_pref("extensions.claro_i.newTab", false);
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.520:45:01");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.id", "204c3cc0000000000000742f68a87d52");
Gelöscht : user_pref("extensions.delta.instlDay", "15755");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.020:06:14");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");

Datei : C:\Users\Leonie.Pooly-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\bkwrw5tt.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Schneckchen.Pooly-PC\AppData\Roaming\Mozilla\Firefox\Profiles\o2sfy9iz.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Sarah.Pooly-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7710 octets] - [30/06/2013 22:47:45]

########## EOF - C:\AdwCleaner[S1].txt - [7770 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Pooly on 30.06.2013 at 22:56:32,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc performer manager"



~~~ FireFox

Emptied folder: C:\Users\Pooly\AppData\Roaming\mozilla\firefox\profiles\r5i3nifn.default\minidumps [79 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.06.2013 at 22:59:27,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und noch ein frisches FRST Log:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Pooly (administrator) on 30-06-2013 23:15:08
Running from C:\Users\Pooly\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
() C:\Ph-Shop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Sytems Incorporated) C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2000-01-01] (Realtek Semiconductor)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Process Hacker 2] "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide [1415680 2013-01-14] (wj32)
HKCU\...\Run: [Visual Subst] "C:\Program Files (x86)\Visual Subst\VSubst.exe" /startup [139672 2008-02-02] (NTWind Software)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Sarah\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin [x]
HKU\UpdatusUser\...\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\UpdatusUser\...\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default
FF Homepage: hxxp://www.yahoo.de/
FF NetworkProxy: "no_proxies_on", "fritz.box"
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\fb_add_on@avm.de
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\ich@maltegoetz.de
FF Extension: Flagfox - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: images - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\images@snark.co.il.xpi
FF Extension: personas - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\personas@christopher.beard.xpi
FF Extension: tineye - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome: 
=======
CHR HomePage: hxxp://de.yahoo.com/
CHR RestoreOnStartup: "hxxp://www.yahoo.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.0.147) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Search by Image for Google\u2122) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdigejhabbnmfbbebmchkkjhcdjmeli\1.2_0
CHR Extension: (Google Drive) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Brushed) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0
CHR Extension: (YouTube) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search by Image (by Google)) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0
CHR Extension: (Gantter for Google Drive) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo\4.0.1_0
CHR Extension: (Forecastfox) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0
CHR Extension: (TicoYoutube Downloader) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnbiapfcobgpmcebclkhkdfdnkdchjp\0.1_0
CHR Extension: (Google Maps) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.8_0
CHR Extension: (Gmail) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-17] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [95896 2008-12-06] (SiSoftware)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-07-07] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-06-18] ()
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-09-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 DfSdkS; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S1 kkavmlpb; \??\C:\Windows\system32\drivers\kkavmlpb.sys [x]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 22:59 - 2013-06-30 22:59 - 00001043 ____A C:\Users\Pooly\Desktop\JRT.txt
2013-06-30 22:56 - 2013-06-30 22:56 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 22:56 - 2013-06-30 22:56 - 00000000 ____D C:\JRT
2013-06-30 22:47 - 2013-06-30 22:48 - 00007833 ____A C:\AdwCleaner[S1].txt
2013-06-30 22:47 - 2013-06-30 22:48 - 00000103 ____A C:\Windows\DeleteOnReboot.bat
2013-06-30 22:39 - 2013-06-30 22:55 - 00001412 ____A C:\Users\Pooly\Desktop\JRT - Verknüpfung.lnk
2013-06-30 22:38 - 2013-06-30 22:38 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Pooly\Downloads\JRT.exe
2013-06-30 22:37 - 2013-06-30 22:47 - 00001481 ____A C:\Users\Pooly\Desktop\adwcleaner - Verknüpfung.lnk
2013-06-30 22:37 - 2013-06-30 22:37 - 00648201 ____A C:\Users\Pooly\Downloads\adwcleaner.exe
2013-06-30 17:53 - 2013-06-30 17:53 - 00038044 ____A C:\ComboFix.txt
2013-06-30 17:48 - 2013-06-30 22:50 - 00001202 ____A C:\Windows\PFRO.log
2013-06-30 17:47 - 2013-06-30 17:47 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-30 17:47 - 2013-06-30 17:47 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-30 17:22 - 2013-06-30 17:53 - 00000000 ____D C:\Qoobox
2013-06-30 17:22 - 2013-06-30 17:52 - 00000000 ____D C:\Windows\erdnt
2013-06-30 17:22 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-30 17:22 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-30 17:22 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-30 17:18 - 2013-06-30 17:21 - 00001463 ____A C:\Users\Pooly\Desktop\ComboFix - Verknüpfung.lnk
2013-06-30 17:16 - 2013-06-30 17:16 - 05084517 ____R (Swearware) C:\Users\Pooly\Downloads\ComboFix.exe
2013-06-30 15:47 - 2013-06-30 15:48 - 00033558 ____A C:\Users\Pooly\Downloads\Addition.txt
2013-06-30 15:47 - 2013-06-30 15:47 - 00000000 ____D C:\FRST
2013-06-30 15:45 - 2013-06-30 15:45 - 00001130 ____A C:\Users\Pooly\Desktop\FRST64 - Verknüpfung.lnk
2013-06-30 15:42 - 2013-06-30 15:43 - 01933592 ____A (Farbar) C:\Users\Pooly\Downloads\FRST64.exe
2013-06-30 14:30 - 2013-06-30 14:30 - 00016590 ____A C:\Users\Pooly\Downloads\OTL.zip
2013-06-30 13:41 - 2013-06-30 13:41 - 00029038 ____A C:\Users\Pooly\Desktop\gmer.txt
2013-06-30 03:30 - 2013-06-30 03:30 - 734114243 ____A C:\Windows\MEMORY.DMP
2013-06-30 03:30 - 2013-06-30 03:30 - 00293136 ____A C:\Windows\Minidump\063013-23431-01.dmp
2013-06-30 03:30 - 2013-06-30 03:30 - 00000000 ____D C:\Windows\Minidump
2013-06-30 02:56 - 2013-06-30 02:56 - 00089942 ____A C:\Users\Pooly\Downloads\Extras.Txt
2013-06-30 02:55 - 2013-06-30 03:00 - 00123378 ____A C:\Users\Pooly\Downloads\OTL.Txt
2013-06-30 02:40 - 2013-06-30 02:40 - 00000472 ____A C:\Users\Pooly\Downloads\defogger_disable.log
2013-06-30 02:40 - 2013-06-30 02:40 - 00000000 ____A C:\Users\Pooly\defogger_reenable
2013-06-30 01:54 - 2013-06-30 03:24 - 00001517 ____A C:\Users\Pooly\Desktop\gmer_2.1.19163 - Verknüpfung.lnk
2013-06-30 01:54 - 2013-06-30 01:54 - 00377856 ____A C:\Users\Pooly\Downloads\gmer_2.1.19163.exe
2013-06-30 01:52 - 2013-06-30 02:46 - 00001412 ____A C:\Users\Pooly\Desktop\OTL - Verknüpfung.lnk
2013-06-30 01:52 - 2013-06-30 01:52 - 00602112 ____A (OldTimer Tools) C:\Users\Pooly\Downloads\OTL.exe
2013-06-30 01:50 - 2013-06-30 02:39 - 00001064 ____A C:\Users\Pooly\Desktop\Defogger - Verknüpfung.lnk
2013-06-30 01:49 - 2013-06-30 01:49 - 00050477 ____A C:\Users\Pooly\Downloads\Defogger.exe
2013-06-29 18:08 - 2013-06-30 23:02 - 00000560 ____A C:\Windows\setupact.log
2013-06-29 18:08 - 2013-06-29 18:08 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 17:58 - 2013-06-29 17:58 - 00001298 ____A C:\Users\Pooly\Documents\cc_20130629_175824.reg
2013-06-29 17:51 - 2013-06-29 17:52 - 04396440 ____A (Piriform Ltd) C:\Users\Pooly\Downloads\ccsetup403.exe
2013-06-29 15:23 - 2013-06-29 15:23 - 00000000 ____A C:\autoexec.bat
2013-06-29 15:22 - 2013-06-29 15:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 15:21 - 2013-06-29 18:03 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-29 14:54 - 2013-06-29 14:54 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Pooly\Downloads\SpyHunter-Installer.exe
2013-06-28 14:12 - 2013-06-28 14:12 - 00000439 ____A C:\Users\Pooly\Downloads\Landesliga Nord.ini
2013-06-28 12:53 - 2013-06-28 14:12 - 00001448 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgi
2013-06-28 12:52 - 2013-06-28 12:52 - 00272117 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgn
2013-06-28 12:48 - 2013-06-28 12:48 - 00329804 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cib
2013-06-28 12:48 - 2013-06-28 12:48 - 00031852 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cit
2013-06-28 12:47 - 2013-06-28 12:47 - 00186316 ____A C:\Users\Pooly\Downloads\GES_LGA op.cib
2013-06-28 12:47 - 2013-06-28 12:47 - 00023932 ____A C:\Users\Pooly\Downloads\GES_LGA op.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00202700 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00063500 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00025492 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00013852 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cit
2013-06-28 12:45 - 2013-06-28 12:45 - 00151372 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cib
2013-06-28 12:45 - 2013-06-28 12:45 - 00023612 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00203404 ____A C:\Users\Pooly\Downloads\mfr_em.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00025292 ____A C:\Users\Pooly\Downloads\mfr_em.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00006540 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00003212 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00286988 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00033132 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00005132 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00001212 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cit
2013-06-28 01:22 - 2013-06-28 01:22 - 01491980 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cib
2013-06-28 01:22 - 2013-06-28 01:22 - 00140852 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cit
2013-06-27 11:25 - 2013-06-27 11:25 - 02828552 ____A (AVAST Software) C:\Users\Pooly\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-22 16:23 - 2013-06-22 16:23 - 00000000 ____D C:\Users\Pooly\Documents\Fax
2013-06-21 09:56 - 2013-06-21 10:25 - 00000363 ____A C:\Users\Pooly\AppData\Roaming\burnaware.ini
2013-06-21 09:37 - 2013-06-21 09:37 - 00001058 ____A C:\Users\Public\Desktop\BurnAware Free.lnk
2013-06-21 09:37 - 2013-06-21 09:37 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-06-21 09:34 - 2013-06-21 09:34 - 11554288 ____A (Burnaware                                                   ) C:\Users\Pooly\Downloads\burnaware_free(1).exe
2013-06-20 19:23 - 2013-06-20 19:23 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 19:23 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-20 19:23 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-20 19:23 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-20 19:23 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 20:57 - 2013-06-19 20:57 - 00014336 ____A C:\Users\Pooly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 20:20 - 2013-06-19 20:20 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-18 17:15 - 2013-06-18 17:15 - 00001042 ____A C:\Users\Pooly\Documents\cc_20130618_171551.reg
2013-06-18 13:29 - 2013-06-18 13:29 - 00000000 ____D C:\Users\Pooly\AppData\Local\Apps\2.0
2013-06-15 09:57 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 09:57 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 09:57 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 09:57 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 09:57 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:27 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 01:27 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:27 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:27 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 01:27 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 01:26 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:26 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:26 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:26 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:26 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:26 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:04 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:04 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:04 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:04 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:04 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:04 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:04 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:04 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:04 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:04 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:04 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:04 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:04 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:14 - 2013-06-11 20:14 - 00006265 ____A C:\Users\Leonie.Pooly-PC.000\Documents\Renaissance.odt
2013-06-06 10:22 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130606-102242.backup
2013-06-06 09:20 - 2013-06-06 09:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-06 09:20 - 2013-06-06 09:20 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-06-06 09:20 - 2013-06-06 09:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-06 09:20 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-06-06 09:17 - 2013-06-06 09:18 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\Pooly\Downloads\spybot-2.1.exe
2013-06-05 10:24 - 2013-06-05 10:25 - 00013018 ____A C:\Users\Pooly\Documents\cc_20130605_102455.reg
2013-06-05 00:50 - 2013-06-05 00:51 - 00002613 ____A C:\Users\Public\Desktop\Milouz Market.lnk
2013-06-05 00:50 - 2013-06-05 00:50 - 00000000 ____D C:\Program Files (x86)\Milouz Corp
2013-06-05 00:49 - 2013-06-05 00:49 - 00001749 ____A C:\Windows\unins000.dat
2013-06-05 00:49 - 2013-06-05 00:48 - 00809973 ____A C:\Windows\unins000.exe
2013-06-05 00:48 - 2013-06-05 00:48 - 02105245 ____A (Milouz Corp                                                 ) C:\Users\Pooly\Downloads\setupMarket.exe

==================== One Month Modified Files and Folders =======

2013-06-30 23:12 - 2012-07-08 13:03 - 01724314 ____A C:\Windows\WindowsUpdate.log
2013-06-30 23:12 - 2011-12-01 15:00 - 00000000 ____D C:\Users\Pooly\Documents\Outlook-Dateien
2013-06-30 23:09 - 2011-05-16 16:04 - 00654150 ____A C:\Windows\System32\perfh007.dat
2013-06-30 23:09 - 2011-05-16 16:04 - 00130022 ____A C:\Windows\System32\perfc007.dat
2013-06-30 23:09 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 23:09 - 2009-07-14 06:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 23:09 - 2009-07-14 06:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 23:03 - 2012-09-28 23:17 - 00000000 ___SD C:\Users\Pooly\Google Drive
2013-06-30 23:02 - 2013-06-29 18:08 - 00000560 ____A C:\Windows\setupact.log
2013-06-30 23:02 - 2012-07-08 13:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 23:02 - 2011-09-06 00:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 23:02 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 22:59 - 2013-06-30 22:59 - 00001043 ____A C:\Users\Pooly\Desktop\JRT.txt
2013-06-30 22:56 - 2013-06-30 22:56 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 22:56 - 2013-06-30 22:56 - 00000000 ____D C:\JRT
2013-06-30 22:55 - 2013-06-30 22:39 - 00001412 ____A C:\Users\Pooly\Desktop\JRT - Verknüpfung.lnk
2013-06-30 22:50 - 2013-06-30 17:48 - 00001202 ____A C:\Windows\PFRO.log
2013-06-30 22:48 - 2013-06-30 22:47 - 00007833 ____A C:\AdwCleaner[S1].txt
2013-06-30 22:48 - 2013-06-30 22:47 - 00000103 ____A C:\Windows\DeleteOnReboot.bat
2013-06-30 22:47 - 2013-06-30 22:37 - 00001481 ____A C:\Users\Pooly\Desktop\adwcleaner - Verknüpfung.lnk
2013-06-30 22:39 - 2012-07-08 13:06 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 22:38 - 2013-06-30 22:38 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Pooly\Downloads\JRT.exe
2013-06-30 22:37 - 2013-06-30 22:37 - 00648201 ____A C:\Users\Pooly\Downloads\adwcleaner.exe
2013-06-30 22:37 - 2012-07-16 09:37 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 17:53 - 2013-06-30 17:53 - 00038044 ____A C:\ComboFix.txt
2013-06-30 17:53 - 2013-06-30 17:22 - 00000000 ____D C:\Qoobox
2013-06-30 17:52 - 2013-06-30 17:22 - 00000000 ____D C:\Windows\erdnt
2013-06-30 17:49 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-30 17:47 - 2013-06-30 17:47 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-30 17:47 - 2013-06-30 17:47 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-30 17:21 - 2013-06-30 17:18 - 00001463 ____A C:\Users\Pooly\Desktop\ComboFix - Verknüpfung.lnk
2013-06-30 17:16 - 2013-06-30 17:16 - 05084517 ____R (Swearware) C:\Users\Pooly\Downloads\ComboFix.exe
2013-06-30 15:48 - 2013-06-30 15:47 - 00033558 ____A C:\Users\Pooly\Downloads\Addition.txt
2013-06-30 15:47 - 2013-06-30 15:47 - 00000000 ____D C:\FRST
2013-06-30 15:45 - 2013-06-30 15:45 - 00001130 ____A C:\Users\Pooly\Desktop\FRST64 - Verknüpfung.lnk
2013-06-30 15:43 - 2013-06-30 15:42 - 01933592 ____A (Farbar) C:\Users\Pooly\Downloads\FRST64.exe
2013-06-30 14:30 - 2013-06-30 14:30 - 00016590 ____A C:\Users\Pooly\Downloads\OTL.zip
2013-06-30 13:41 - 2013-06-30 13:41 - 00029038 ____A C:\Users\Pooly\Desktop\gmer.txt
2013-06-30 03:30 - 2013-06-30 03:30 - 734114243 ____A C:\Windows\MEMORY.DMP
2013-06-30 03:30 - 2013-06-30 03:30 - 00293136 ____A C:\Windows\Minidump\063013-23431-01.dmp
2013-06-30 03:30 - 2013-06-30 03:30 - 00000000 ____D C:\Windows\Minidump
2013-06-30 03:24 - 2013-06-30 01:54 - 00001517 ____A C:\Users\Pooly\Desktop\gmer_2.1.19163 - Verknüpfung.lnk
2013-06-30 03:00 - 2013-06-30 02:55 - 00123378 ____A C:\Users\Pooly\Downloads\OTL.Txt
2013-06-30 02:56 - 2013-06-30 02:56 - 00089942 ____A C:\Users\Pooly\Downloads\Extras.Txt
2013-06-30 02:46 - 2013-06-30 01:52 - 00001412 ____A C:\Users\Pooly\Desktop\OTL - Verknüpfung.lnk
2013-06-30 02:40 - 2013-06-30 02:40 - 00000472 ____A C:\Users\Pooly\Downloads\defogger_disable.log
2013-06-30 02:40 - 2013-06-30 02:40 - 00000000 ____A C:\Users\Pooly\defogger_reenable
2013-06-30 02:40 - 2012-07-08 13:17 - 00000000 ____D C:\users\Pooly
2013-06-30 02:39 - 2013-06-30 01:50 - 00001064 ____A C:\Users\Pooly\Desktop\Defogger - Verknüpfung.lnk
2013-06-30 02:38 - 2012-07-09 01:10 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\ChessBase
2013-06-30 01:54 - 2013-06-30 01:54 - 00377856 ____A C:\Users\Pooly\Downloads\gmer_2.1.19163.exe
2013-06-30 01:52 - 2013-06-30 01:52 - 00602112 ____A (OldTimer Tools) C:\Users\Pooly\Downloads\OTL.exe
2013-06-30 01:49 - 2013-06-30 01:49 - 00050477 ____A C:\Users\Pooly\Downloads\Defogger.exe
2013-06-29 18:08 - 2013-06-29 18:08 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 18:06 - 2012-08-11 14:52 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\NetSpeedMonitor
2013-06-29 18:03 - 2013-06-29 15:21 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-29 17:58 - 2013-06-29 17:58 - 00001298 ____A C:\Users\Pooly\Documents\cc_20130629_175824.reg
2013-06-29 17:52 - 2013-06-29 17:51 - 04396440 ____A (Piriform Ltd) C:\Users\Pooly\Downloads\ccsetup403.exe
2013-06-29 17:52 - 2012-07-09 00:34 - 00000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-29 17:52 - 2012-07-09 00:34 - 00000000 ____D C:\Program Files\CCleaner
2013-06-29 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-29 15:23 - 2013-06-29 15:23 - 00000000 ____A C:\autoexec.bat
2013-06-29 15:22 - 2013-06-29 15:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 14:54 - 2013-06-29 14:54 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Pooly\Downloads\SpyHunter-Installer.exe
2013-06-29 01:24 - 2013-04-20 13:30 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\TV-Browser
2013-06-28 15:43 - 2012-11-23 03:54 - 00000787 ____A C:\Users\Pooly\Downloads\GES_Zabo op.ini
2013-06-28 15:43 - 2012-10-09 05:02 - 00000901 ____A C:\Users\Pooly\Downloads\GES_LGA op.ini
2013-06-28 15:43 - 2012-08-09 04:28 - 00001040 ____A C:\Users\Pooly\Downloads\GES_Seebach op.ini
2013-06-28 14:12 - 2013-06-28 14:12 - 00000439 ____A C:\Users\Pooly\Downloads\Landesliga Nord.ini
2013-06-28 14:12 - 2013-06-28 12:53 - 00001448 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgi
2013-06-28 14:08 - 2012-11-11 08:04 - 00000619 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.ini
2013-06-28 14:08 - 2012-07-23 01:27 - 00000572 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.ini
2013-06-28 14:07 - 2013-02-09 15:28 - 00000567 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.ini
2013-06-28 14:05 - 2012-11-12 06:32 - 00000589 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.ini
2013-06-28 14:05 - 2012-04-07 15:56 - 00000641 ____A C:\Users\Pooly\Downloads\mfr_em.ini
2013-06-28 14:05 - 2012-04-07 15:48 - 00000808 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.ini
2013-06-28 14:04 - 2012-04-09 04:16 - 00000565 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.ini
2013-06-28 12:52 - 2013-06-28 12:52 - 00272117 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgn
2013-06-28 12:48 - 2013-06-28 12:48 - 00329804 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cib
2013-06-28 12:48 - 2013-06-28 12:48 - 00031852 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cit
2013-06-28 12:47 - 2013-06-28 12:47 - 00186316 ____A C:\Users\Pooly\Downloads\GES_LGA op.cib
2013-06-28 12:47 - 2013-06-28 12:47 - 00023932 ____A C:\Users\Pooly\Downloads\GES_LGA op.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00202700 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00063500 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00025492 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00013852 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cit
2013-06-28 12:45 - 2013-06-28 12:45 - 00151372 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cib
2013-06-28 12:45 - 2013-06-28 12:45 - 00023612 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00203404 ____A C:\Users\Pooly\Downloads\mfr_em.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00025292 ____A C:\Users\Pooly\Downloads\mfr_em.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00006540 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00003212 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00286988 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00033132 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00005132 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00001212 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cit
2013-06-28 01:22 - 2013-06-28 01:22 - 01491980 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cib
2013-06-28 01:22 - 2013-06-28 01:22 - 00140852 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cit
2013-06-28 01:20 - 2012-10-09 00:47 - 00001021 ____A C:\Users\Pooly\Downloads\Wiessee2012sen.ini
2013-06-28 01:17 - 2013-01-10 13:14 - 00000582 ____A C:\Users\Pooly\Downloads\BL2-Ost 2012_13 R1-4.ini
2013-06-28 01:17 - 2012-07-23 01:40 - 00000560 ____A C:\Users\Pooly\Downloads\BL2-Ost 2011_12.ini
2013-06-28 01:16 - 2012-10-09 00:46 - 00000964 ____A C:\Users\Pooly\Downloads\Arber op 2012 1st.ini
2013-06-27 11:25 - 2013-06-27 11:25 - 02828552 ____A (AVAST Software) C:\Users\Pooly\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-27 11:17 - 2012-07-08 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 20:53 - 2013-05-21 02:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 11:20 - 2013-05-07 13:16 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-22 16:23 - 2013-06-22 16:23 - 00000000 ____D C:\Users\Pooly\Documents\Fax
2013-06-21 10:25 - 2013-06-21 09:56 - 00000363 ____A C:\Users\Pooly\AppData\Roaming\burnaware.ini
2013-06-21 09:37 - 2013-06-21 09:37 - 00001058 ____A C:\Users\Public\Desktop\BurnAware Free.lnk
2013-06-21 09:37 - 2013-06-21 09:37 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-06-21 09:34 - 2013-06-21 09:34 - 11554288 ____A (Burnaware                                                   ) C:\Users\Pooly\Downloads\burnaware_free(1).exe
2013-06-20 19:23 - 2013-06-20 19:23 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 19:23 - 2013-03-08 01:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 21:00 - 2012-07-24 13:06 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\vlc
2013-06-19 20:57 - 2013-06-19 20:57 - 00014336 ____A C:\Users\Pooly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 20:20 - 2013-06-19 20:20 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-18 17:15 - 2013-06-18 17:15 - 00001042 ____A C:\Users\Pooly\Documents\cc_20130618_171551.reg
2013-06-18 17:15 - 2011-07-18 22:54 - 00000000 ____D C:\Windows\Panther
2013-06-18 17:00 - 2013-01-04 23:34 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-18 13:29 - 2013-06-18 13:29 - 00000000 ____D C:\Users\Pooly\AppData\Local\Apps\2.0
2013-06-16 12:21 - 2012-08-13 00:22 - 00000000 ____D C:\Users\Pooly\Documents\Schach
2013-06-14 19:11 - 2012-01-02 22:27 - 00000000 ____D C:\Users\Pooly\Documents\Bewerbungsunterlagen
2013-06-14 13:27 - 2012-01-24 14:14 - 00000000 ____D C:\Users\Pooly\Documents\Sonstiges
2013-06-13 16:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 01:27 - 2011-07-18 22:31 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2013-02-16 15:02 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2011-07-18 23:13 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-20 19:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-20 19:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-20 19:23 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-20 19:23 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 13:37 - 2012-07-16 09:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 13:37 - 2011-08-10 21:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 20:14 - 2013-06-11 20:14 - 00006265 ____A C:\Users\Leonie.Pooly-PC.000\Documents\Renaissance.odt
2013-06-09 18:29 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 16:08 - 2013-06-15 09:57 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 09:57 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 09:57 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 09:57 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 09:57 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 09:59 - 2013-06-06 09:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-06 09:20 - 2013-06-06 09:20 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-06-06 09:20 - 2013-06-06 09:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-06 09:18 - 2013-06-06 09:17 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\Pooly\Downloads\spybot-2.1.exe
2013-06-05 10:25 - 2013-06-05 10:24 - 00013018 ____A C:\Users\Pooly\Documents\cc_20130605_102455.reg
2013-06-05 10:22 - 2013-05-10 12:26 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-05 00:51 - 2013-06-05 00:50 - 00002613 ____A C:\Users\Public\Desktop\Milouz Market.lnk
2013-06-05 00:50 - 2013-06-05 00:50 - 00000000 ____D C:\Program Files (x86)\Milouz Corp
2013-06-05 00:49 - 2013-06-05 00:49 - 00001749 ____A C:\Windows\unins000.dat
2013-06-05 00:48 - 2013-06-05 00:49 - 00809973 ____A C:\Windows\unins000.exe
2013-06-05 00:48 - 2013-06-05 00:48 - 02105245 ____A (Milouz Corp                                                 ) C:\Users\Pooly\Downloads\setupMarket.exe
2013-06-03 20:57 - 2012-04-21 13:49 - 00019968 ____A C:\Users\Public\Documents\Dienstplan.xls

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 16:41

==================== End Of Log ============================
         

Auf den allerersten Blick sieht's doch ganz gut aus...aber wahrscheinlich bin ich zu voreilig!?!?

Gruß
Pooly

Geändert von Pooly (30.06.2013 um 22:21 Uhr)

Alt 01.07.2013, 08:08   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Nee sieht schon besser aus


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 10:28   #9
Pooly
 
PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Hi Schrauber,
es ist doch richtig, dass dieser ESET Online Scanner wie der Name schon sagt Online laufen muss?! Der läuft jetzt seit 1:30 Std. und hat bis jetzt ca. 30% geschafft, muss also ca. 5 Std. insgesamt laufen. Und da ja alles abgeschaltet sein soll und abgeschaltet ist, also kein Virenscanner, keine Firewall usw. fühlt man sich nicht sehr wohl bei dem Gedanken, stundenlang ungeschützt online zu sein.
Er hat übrigens vorhin einen (ersten) Fund gemeldet "probably a variant of JavaExploit.Agent.NMS trojan".
Wenn das wirklich so lange und ungeschützt ablaufen muss melde ich mich später wieder, schaue aber immer mal wieder zwischendurch hier rein.

Gruß
Pooly

Alt 01.07.2013, 12:53   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Der brauch en bissl Zeit, ja. Und wenn Du sonst nix am Rechner machst ist das nit so wild.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 13:27   #11
Pooly
 
PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



seit ca. 2 Std. schon steht der Scan bei 99%, seitdem scannt er die externe Festplatte mit den wöchentlichen Sicherungen. Leider habe ich da schon lange nix mehr gelöscht und jetzt ist er bei der vom 25.12.2012.
Das scheint also noch ne ganze Weile zu dauern, aber stoppen kann ich's ja wohl auch nicht, sonst bekommen wir keinen Log.

Alt 01.07.2013, 13:37   #12
schrauber
/// the machine
/// TB-Ausbilder
 

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Genau
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 16:41   #13
Pooly
 
PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Sooo, endlich ist alles durch!

Nr. 1
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=56c707c57cccb545a1dc1afe5d4630c7
# engine=14215
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-01 01:29:49
# local_time=2013-07-01 03:29:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 98010 238108679 90800 0
# compatibility_mode=5893 16776574 100 94 23986388 124315239 0 0
# scanned=340096
# found=3
# cleaned=0
# scan_time=20610
sh=AC8BF255A5DCC546B08B2BF14B2ABD8BCF0B17F6 ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan" ac=I fn="C:\Users\Pooly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\1a822306-743c010f"
sh=09F641992DD1DED85D393236BB12E9DFD9047E9F ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan" ac=I fn="J:\POOLY-PC\Backup Set 2013-03-10 190001\Backup Files 2013-03-24 190001\Backup files 1.zip"
sh=EAC229B6DF853B7B47751D61294D53743B6B3E3C ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan" ac=I fn="J:\POOLY-PC\Backup Set 2013-03-10 190001\Backup Files 2013-04-21 190001\Backup files 2.zip"
         
Nr.2
Code:
ATTFilter
  Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
Avira Desktop                   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und Nr.3

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Pooly (administrator) on 01-07-2013 17:29:31
Running from C:\Users\Pooly\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
() C:\Ph-Shop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Sytems Incorporated) C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2000-01-01] (Realtek Semiconductor)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Process Hacker 2] "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide [1415680 2013-01-14] (wj32)
HKCU\...\Run: [Visual Subst] "C:\Program Files (x86)\Visual Subst\VSubst.exe" /startup [139672 2008-02-02] (NTWind Software)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] C:\Ph-Shop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Sarah\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin [x]
HKU\UpdatusUser\...\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\UpdatusUser\...\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default
FF Homepage: hxxp://www.yahoo.de/
FF NetworkProxy: "no_proxies_on", "fritz.box"
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\fb_add_on@avm.de
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\ich@maltegoetz.de
FF Extension: Flagfox - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: images - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\images@snark.co.il.xpi
FF Extension: personas - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\personas@christopher.beard.xpi
FF Extension: tineye - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Pooly\AppData\Roaming\Mozilla\Firefox\Profiles\r5i3nifn.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome: 
=======
CHR HomePage: hxxp://de.yahoo.com/
CHR RestoreOnStartup: "hxxp://www.yahoo.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.0.147) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Search by Image for Google\u2122) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdigejhabbnmfbbebmchkkjhcdjmeli\1.2_0
CHR Extension: (Google Drive) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Brushed) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0
CHR Extension: (YouTube) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search by Image (by Google)) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0
CHR Extension: (Gantter for Google Drive) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo\4.0.1_0
CHR Extension: (Forecastfox) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0
CHR Extension: (TicoYoutube Downloader) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnbiapfcobgpmcebclkhkdfdnkdchjp\0.1_0
CHR Extension: (Google Maps) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.1.8_0
CHR Extension: (Gmail) - C:\Users\Pooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-17] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Ph-Shop\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [95896 2008-12-06] (SiSoftware)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-07-07] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-06-18] ()
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-09-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 DfSdkS; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S1 kkavmlpb; \??\C:\Windows\system32\drivers\kkavmlpb.sys [x]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 17:03 - 2013-07-01 17:03 - 00000776 ____A C:\Users\Pooly\Desktop\SecurityCheck - Verknüpfung.lnk
2013-07-01 09:42 - 2013-07-01 09:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-01 09:37 - 2013-07-01 09:37 - 00890988 ____A C:\Users\Pooly\Downloads\SecurityCheck.exe
2013-07-01 09:36 - 2013-07-01 09:36 - 02347384 ____A (ESET) C:\Users\Pooly\Downloads\esetsmartinstaller_enu.exe
2013-06-30 22:59 - 2013-06-30 22:59 - 00001043 ____A C:\Users\Pooly\Desktop\JRT.txt
2013-06-30 22:56 - 2013-06-30 22:56 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 22:56 - 2013-06-30 22:56 - 00000000 ____D C:\JRT
2013-06-30 22:47 - 2013-06-30 22:48 - 00007833 ____A C:\AdwCleaner[S1].txt
2013-06-30 22:47 - 2013-06-30 22:48 - 00000103 ____A C:\Windows\DeleteOnReboot.bat
2013-06-30 22:39 - 2013-06-30 22:55 - 00001412 ____A C:\Users\Pooly\Desktop\JRT - Verknüpfung.lnk
2013-06-30 22:38 - 2013-06-30 22:38 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Pooly\Downloads\JRT.exe
2013-06-30 22:37 - 2013-06-30 22:47 - 00001481 ____A C:\Users\Pooly\Desktop\adwcleaner - Verknüpfung.lnk
2013-06-30 22:37 - 2013-06-30 22:37 - 00648201 ____A C:\Users\Pooly\Downloads\adwcleaner.exe
2013-06-30 17:53 - 2013-06-30 17:53 - 00038044 ____A C:\ComboFix.txt
2013-06-30 17:48 - 2013-06-30 22:50 - 00001202 ____A C:\Windows\PFRO.log
2013-06-30 17:47 - 2013-06-30 17:47 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-30 17:47 - 2013-06-30 17:47 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-30 17:22 - 2013-06-30 17:53 - 00000000 ____D C:\Qoobox
2013-06-30 17:22 - 2013-06-30 17:52 - 00000000 ____D C:\Windows\erdnt
2013-06-30 17:22 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-30 17:22 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-30 17:22 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-30 17:22 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-30 17:18 - 2013-06-30 17:21 - 00001463 ____A C:\Users\Pooly\Desktop\ComboFix - Verknüpfung.lnk
2013-06-30 17:16 - 2013-06-30 17:16 - 05084517 ____R (Swearware) C:\Users\Pooly\Downloads\ComboFix.exe
2013-06-30 15:47 - 2013-06-30 15:48 - 00033558 ____A C:\Users\Pooly\Downloads\Addition.txt
2013-06-30 15:47 - 2013-06-30 15:47 - 00000000 ____D C:\FRST
2013-06-30 15:45 - 2013-06-30 15:45 - 00001130 ____A C:\Users\Pooly\Desktop\FRST64 - Verknüpfung.lnk
2013-06-30 15:42 - 2013-06-30 15:43 - 01933592 ____A (Farbar) C:\Users\Pooly\Downloads\FRST64.exe
2013-06-30 14:30 - 2013-06-30 14:30 - 00016590 ____A C:\Users\Pooly\Downloads\OTL.zip
2013-06-30 13:41 - 2013-06-30 13:41 - 00029038 ____A C:\Users\Pooly\Desktop\gmer.txt
2013-06-30 03:30 - 2013-06-30 03:30 - 734114243 ____A C:\Windows\MEMORY.DMP
2013-06-30 03:30 - 2013-06-30 03:30 - 00293136 ____A C:\Windows\Minidump\063013-23431-01.dmp
2013-06-30 03:30 - 2013-06-30 03:30 - 00000000 ____D C:\Windows\Minidump
2013-06-30 02:56 - 2013-06-30 02:56 - 00089942 ____A C:\Users\Pooly\Downloads\Extras.Txt
2013-06-30 02:55 - 2013-06-30 03:00 - 00123378 ____A C:\Users\Pooly\Downloads\OTL.Txt
2013-06-30 02:40 - 2013-06-30 02:40 - 00000472 ____A C:\Users\Pooly\Downloads\defogger_disable.log
2013-06-30 02:40 - 2013-06-30 02:40 - 00000000 ____A C:\Users\Pooly\defogger_reenable
2013-06-30 01:54 - 2013-06-30 03:24 - 00001517 ____A C:\Users\Pooly\Desktop\gmer_2.1.19163 - Verknüpfung.lnk
2013-06-30 01:54 - 2013-06-30 01:54 - 00377856 ____A C:\Users\Pooly\Downloads\gmer_2.1.19163.exe
2013-06-30 01:52 - 2013-06-30 02:46 - 00001412 ____A C:\Users\Pooly\Desktop\OTL - Verknüpfung.lnk
2013-06-30 01:52 - 2013-06-30 01:52 - 00602112 ____A (OldTimer Tools) C:\Users\Pooly\Downloads\OTL.exe
2013-06-30 01:50 - 2013-06-30 02:39 - 00001064 ____A C:\Users\Pooly\Desktop\Defogger - Verknüpfung.lnk
2013-06-30 01:49 - 2013-06-30 01:49 - 00050477 ____A C:\Users\Pooly\Downloads\Defogger.exe
2013-06-29 18:08 - 2013-07-01 09:20 - 00000616 ____A C:\Windows\setupact.log
2013-06-29 18:08 - 2013-06-29 18:08 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 17:58 - 2013-06-29 17:58 - 00001298 ____A C:\Users\Pooly\Documents\cc_20130629_175824.reg
2013-06-29 17:51 - 2013-06-29 17:52 - 04396440 ____A (Piriform Ltd) C:\Users\Pooly\Downloads\ccsetup403.exe
2013-06-29 15:23 - 2013-06-29 15:23 - 00000000 ____A C:\autoexec.bat
2013-06-29 15:22 - 2013-06-29 15:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 15:21 - 2013-06-29 18:03 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-29 14:54 - 2013-06-29 14:54 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Pooly\Downloads\SpyHunter-Installer.exe
2013-06-28 14:12 - 2013-06-28 14:12 - 00000439 ____A C:\Users\Pooly\Downloads\Landesliga Nord.ini
2013-06-28 12:53 - 2013-06-28 14:12 - 00001448 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgi
2013-06-28 12:52 - 2013-06-28 12:52 - 00272117 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgn
2013-06-28 12:48 - 2013-06-28 12:48 - 00329804 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cib
2013-06-28 12:48 - 2013-06-28 12:48 - 00031852 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cit
2013-06-28 12:47 - 2013-06-28 12:47 - 00186316 ____A C:\Users\Pooly\Downloads\GES_LGA op.cib
2013-06-28 12:47 - 2013-06-28 12:47 - 00023932 ____A C:\Users\Pooly\Downloads\GES_LGA op.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00202700 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00063500 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00025492 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00013852 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cit
2013-06-28 12:45 - 2013-06-28 12:45 - 00151372 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cib
2013-06-28 12:45 - 2013-06-28 12:45 - 00023612 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00203404 ____A C:\Users\Pooly\Downloads\mfr_em.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00025292 ____A C:\Users\Pooly\Downloads\mfr_em.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00006540 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00003212 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00286988 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00033132 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00005132 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00001212 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cit
2013-06-28 01:22 - 2013-06-28 01:22 - 01491980 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cib
2013-06-28 01:22 - 2013-06-28 01:22 - 00140852 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cit
2013-06-27 11:25 - 2013-06-27 11:25 - 02828552 ____A (AVAST Software) C:\Users\Pooly\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-22 16:23 - 2013-06-22 16:23 - 00000000 ____D C:\Users\Pooly\Documents\Fax
2013-06-21 09:56 - 2013-06-21 10:25 - 00000363 ____A C:\Users\Pooly\AppData\Roaming\burnaware.ini
2013-06-21 09:37 - 2013-06-21 09:37 - 00001058 ____A C:\Users\Public\Desktop\BurnAware Free.lnk
2013-06-21 09:37 - 2013-06-21 09:37 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-06-21 09:34 - 2013-06-21 09:34 - 11554288 ____A (Burnaware                                                   ) C:\Users\Pooly\Downloads\burnaware_free(1).exe
2013-06-20 19:23 - 2013-06-20 19:23 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 19:23 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-20 19:23 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-20 19:23 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-20 19:23 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 20:57 - 2013-06-19 20:57 - 00014336 ____A C:\Users\Pooly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 20:20 - 2013-06-19 20:20 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-18 17:15 - 2013-06-18 17:15 - 00001042 ____A C:\Users\Pooly\Documents\cc_20130618_171551.reg
2013-06-18 13:29 - 2013-06-18 13:29 - 00000000 ____D C:\Users\Pooly\AppData\Local\Apps\2.0
2013-06-15 09:57 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 09:57 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 09:57 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 09:57 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 09:57 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 09:57 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 09:57 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:27 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 01:27 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 01:27 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:27 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:27 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:27 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 01:27 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 01:26 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:26 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:26 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:26 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:26 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:26 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:04 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:04 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:04 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:04 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:04 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:04 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:04 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:04 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:04 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:04 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:04 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:04 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:04 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:04 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:04 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:14 - 2013-06-11 20:14 - 00006265 ____A C:\Users\Leonie.Pooly-PC.000\Documents\Renaissance.odt
2013-06-06 10:22 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130606-102242.backup
2013-06-06 09:20 - 2013-06-06 09:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-06 09:20 - 2013-06-06 09:20 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-06-06 09:20 - 2013-06-06 09:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-06 09:20 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-06-06 09:17 - 2013-06-06 09:18 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\Pooly\Downloads\spybot-2.1.exe
2013-06-05 10:24 - 2013-06-05 10:25 - 00013018 ____A C:\Users\Pooly\Documents\cc_20130605_102455.reg
2013-06-05 00:50 - 2013-06-05 00:51 - 00002613 ____A C:\Users\Public\Desktop\Milouz Market.lnk
2013-06-05 00:50 - 2013-06-05 00:50 - 00000000 ____D C:\Program Files (x86)\Milouz Corp
2013-06-05 00:49 - 2013-06-05 00:49 - 00001749 ____A C:\Windows\unins000.dat
2013-06-05 00:49 - 2013-06-05 00:48 - 00809973 ____A C:\Windows\unins000.exe
2013-06-05 00:48 - 2013-06-05 00:48 - 02105245 ____A (Milouz Corp                                                 ) C:\Users\Pooly\Downloads\setupMarket.exe

==================== One Month Modified Files and Folders =======

2013-07-01 17:03 - 2013-07-01 17:03 - 00000776 ____A C:\Users\Pooly\Desktop\SecurityCheck - Verknüpfung.lnk
2013-07-01 17:02 - 2012-07-08 13:03 - 01775932 ____A C:\Windows\WindowsUpdate.log
2013-07-01 16:39 - 2012-07-08 13:06 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 16:37 - 2012-07-16 09:37 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 10:32 - 2011-05-16 16:04 - 00654150 ____A C:\Windows\System32\perfh007.dat
2013-07-01 10:32 - 2011-05-16 16:04 - 00130022 ____A C:\Windows\System32\perfc007.dat
2013-07-01 10:32 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 09:55 - 2011-12-01 15:00 - 00000000 ____D C:\Users\Pooly\Documents\Outlook-Dateien
2013-07-01 09:42 - 2013-07-01 09:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-01 09:37 - 2013-07-01 09:37 - 00890988 ____A C:\Users\Pooly\Downloads\SecurityCheck.exe
2013-07-01 09:36 - 2013-07-01 09:36 - 02347384 ____A (ESET) C:\Users\Pooly\Downloads\esetsmartinstaller_enu.exe
2013-07-01 09:28 - 2009-07-14 06:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 09:28 - 2009-07-14 06:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 09:22 - 2012-09-28 23:17 - 00000000 ___SD C:\Users\Pooly\Google Drive
2013-07-01 09:21 - 2012-07-08 13:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 09:20 - 2013-06-29 18:08 - 00000616 ____A C:\Windows\setupact.log
2013-07-01 09:20 - 2011-09-06 00:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 09:20 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 23:43 - 2012-07-09 01:10 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\ChessBase
2013-06-30 23:31 - 2013-04-20 13:30 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\TV-Browser
2013-06-30 22:59 - 2013-06-30 22:59 - 00001043 ____A C:\Users\Pooly\Desktop\JRT.txt
2013-06-30 22:56 - 2013-06-30 22:56 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 22:56 - 2013-06-30 22:56 - 00000000 ____D C:\JRT
2013-06-30 22:55 - 2013-06-30 22:39 - 00001412 ____A C:\Users\Pooly\Desktop\JRT - Verknüpfung.lnk
2013-06-30 22:50 - 2013-06-30 17:48 - 00001202 ____A C:\Windows\PFRO.log
2013-06-30 22:48 - 2013-06-30 22:47 - 00007833 ____A C:\AdwCleaner[S1].txt
2013-06-30 22:48 - 2013-06-30 22:47 - 00000103 ____A C:\Windows\DeleteOnReboot.bat
2013-06-30 22:47 - 2013-06-30 22:37 - 00001481 ____A C:\Users\Pooly\Desktop\adwcleaner - Verknüpfung.lnk
2013-06-30 22:38 - 2013-06-30 22:38 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Pooly\Downloads\JRT.exe
2013-06-30 22:37 - 2013-06-30 22:37 - 00648201 ____A C:\Users\Pooly\Downloads\adwcleaner.exe
2013-06-30 17:53 - 2013-06-30 17:53 - 00038044 ____A C:\ComboFix.txt
2013-06-30 17:53 - 2013-06-30 17:22 - 00000000 ____D C:\Qoobox
2013-06-30 17:52 - 2013-06-30 17:22 - 00000000 ____D C:\Windows\erdnt
2013-06-30 17:49 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-30 17:47 - 2013-06-30 17:47 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-30 17:47 - 2013-06-30 17:47 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-30 17:21 - 2013-06-30 17:18 - 00001463 ____A C:\Users\Pooly\Desktop\ComboFix - Verknüpfung.lnk
2013-06-30 17:16 - 2013-06-30 17:16 - 05084517 ____R (Swearware) C:\Users\Pooly\Downloads\ComboFix.exe
2013-06-30 15:48 - 2013-06-30 15:47 - 00033558 ____A C:\Users\Pooly\Downloads\Addition.txt
2013-06-30 15:47 - 2013-06-30 15:47 - 00000000 ____D C:\FRST
2013-06-30 15:45 - 2013-06-30 15:45 - 00001130 ____A C:\Users\Pooly\Desktop\FRST64 - Verknüpfung.lnk
2013-06-30 15:43 - 2013-06-30 15:42 - 01933592 ____A (Farbar) C:\Users\Pooly\Downloads\FRST64.exe
2013-06-30 14:30 - 2013-06-30 14:30 - 00016590 ____A C:\Users\Pooly\Downloads\OTL.zip
2013-06-30 13:41 - 2013-06-30 13:41 - 00029038 ____A C:\Users\Pooly\Desktop\gmer.txt
2013-06-30 03:30 - 2013-06-30 03:30 - 734114243 ____A C:\Windows\MEMORY.DMP
2013-06-30 03:30 - 2013-06-30 03:30 - 00293136 ____A C:\Windows\Minidump\063013-23431-01.dmp
2013-06-30 03:30 - 2013-06-30 03:30 - 00000000 ____D C:\Windows\Minidump
2013-06-30 03:24 - 2013-06-30 01:54 - 00001517 ____A C:\Users\Pooly\Desktop\gmer_2.1.19163 - Verknüpfung.lnk
2013-06-30 03:00 - 2013-06-30 02:55 - 00123378 ____A C:\Users\Pooly\Downloads\OTL.Txt
2013-06-30 02:56 - 2013-06-30 02:56 - 00089942 ____A C:\Users\Pooly\Downloads\Extras.Txt
2013-06-30 02:46 - 2013-06-30 01:52 - 00001412 ____A C:\Users\Pooly\Desktop\OTL - Verknüpfung.lnk
2013-06-30 02:40 - 2013-06-30 02:40 - 00000472 ____A C:\Users\Pooly\Downloads\defogger_disable.log
2013-06-30 02:40 - 2013-06-30 02:40 - 00000000 ____A C:\Users\Pooly\defogger_reenable
2013-06-30 02:40 - 2012-07-08 13:17 - 00000000 ____D C:\users\Pooly
2013-06-30 02:39 - 2013-06-30 01:50 - 00001064 ____A C:\Users\Pooly\Desktop\Defogger - Verknüpfung.lnk
2013-06-30 01:54 - 2013-06-30 01:54 - 00377856 ____A C:\Users\Pooly\Downloads\gmer_2.1.19163.exe
2013-06-30 01:52 - 2013-06-30 01:52 - 00602112 ____A (OldTimer Tools) C:\Users\Pooly\Downloads\OTL.exe
2013-06-30 01:49 - 2013-06-30 01:49 - 00050477 ____A C:\Users\Pooly\Downloads\Defogger.exe
2013-06-29 18:08 - 2013-06-29 18:08 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 18:06 - 2012-08-11 14:52 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\NetSpeedMonitor
2013-06-29 18:03 - 2013-06-29 15:21 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-29 17:58 - 2013-06-29 17:58 - 00001298 ____A C:\Users\Pooly\Documents\cc_20130629_175824.reg
2013-06-29 17:52 - 2013-06-29 17:51 - 04396440 ____A (Piriform Ltd) C:\Users\Pooly\Downloads\ccsetup403.exe
2013-06-29 17:52 - 2012-07-09 00:34 - 00000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-29 17:52 - 2012-07-09 00:34 - 00000000 ____D C:\Program Files\CCleaner
2013-06-29 17:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-29 15:23 - 2013-06-29 15:23 - 00000000 ____A C:\autoexec.bat
2013-06-29 15:22 - 2013-06-29 15:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 14:54 - 2013-06-29 14:54 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Pooly\Downloads\SpyHunter-Installer.exe
2013-06-28 15:43 - 2012-11-23 03:54 - 00000787 ____A C:\Users\Pooly\Downloads\GES_Zabo op.ini
2013-06-28 15:43 - 2012-10-09 05:02 - 00000901 ____A C:\Users\Pooly\Downloads\GES_LGA op.ini
2013-06-28 15:43 - 2012-08-09 04:28 - 00001040 ____A C:\Users\Pooly\Downloads\GES_Seebach op.ini
2013-06-28 14:12 - 2013-06-28 14:12 - 00000439 ____A C:\Users\Pooly\Downloads\Landesliga Nord.ini
2013-06-28 14:12 - 2013-06-28 12:53 - 00001448 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgi
2013-06-28 14:08 - 2012-11-11 08:04 - 00000619 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.ini
2013-06-28 14:08 - 2012-07-23 01:27 - 00000572 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.ini
2013-06-28 14:07 - 2013-02-09 15:28 - 00000567 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.ini
2013-06-28 14:05 - 2012-11-12 06:32 - 00000589 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.ini
2013-06-28 14:05 - 2012-04-07 15:56 - 00000641 ____A C:\Users\Pooly\Downloads\mfr_em.ini
2013-06-28 14:05 - 2012-04-07 15:48 - 00000808 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.ini
2013-06-28 14:04 - 2012-04-09 04:16 - 00000565 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.ini
2013-06-28 12:52 - 2013-06-28 12:52 - 00272117 ____A C:\Users\Pooly\Downloads\Landesliga Nord.pgn
2013-06-28 12:48 - 2013-06-28 12:48 - 00329804 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cib
2013-06-28 12:48 - 2013-06-28 12:48 - 00031852 ____A C:\Users\Pooly\Downloads\BayEM1970-2012.cit
2013-06-28 12:47 - 2013-06-28 12:47 - 00186316 ____A C:\Users\Pooly\Downloads\GES_LGA op.cib
2013-06-28 12:47 - 2013-06-28 12:47 - 00023932 ____A C:\Users\Pooly\Downloads\GES_LGA op.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00202700 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00063500 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cib
2013-06-28 12:46 - 2013-06-28 12:46 - 00025492 ____A C:\Users\Pooly\Downloads\GES_Mittelfranken-ch.cit
2013-06-28 12:46 - 2013-06-28 12:46 - 00013852 ____A C:\Users\Pooly\Downloads\GES_Seebach op.cit
2013-06-28 12:45 - 2013-06-28 12:45 - 00151372 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cib
2013-06-28 12:45 - 2013-06-28 12:45 - 00023612 ____A C:\Users\Pooly\Downloads\GES_Zabo op.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00203404 ____A C:\Users\Pooly\Downloads\mfr_em.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00025292 ____A C:\Users\Pooly\Downloads\mfr_em.cit
2013-06-28 12:44 - 2013-06-28 12:44 - 00006540 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cib
2013-06-28 12:44 - 2013-06-28 12:44 - 00003212 ____A C:\Users\Pooly\Downloads\mfr_mm_1213.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00286988 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00033132 ____A C:\Users\Pooly\Downloads\mfr_mm_2005-2012.cit
2013-06-28 12:42 - 2013-06-28 12:42 - 00005132 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cib
2013-06-28 12:42 - 2013-06-28 12:42 - 00001212 ____A C:\Users\Pooly\Downloads\Mittelfranken-EM 2012.cit
2013-06-28 01:22 - 2013-06-28 01:22 - 01491980 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cib
2013-06-28 01:22 - 2013-06-28 01:22 - 00140852 ____A C:\Users\Pooly\Downloads\bay_mm_1993-2012.cit
2013-06-28 01:20 - 2012-10-09 00:47 - 00001021 ____A C:\Users\Pooly\Downloads\Wiessee2012sen.ini
2013-06-28 01:17 - 2013-01-10 13:14 - 00000582 ____A C:\Users\Pooly\Downloads\BL2-Ost 2012_13 R1-4.ini
2013-06-28 01:17 - 2012-07-23 01:40 - 00000560 ____A C:\Users\Pooly\Downloads\BL2-Ost 2011_12.ini
2013-06-28 01:16 - 2012-10-09 00:46 - 00000964 ____A C:\Users\Pooly\Downloads\Arber op 2012 1st.ini
2013-06-27 11:25 - 2013-06-27 11:25 - 02828552 ____A (AVAST Software) C:\Users\Pooly\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-06-27 11:17 - 2012-07-08 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 20:53 - 2013-05-21 02:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 11:20 - 2013-05-07 13:16 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-22 16:23 - 2013-06-22 16:23 - 00000000 ____D C:\Users\Pooly\Documents\Fax
2013-06-21 10:25 - 2013-06-21 09:56 - 00000363 ____A C:\Users\Pooly\AppData\Roaming\burnaware.ini
2013-06-21 09:37 - 2013-06-21 09:37 - 00001058 ____A C:\Users\Public\Desktop\BurnAware Free.lnk
2013-06-21 09:37 - 2013-06-21 09:37 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2013-06-21 09:34 - 2013-06-21 09:34 - 11554288 ____A (Burnaware                                                   ) C:\Users\Pooly\Downloads\burnaware_free(1).exe
2013-06-20 19:23 - 2013-06-20 19:23 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 19:23 - 2013-03-08 01:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 21:00 - 2012-07-24 13:06 - 00000000 ____D C:\Users\Pooly\AppData\Roaming\vlc
2013-06-19 20:57 - 2013-06-19 20:57 - 00014336 ____A C:\Users\Pooly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 20:20 - 2013-06-19 20:20 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-18 17:15 - 2013-06-18 17:15 - 00001042 ____A C:\Users\Pooly\Documents\cc_20130618_171551.reg
2013-06-18 17:15 - 2011-07-18 22:54 - 00000000 ____D C:\Windows\Panther
2013-06-18 17:00 - 2013-01-04 23:34 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-06-18 13:29 - 2013-06-18 13:29 - 00000000 ____D C:\Users\Pooly\AppData\Local\Apps\2.0
2013-06-16 12:21 - 2012-08-13 00:22 - 00000000 ____D C:\Users\Pooly\Documents\Schach
2013-06-14 19:11 - 2012-01-02 22:27 - 00000000 ____D C:\Users\Pooly\Documents\Bewerbungsunterlagen
2013-06-14 13:27 - 2012-01-24 14:14 - 00000000 ____D C:\Users\Pooly\Documents\Sonstiges
2013-06-13 16:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 01:27 - 2011-07-18 22:31 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:48 - 2013-02-16 15:02 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2011-07-18 23:13 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-20 19:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-20 19:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-20 19:23 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-20 19:23 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 13:37 - 2012-07-16 09:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 13:37 - 2011-08-10 21:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 20:14 - 2013-06-11 20:14 - 00006265 ____A C:\Users\Leonie.Pooly-PC.000\Documents\Renaissance.odt
2013-06-09 18:29 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 16:08 - 2013-06-15 09:57 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 09:57 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 09:57 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 09:57 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 09:57 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 09:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 09:57 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 09:59 - 2013-06-06 09:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-06 09:20 - 2013-06-06 09:20 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-06-06 09:20 - 2013-06-06 09:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-06 09:18 - 2013-06-06 09:17 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\Pooly\Downloads\spybot-2.1.exe
2013-06-05 10:25 - 2013-06-05 10:24 - 00013018 ____A C:\Users\Pooly\Documents\cc_20130605_102455.reg
2013-06-05 10:22 - 2013-05-10 12:26 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-05 00:51 - 2013-06-05 00:50 - 00002613 ____A C:\Users\Public\Desktop\Milouz Market.lnk
2013-06-05 00:50 - 2013-06-05 00:50 - 00000000 ____D C:\Program Files (x86)\Milouz Corp
2013-06-05 00:49 - 2013-06-05 00:49 - 00001749 ____A C:\Windows\unins000.dat
2013-06-05 00:48 - 2013-06-05 00:49 - 00809973 ____A C:\Windows\unins000.exe
2013-06-05 00:48 - 2013-06-05 00:48 - 02105245 ____A (Milouz Corp                                                 ) C:\Users\Pooly\Downloads\setupMarket.exe
2013-06-03 20:57 - 2012-04-21 13:49 - 00019968 ____A C:\Users\Public\Documents\Dienstplan.xls

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 16:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Im Moment zwar nicht wirklich wichtig aber anscheinend sollte ich, wenn alles wieder o.k. ist, mal defragmenieren

Gruß
Pooly

Alt 01.07.2013, 18:34   #14
schrauber
/// the machine
/// TB-Ausbilder
 

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Hehe

das von ESET angemeckerte Backup auf J: würd ich löschen.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 20:23   #15
Pooly
 
PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Standard

PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen



Hi Schrauber,
TFC erstellte keinen Log, den ich hier posten könnte, richtig? Jedenfalls wurden 4,35 GB gelöscht.

Hier der Log von FRST:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-06-2013 01
Ran by Pooly at 2013-07-01 21:14:56 Run:1
Running from C:\Users\Pooly\Downloads
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

==== End of Fixlog ====
         
Von Problemen habe ich schon seit gestern nichts mehr gemerkt, der PC rennt wieder wie vorher gewohnt! ;-)

Gruß
Pooly

Antwort

Themen zu PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen
7-zip, adobe reader xi, avira, beseitigen, beseitigung, desktop, error, excel, fehler, filescout.exe, flash player, google, home, homepage, hängen, iexplore.exe, install.exe, mozilla, ntdll.dll, pc performer, picasa, problem, programm, realtek, recuva, registry, richtlinie, rundll, scan, security, spy hunter 4, svchost.exe, tcp, udp, usb, windows, windows internet



Ähnliche Themen: PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen


  1. MyStartSearch eingefangen und entfernen versucht
    Plagegeister aller Art und deren Bekämpfung - 21.01.2015 (19)
  2. Windows 7 - mystartsearch.com und Spyhunter 4 eingefangen
    Log-Analyse und Auswertung - 28.10.2014 (9)
  3. VIRUS! Uninstall von "i livid Download Manager" erfolglos. SpyHunter findet Viren, Avira nicht - was tun?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (12)
  4. search.conduit mit SpyHunter zu beseitigen versucht....
    Log-Analyse und Auswertung - 12.11.2013 (9)
  5. Laptop öffnet sofort den Windows Start Manager und friert dann ein
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (1)
  6. HolaSearch und PC Performer eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (10)
  7. 2x | Delta Search + Spyhunter 4 - Virus beseitigen?
    Mülltonne - 24.07.2013 (3)
  8. PC Performer eingefangen
    Log-Analyse und Auswertung - 15.06.2013 (1)
  9. PC Performer Manager
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (25)
  10. Snap.do lange nicht bemerkt, was kann der anrichten? Und Spyhunter kam dann auch noch dazu, wie werde ich beide los?
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (16)
  11. C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (13)
  12. PC Performer Manager und Claro Search
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (15)
  13. TR/ATRAPS.Gen eingefangen, wie beseitigen?
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (1)
  14. Spyhunter 4 und Win 7 Home Security eingefangen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (22)
  15. Antimaleware Doctor versucht zu beseitigen aber er klemmt!
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (30)
  16. PC Antispyware 2010 und Spyhunter eingefangen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2009 (19)
  17. Spyhunter und antivirus 360 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.12.2008 (3)

Zum Thema PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen - Hallo zusammen, obwohl ich kein Newbie bin habe ich mich selten dämlich angestellt! Zuerst habe ich mir den lästigen PC Performer Manager eingefangen, wie genau kann ich nicht sagen. Als - PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen...
Archiv
Du betrachtest: PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.