Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: QVO6.COM wird durch MS IE immer aufgerufen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.07.2013, 11:46   #1
TorpedoMoska
 
QVO6.COM wird durch MS IE immer aufgerufen - Böse

QVO6.COM wird durch MS IE immer aufgerufen



Hallo,
sieht so aus, als hätte ich mir einen Trojaner eingefangen :-(
MS IE ruft immer die Seite QVO6.COM auf.
Chrome habe ich neu installiert und das Problem war weg.
Folgendes habe ich bereits durchgeführt, aber leider ohne Erfolg:
1) Alle verdächtigen Addons im MS IE gelöscht.
2) Startseite im IE korrigiert.
3) Full scan mit Kaspersky. Hat was gefunden, aber hat nix genützt.
4) Full scan mit Malwarebytes. Hat was gefunden, aber hat nix genützt.
Nun wende ich mich an Euch mit den entsprechenden Logs und hoffe auf Hilfe.

Die Logs sind zu lang, daher als attachment.

Alt 16.07.2013, 11:48   #2
schrauber
/// the machine
/// TB-Ausbilder
 

QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 16.07.2013, 13:36   #3
TorpedoMoska
 
QVO6.COM wird durch MS IE immer aufgerufen - Standard

OTL und Extras



OTL
Code:
ATTFilter
OTL logfile created on: 15.07.2013 19:36:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,09% Memory free
15,81 Gb Paging File | 13,91 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 305,67 Gb Total Space | 188,84 Gb Free Space | 61,78% Space Free | Partition Type: NTFS
Drive D: | 367,97 Gb Total Space | 154,03 Gb Free Space | 41,86% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.15 13:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\2 OTL.exe
PRC - [2013.07.13 16:08:47 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.22 12:52:30 | 002,073,416 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
PRC - [2012.10.22 12:48:32 | 000,770,888 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
PRC - [2012.10.22 12:48:26 | 000,283,464 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
PRC - [2012.10.22 12:48:20 | 000,557,896 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
PRC - [2011.11.20 08:07:19 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.11.17 01:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011.07.08 02:32:30 | 000,088,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011.07.07 01:20:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011.06.30 02:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011.05.27 18:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.25 16:53:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011.05.20 21:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011.05.11 01:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) -- C:\ASUS.SYS\SIONExportService.exe
PRC - [2011.03.13 20:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.01.15 01:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.10.08 00:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.10 08:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010.02.03 10:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.08.04 18:21:58 | 000,030,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
PRC - [2009.06.24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2008.06.05 11:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.13 13:47:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f752f8cf702b7c7eff6c659b2e0c760a\System.ServiceProcess.ni.dll
MOD - [2013.07.13 13:46:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013.07.13 13:45:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.13 13:45:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.13 13:44:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.13 13:44:35 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.13 13:44:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.13 13:44:20 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.09 05:24:50 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.02.19 06:23:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.11.05 03:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.04 18:23:16 | 000,063,032 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
MOD - [2009.08.04 18:23:02 | 000,075,320 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2011.11.11 04:08:32 | 000,126,520 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2011.01.26 00:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.04.17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2013.07.13 16:08:47 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013.06.11 20:28:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.31 23:35:39 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2012.10.22 12:48:32 | 000,770,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy)
SRV - [2012.10.22 12:48:26 | 000,283,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2012.10.22 12:48:20 | 000,557,896 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer)
SRV - [2011.07.08 02:32:30 | 000,088,704 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.05.27 18:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.11 01:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\ASUS.SYS\SIONExportService.exe -- (Splashtop MDES)
SRV - [2011.04.20 19:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011.03.13 20:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.03.13 20:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.01.15 01:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 20:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.31 23:36:49 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.10.08 14:09:34 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
DRV:64bit: - [2012.09.12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.08 06:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011.12.08 06:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.10.08 09:28:44 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2011.10.07 11:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.06.09 05:24:50 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.06.02 20:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 20:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.24 03:17:08 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.05 14:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.18 07:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011.03.13 20:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.13 20:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 20:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 20:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.13 20:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.13 20:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.13 20:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.03.03 15:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.26 03:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.21 19:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.04.17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.05.26 05:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {1040F243-993E-498C-8A81-980D0B85852F}
IE - HKCU\..\SearchScopes\{1040F243-993E-498C-8A81-980D0B85852F}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 23:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 23:36:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\120.xpi [2013.07.14 01:12:02 | 000,007,589 | ---- | M] ()
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: LyricsContainer = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.120_0\
CHR - Extension: Docs = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Plus-HD-1.6 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0\crossrider
CHR - Extension: Plus-HD-1.6 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0\
CHR - Extension: Anti-Banner = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Plus-HD-1.6) - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACPW05DE] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02 Microsoft Outlook 2010.lnk = C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013308F2-961A-4F19-9F50-4B85ABC34572}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.15 19:32:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Anti-Malware
[2013.07.15 19:16:37 | 000,000,000 | R--D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.07.15 13:51:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\2 OTL.exe
[2013.07.14 23:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.07.14 17:07:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2013.07.14 17:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.14 17:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.14 17:06:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.14 17:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.14 17:06:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs
[2013.07.14 01:13:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\Qtrax
[2013.07.14 01:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-1.6
[2013.07.14 01:12:31 | 004,953,944 | ---- | C] (FLVMPlayer                                                  ) -- C:\Users\xxx\Desktop\FLVMPlayer.exe
[2013.07.14 01:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013.07.13 16:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2013.07.13 16:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.07.13 16:15:08 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software
[2013.07.13 16:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013.07.13 16:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
[2013.07.13 16:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
[2013.07.13 16:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2013.07.13 16:08:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\WebCake
[2013.07.13 16:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.07.13 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.07.13 16:08:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\eIntaller
[2013.07.13 16:08:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Dealply
[2013.07.13 16:07:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013.07.13 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013.07.13 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SwvUpdater
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.15 19:33:31 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2013.07.15 19:32:10 | 001,529,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.15 19:32:10 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.15 19:32:10 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.15 19:32:10 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.15 19:32:10 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.15 19:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.15 19:26:52 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.07.15 19:25:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.15 19:25:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.15 19:18:11 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013.07.15 19:15:23 | 000,001,914 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.6-chromeinstaller.job
[2013.07.15 19:15:22 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.07.15 19:15:22 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.6-codedownloader.job
[2013.07.15 19:15:22 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.6-updater.job
[2013.07.15 19:15:22 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.15 19:15:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.6-enabler.job
[2013.07.15 19:15:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.15 19:14:58 | 2072,027,135 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.15 13:38:04 | 000,377,856 | ---- | M] () -- C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe
[2013.07.15 13:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\2 OTL.exe
[2013.07.15 07:46:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.15 07:08:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2013.07.15 02:57:15 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.14 17:06:44 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.14 16:09:36 | 000,001,574 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.07.14 16:08:03 | 000,002,532 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.07.14 01:14:16 | 000,002,367 | ---- | M] () -- C:\Users\xxx\Desktop\Qtrax Player.lnk
[2013.07.14 01:12:59 | 004,953,944 | ---- | M] (FLVMPlayer                                                  ) -- C:\Users\xxx\Desktop\FLVMPlayer.exe
[2013.07.13 17:00:27 | 000,203,776 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.13 16:15:25 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
[2013.07.13 16:14:26 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
[2013.07.13 13:30:18 | 000,498,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.03 22:40:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.03 22:40:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.23 18:29:39 | 000,001,334 | ---- | M] () -- C:\Users\Public\Desktop\Saturn Fotoservice.lnk
[2013.06.22 19:02:42 | 000,000,224 | ---- | M] () -- C:\WifiInfo.ini.enc
 
========== Files Created - No Company Name ==========
 
[2013.07.15 19:33:31 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2013.07.15 19:31:44 | 000,377,856 | ---- | C] () -- C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe
[2013.07.14 23:20:40 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.14 17:06:44 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.14 01:14:16 | 000,002,367 | ---- | C] () -- C:\Users\xxx\Desktop\Qtrax Player.lnk
[2013.07.14 01:14:15 | 000,002,397 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
[2013.07.14 01:13:15 | 000,001,202 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.6-updater.job
[2013.07.14 01:13:12 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.6-enabler.job
[2013.07.14 01:13:07 | 000,001,206 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.6-codedownloader.job
[2013.07.14 01:12:46 | 000,001,914 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.6-chromeinstaller.job
[2013.07.14 01:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013.07.13 16:15:25 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Videobearbeitungs-Software.lnk
[2013.07.13 16:15:25 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
[2013.07.13 16:14:26 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
[2013.07.13 16:14:26 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
[2013.07.13 16:08:14 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Dealply.job
[2013.07.03 22:40:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.03 22:40:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.24 19:29:18 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2012.12.02 23:34:28 | 000,000,639 | ---- | C] () -- C:\Users\xxx\_Musik - Verknüpfung.lnk
[2012.12.02 23:34:22 | 000,000,639 | ---- | C] () -- C:\Users\xxx\_Fotos - Verknüpfung.lnk
[2012.12.02 23:34:16 | 000,000,676 | ---- | C] () -- C:\Users\xxx\_Daten_Jens - Verknüpfung.lnk
[2012.12.02 23:34:08 | 000,000,683 | ---- | C] () -- C:\Users\xxx\_Daten_Beide - Verknüpfung.lnk
[2012.12.02 23:34:02 | 000,000,676 | ---- | C] () -- C:\Users\xxx\_Daten_Anja - Verknüpfung.lnk
[2012.12.02 22:53:38 | 000,038,435 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.02.28 19:13:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012.02.27 18:07:48 | 000,017,408 | ---- | C] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db
[2012.02.24 18:49:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basic Synth
[2012.02.24 18:49:41 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Authentication
[2012.02.24 18:49:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012.02.23 22:48:14 | 000,203,776 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.20 07:37:51 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.08.19 04:33:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.08.19 04:32:39 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.19 04:32:36 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.19 04:32:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.23 22:45:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ACD Systems
[2012.02.23 21:16:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ASUS WebStorage
[2012.02.28 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canneverbe Limited
[2013.07.13 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dealply
[2013.07.13 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\eIntaller
[2012.12.27 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2012.02.28 12:01:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mp3DirectCut
[2013.06.11 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag
[2012.02.25 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nikon
[2012.02.24 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nuance
[2013.02.15 23:21:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\streamWriter
[2012.02.23 21:23:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Tools
[2013.02.24 19:29:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TwonkyServer
[2013.07.14 23:00:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WebCake
[2012.12.02 19:21:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
[2012.02.24 18:28:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 15.07.2013 19:36:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,09% Memory free
15,81 Gb Paging File | 13,91 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 305,67 Gb Total Space | 188,84 Gb Free Space | 61,78% Space Free | Partition Type: NTFS
Drive D: | 367,97 Gb Total Space | 154,03 Gb Free Space | 41,86% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Saturn Fotoservice] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Saturn Fotoservice] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C1C753-55E0-4164-A71D-3624FA36870E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{08FBD584-E9DA-42B0-B03D-901BEB76029A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{08FF5CA9-A7C1-45A7-A0C8-E20899B198EA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0FB78D79-B012-46DD-BF40-7D40AE18F693}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{11022C34-B7C5-4A39-852B-6469833C889F}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port | 
"{14342E1E-E758-4D05-ABF8-F8334CAD3C32}" = rport=139 | protocol=6 | dir=out | app=system | 
"{27E89964-EF43-4748-90D0-0438E3952E7D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{5232C3B5-98AD-4BDF-BE97-B5E15C17A52C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5EAFBDE6-01A0-457F-8480-89D15C0E2C0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{621B01E4-3D4D-4C51-83C9-5C73F9F990DF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A337210-9D2C-4EBD-91C1-08637204DE6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6AF7350C-E8B8-4793-8CF9-E170DF7FD65F}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port | 
"{6ECC7487-6355-4583-8DE2-B3334BA2C9EE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{71B49517-3461-460B-9259-6B62F0A1DC9A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{89B12867-B570-40BF-B205-4E0276211ED4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{90C657B6-61E3-4ACD-86E3-0E055B714C9E}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port | 
"{90D89644-1FF6-437A-A1AB-499859A5E52E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D20EE2C-28C0-46A1-BE7A-1C2171BD6AD9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9D47872D-032B-455C-82C7-4F11B9961491}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{A9C74BAA-BE5F-4DB2-843C-A65F5A19AB54}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACA190A5-3EC5-4EA1-B19F-52E862DC802C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE0D7653-2AAC-4D41-A08B-F0B52C04F7D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4D6D88F-582D-4337-85A9-55DC080E43FF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E1B30A05-E7AF-4C3C-BCAB-81F3FA51382A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F425B16F-F39C-4F7B-833A-30369781EEE7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F4D22AF2-9974-4E19-B152-150034B11609}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F85F7116-DDB0-49DC-A974-6FE58ECEC3DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FCB31791-C535-4C49-8B28-D32579912C36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FFC14B55-56B3-4214-838E-AD17ACA72510}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0065111C-562F-40E0-847F-56B95B1EB520}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{02D11ED0-6E0F-4655-816D-720936939494}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{06B2A73F-611A-4EA9-A806-614CAC75EC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FE19DF2-A36F-4FE5-9222-3BB52C5D1E78}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{10E59A45-DE8A-42FE-96C5-033CA918E518}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1451AE0A-56A4-4E8F-8058-24EB5089E349}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14C83036-F564-4ADB-8B72-CB61A53B6706}" = protocol=17 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst64.exe | 
"{2633DC1A-5D9D-4B2F-A43C-90B30108CD04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{265E8AFC-7B6A-4025-8024-42C817ED9D01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C37F120-69C0-400D-9DCE-01709724B753}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{33E6E1B4-2B9D-4614-B0E6-C88EB7380F28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{33F7EC75-4949-464A-B548-AA919E6F200E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{383DB608-8E39-4CA0-88B3-896F04875D92}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3BB43EBA-0121-4F84-A90B-5AF71BD86735}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"{4163AF30-AD14-4A72-A044-6B228CB22779}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{41988E21-9BA2-4B6A-9E7E-8CCE0557CFE7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{49E53989-C386-4281-9868-579E95540875}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\temp\nsuc012.tmp\sweetim_0307_y-d1264dfa.exe | 
"{4BC57399-B218-4C11-B784-FFF888AAF275}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{4C664534-7106-413B-AA0C-67505455F2D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{54AD3969-AD7C-4C95-8DC5-9A2CD3C6A7BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{62352C51-56E4-4EFF-8425-0CE7EB0E1F6A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6771451D-313F-4ACB-A0D1-A437D40CFFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | 
"{6F470A5F-0345-475D-8928-4B026CF7878D}" = protocol=6 | dir=out | app=system | 
"{87CB35AF-4F8F-4157-8937-ACB4297D2867}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8B626844-AB1D-45B7-B78C-7C7519775497}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | 
"{95A8B839-2D4F-4CBB-BF0C-1C9FC4084AF0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{96CB79F4-2D43-443C-83E6-018F5D9913A8}" = protocol=6 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst64.exe | 
"{98CA956C-14FB-4018-B62C-472842F33B45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B7F333A-6CCC-48EA-90F5-217FF0D440D3}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\temp\nsuc012.tmp\sweetim_0307_y-d1264dfa.exe | 
"{A0F1FDE9-EDB9-473B-A0B0-14B5A2A3D1C9}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{A28C1B85-B5D4-4669-9FB3-4F550CD0D0D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{A51F77F3-3F8B-4D66-A635-52630744A533}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"{A7D18DC3-A2B2-4A26-AF2B-A6FAF6CF1F12}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{ABDD64C2-D215-4FC4-8D95-103F36D427DB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{ACF9C9CE-64FF-479B-B1C5-0656FD58EEED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{AF3D4EC5-BB12-4EBD-A60A-98983EEF80B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B1AD1F66-E5CF-470E-9BD2-AD9690E4D41E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B40650A1-C3F6-4692-AA8B-A7E512F7DFE9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{BEDD66D0-2B4E-4496-8BCB-7A056A10849A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D33DF40F-164C-4381-90C2-707CB8B03FE7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3AF25A3-52BD-40A2-8ED2-EDEA8623BBC0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D7D32346-3DAF-4264-9FE4-614B6C76CE9C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DC68984B-6E3E-449F-876F-CC5ECA355C5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E31CE3D2-CA5E-4438-9B5C-2C44D7F905AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5FAA4B3-05AE-48F0-B068-39273E67E4EE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{E733C864-A0DE-4C3D-949E-AA50395A30B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{ECF4FA3A-45F2-4E53-A5A9-6A2829A04D86}" = dir=in | app=c:\users\xxx\appdata\local\microsoft\skydrive\skydrive.exe | 
"{F06DB4E7-DFF7-4500-A654-28C18B97A763}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{F18C24B0-0045-48FC-81E2-9452F1AA7374}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FACD7A7B-D0E3-405F-B061-ADF174112577}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE254289-BB29-4D5E-A051-B41D5A10D6D0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"TCP Query User{999BB7E9-A17B-4673-93A5-63FB9BDB7F25}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{3DD1F143-670D-44F9-98EC-24899E23AADB}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{627673ff-f4ea-43fd-893d-28fc6176fb2d}" = Gigaset QuickSync
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.74
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"AsMakeLink" = AsMakeLink
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PhotomatixEssentials3x64_is1" = Photomatix Essentials 64-bit version 3.1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000AD938-EEBB-46F5-BD33-23CB34A57C54}" = Movie Maker
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{01ABAEC3-8F96-4D00-9672-E49AAFDC0685}" = Windows Live Writer Resources
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0BC39E89-506A-4ADA-8924-27AEE2C97618}" = Windows Live Writer
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger
"{1D03A585-879D-45DB-B77A-C4D5A04E7286}" = Windows Live Family Safety
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{241F87F6-CEA4-4493-B4EE-0973C6088FEC}" = Windows Live Family Safety
"{252D22BA-FD4A-48C0-A937-C0E0B799F1EF}" = Windows Live Family Safety
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{2AEAFC79-79E6-4784-9CF9-D9D82932BF88}" = Windows Live Family Safety
"{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия)
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C41298B-A3F5-40C8-8BE3-A9A3F0644B0A}" = Windows Live Writer
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety
"{3F459DA9-0D88-452E-97A4-5B69C8C8C6B5}" = Windows Live Family Safety
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CCAC37-4E31-495F-9077-471E4E92DCEA}" = Windows Live Messenger
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{476C5E21-9418-4A76-80A3-0C6A470AC637}" = Windows Live Essentials
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5006FD66-7E9B-4F92-BD36-275AD7712348}" = معرض الصور
"{525E7EA7-481F-499D-A7F7-4682AC46A454}" = Movie Maker
"{5681FEA2-1CF8-461E-B611-55D2C50FC4EF}" = بريد Windows Live
"{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FCA957-224F-4623-8BE0-6295CFB2C3E4}" = Windows Live Mail
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DFDA9F-C07B-40B6-BA5C-C4C04AFF883D}" = Windows Live Family Safety
"{73669388-1011-4B57-A90F-8B0415093AB2}" = Windows Live Writer
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{794D971F-7EC1-4F71-A51C-773074CAB8DA}" = Windows Live Writer
"{79A1AF43-BD17-4A81-B38A-6D6535D3F377}" = Windows Live Writer
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{81CF4226-47C1-418C-8718-1B3ED2C37878}" = Windows Live Essentials
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources
"{A132CE8A-79EA-4BB5-9A24-4348B4DDD48A}" = Photo Common
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources
"{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B27EDD14-869E-4A44-905A-5DE652F7278F}" = Windows Live Messenger
"{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger
"{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail
"{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BE5FFB4F-FA58-48DF-BDA9-E7AE79DA9C3E}" = Windows Live Family Safety
"{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C41A3B9E-A238-4E83-AD37-D1EDD1105F5A}" = Windows Live Writer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4E8BC59-BD60-4B73-999B-758890DF4E62}" = Windows Live Writer Resources
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8BBA220-8549-462A-B411-1AF44DE098B5}" = Photo Common
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0F03C35-6196-4992-8621-6F390DFA9073}" = Windows Live Messenger
"{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources
"{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger
"{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF9A76D9-BBFA-483C-AD7F-7D6E7627AD0E}" = Windows Live Family Safety
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E37CD6E8-BC51-4D48-9840-803EC3B418D3}" = גלריית התמונות
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7AE39C6-B669-433F-A351-CA132C611310}" = Windows Live UX Platform Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{EA348D4B-FB4D-4449-8749-654CA51F56A6}" = Windows Live UX Platform Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Anti-Twin 2012-03-23 11.35.37" = Anti-Twin (Installation 23.03.2012)
"Asus Vibe2.0" = AsusVibe2.0
"AsusScr_N5_En" = AsusScr_N5_En
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"DealPly" = DealPly (remove only)
"ElsterFormular" = ElsterFormular
"FreeCommander_is1" = FreeCommander 2009.02b
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Lyrics@LyricsContainer.co" = LyricsContainer
"MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mp3tag" = Mp3tag v2.50
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Plus-HD-1.6" = Plus-HD-1.6
"Prism" = Prism Videodatei-Konverter
"Revo Uninstaller" = Revo Uninstaller 1.93
"Saturn Fotoservice" = Saturn Fotoservice
"streamWriter_is1" = streamWriter
"TwonkyServer" = Twonky 7
"VideoPad" = VideoPad Videobearbeitungs-Software
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WsysControl" = Wsys Control 1.0.0.2539
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2528993004.portal.qtrax.com" = Qtrax Player
"Dealply" = Dealply
"Qtrax" = Qtrax
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.12.2012 15:56:51 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSeePro5.exe, Version: 5.2.157.0,
 Zeitstempel: 0x4f755eba  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0x1e94  Startzeit der fehlerhaften Anwendung: 0x01cde07e3105cbce  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeePro5.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b99fcb74-4c71-11e2-927d-742f68e36d21
 
Error - 22.12.2012 16:27:18 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.12.2012 16:27:18 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2496
 
Error - 22.12.2012 16:27:18 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2496
 
Error - 22.12.2012 16:27:22 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.12.2012 16:27:22 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6490
 
Error - 22.12.2012 16:27:22 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6490
 
Error - 22.12.2012 16:40:47 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSeePro5.exe, Version: 5.2.157.0,
 Zeitstempel: 0x4f755eba  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0x1ce4  Startzeit der fehlerhaften Anwendung: 0x01cde08495b9bc98  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeePro5.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: dce7a36d-4c77-11e2-927d-742f68e36d21
 
Error - 23.12.2012 07:25:56 | Computer Name = Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Tools\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\Tools\freecommander\DelZip179.dll" in Zeile 8.  Der Wert 
"*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.12.2012 09:41:38 | Computer Name = Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Tools\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\Tools\freecommander\DelZip179.dll" in Zeile 8.  Der Wert 
"*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 13.07.2013 12:57:25 | Computer Name = Notebook | Source = Application Popup | ID = 86
Description = Für ein Dateiobjekt mit wartendem Löschvorgang wurde ein Vorgang angefordert,
 der kein Schließvorgang ist.
 
Error - 13.07.2013 12:57:25 | Computer Name = Notebook | Source = Application Popup | ID = 86
Description = Für ein Dateiobjekt mit wartendem Löschvorgang wurde ein Vorgang angefordert,
 der kein Schließvorgang ist.
 
Error - 14.07.2013 10:07:59 | Computer Name = Notebook | Source = Service Control Manager | ID = 7003
Description = Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 14.07.2013 10:09:19 | Computer Name = Notebook | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
 
Error - 14.07.2013 11:34:18 | Computer Name = Notebook | Source = Service Control Manager | ID = 7003
Description = Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 14.07.2013 11:35:43 | Computer Name = Notebook | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
 
Error - 14.07.2013 17:00:09 | Computer Name = Notebook | Source = Service Control Manager | ID = 7003
Description = Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 14.07.2013 17:01:36 | Computer Name = Notebook | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
 
Error - 15.07.2013 13:15:21 | Computer Name = Notebook | Source = Service Control Manager | ID = 7003
Description = Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 15.07.2013 13:16:41 | Computer Name = Notebook | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
 
 
< End of report >
         
__________________

Alt 16.07.2013, 13:38   #4
TorpedoMoska
 
QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-15 20:53:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: 3 gmer_2.1.19163 desktop.exe; Driver: C:\Users\xxx~1\AppData\Local\Temp\fxtdqpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                         0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                       0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                       0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                       0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!RegSetValueExA                                0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                            000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                              000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                          000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                           000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                       000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                         000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                     000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\ole32.dll!CoCreateInstance                                 000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\ProgramData\eSafe\eGdpSvc.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000076c61465 2 bytes [C6, 76]
.text   C:\ProgramData\eSafe\eGdpSvc.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               0000000076c614bb 2 bytes [C6, 76]
.text   ...                                                                                                                                           * 2
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                  0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                         0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                     000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                       000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                          000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                   000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                    000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                                                000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                  000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                                              000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\ole32.dll!CoCreateInstance                                                          000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                         000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                     000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                       000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                          000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                   000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                    000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                                                000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                  000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                                              000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\ole32.dll!CoCreateInstance                                                          000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                         000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                    000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                      000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                         000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                  000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                   000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                                               000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                                             000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\ole32.dll!CoCreateInstance                                                         000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                        000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                 00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                        000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                        00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                        0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                          0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                             00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                           00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                               00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                  00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                          00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                            00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                  0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000076c61465 2 bytes [C6, 76]
.text   C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000076c614bb 2 bytes [C6, 76]
.text   ...                                                                                                                                           * 2
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                   00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                          000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                          00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                          0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                            0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                               00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                             00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                    00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                            00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                              00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                   0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                    0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                         00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                  0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                     00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                   00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                       00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                          00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                  00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                    00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                         0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\ole32.dll!CoCreateInstance                          0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                  0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!RegSetValueExA                                         0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                     000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                       000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                          000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                   000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                    000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                                000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                  000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                              000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\ole32.dll!CoCreateInstance                                          000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                         000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                         000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                           000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                              000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                       000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                                                    000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                                                  000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                               0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                               0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                               0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                        0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                    000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                      000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                         000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                  000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                   000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                                               000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                                             000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\ole32.dll!CoCreateInstance                                                         000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                        000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                   0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                 0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                 0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!RegSetValueExA                                          0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                      000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                        000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                           000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                    000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\ole32.dll!CoCreateInstance                                           000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                          000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                     000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                                 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                   000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                               000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                           0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                         0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                         0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                         0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!RegSetValueExA                                  0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                              000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                   000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                            000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                             000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                         000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                           000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                       000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\ole32.dll!CoCreateInstance                                   000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                  000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                    0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                  0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                  0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                  0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!RegSetValueExA                                           0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                       000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                         000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                            000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                     000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                      000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                                  000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                    000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                                000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\ole32.dll!CoCreateInstance                                            000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                           000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                              0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                            0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                            0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                            0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!RegSetValueExA                                     0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                   000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                      000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                               000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                            000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                              000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                          000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\ole32.dll!CoCreateInstance                                      000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                     000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                             0000000077a1efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                           0000000077a499b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                           0000000077a594d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                           0000000077a59640 5 bytes JMP 000000016fff0110
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!RegSetValueExA                                    0000000077a7a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                  000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                     000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                              000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                               000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                           000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                             000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                         000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\ole32.dll!CoCreateInstance                                     000007feff877490 11 bytes JMP 000007fffdc90228
.text   C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                    000007feff88bf00 7 bytes JMP 000007fffdc90260
.text   C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA           00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                         00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                  0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                     00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                   00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                       00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                          00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                  00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                    00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                         0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\ole32.dll!CoCreateInstance                          0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                             00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                    000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                    00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                    0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                      0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                         00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                       00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                           00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                              00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                             0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\ole32.dll!CoCreateInstance                              0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                      00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                        00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                            00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                   000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                   00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                   0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                     0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                        00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                      00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                          00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                             00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                     00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                       00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                            0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\ole32.dll!CoCreateInstance                             0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                     00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW            000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx            00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation            0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW              0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW               00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                   00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                      00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList              00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                     0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstance                      0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                   00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                          000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                          00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                          0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                            0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                               00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                             00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                    00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                            00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                              00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                   0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                    0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                 00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW        000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx        00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation        0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW          0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW             00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW           00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW               00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                  00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList          00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo            00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                          00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                 000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                 00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                 0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                   0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                      00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                    00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                        00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                           00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                   00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                     00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                          0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                           0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                              00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                     000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                     00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                     0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                       0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                          00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                        00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                            00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                               00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                       00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                         00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                              0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\ole32.dll!CoCreateInstance                               0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076c61465 2 bytes [C6, 76]
.text   C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     0000000076c614bb 2 bytes [C6, 76]
.text   ...                                                                                                                                           * 2
.text   C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000076c61465 2 bytes [C6, 76]
.text   C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000076c614bb 2 bytes [C6, 76]
.text   ...                                                                                                                                           * 2
.text   C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000076c61465 2 bytes [C6, 76]
.text   C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000076c614bb 2 bytes [C6, 76]
.text   ...                                                                                                                                           * 2
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                           00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                  000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                  00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                  0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                    0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                       00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                     00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                         00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                            00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                    00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                      00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                           0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\ole32.dll!CoCreateInstance                            0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                          00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                 000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                 00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                 0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                   0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                      00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                    00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                        00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                           00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                   00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                     00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                          0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\ole32.dll!CoCreateInstance                           0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                              00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                     000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                     00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                     0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                       0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                          00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                        00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                            00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                               00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                       00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                         00000000769debdc 5 bytes JMP 00000001755a1a90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                              0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\ole32.dll!CoCreateInstance                               0000000077539d0b 5 bytes JMP 00000001755a1c70
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                    000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                      000007fefdca9940 6 bytes JMP 000007fffdc90148
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                         000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                  000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                   000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4                               000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4                             000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000076c61465 2 bytes [C6, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           0000000076c614bb 2 bytes [C6, 76]
.text   ...                                                                                                                                           * 2
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                 00000000777f1429 7 bytes JMP 00000001755a1e90
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                        000000007780b223 5 bytes JMP 00000001755a1da0
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                        00000000778888f4 7 bytes JMP 00000001755a1d90
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                        0000000077888979 5 bytes JMP 00000001755a1e80
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                          0000000077888ccf 5 bytes JMP 00000001755a1e10
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                             00000000774b1d1b 5 bytes JMP 00000001755a2490
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                           00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                               00000000774b2aa4 5 bytes JMP 00000001755a2560
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                  00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                          00000000769de9a2 5 bytes JMP 00000001755a1a00
.text   C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                            00000000769debdc 5 bytes JMP 00000001755a1a90

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2076:1932]                                                                                                   000007fef0599688
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5252:5528]                                                                                000007fefbc92a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5252:7112]                                                                                000007fef0ddd618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5252:5084]                                                                                000007fef0d79730
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5252:4580]                                                                                000007fef0ddd618

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68e36d21                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68e36d21@0007614b1f7a                                                      0x0F 0x1C 0x8D 0x7C ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                               
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68e36d21 (not active ControlSet)                                               
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68e36d21@0007614b1f7a                                                          0x0F 0x1C 0x8D 0x7C ...

---- EOF - GMER 2.1 ----
         

Alt 16.07.2013, 13:43   #5
schrauber
/// the machine
/// TB-Ausbilder
 

QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



FRST bitte noch

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2013, 21:59   #6
TorpedoMoska
 
QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



FRST.TXT
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-07-2013 03
Ran by Siemering at 2013-07-16 22:54:37
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
ACDSee Pro 5 (x32 Version: 5.2.157)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
akeLink
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443)
Anti-Twin (Installation 23.03.2012) (x32)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0)
ASUS AI Recovery (x32 Version: 1.0.24)
ASUS FancyStart (x32 Version: 1.1.1)
ASUS LifeFrame3 (x32 Version: 3.0.22)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Music Maker (x32 Version: 17.0.2.22)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS USB Charger Plus (x32 Version: 2.0.3)
ASUS Video Magic (x32 Version: 6.0.4710)
ASUS Virtual Camera (x32 Version: 1.0.21)
AsusScr_N5_En (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.4.617)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.4.2.3442)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDirector (x32 Version: 8.0.3327)
CyberLink PowerDVD 10 (x32 Version: 10.0.3122.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Dealply (HKCU)
DealPly (remove only) (x32 Version: 4.8.6.6)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ElsterFormular (x32 Version: 13.4.1.10296)
Fast Boot (Version: 1.0.9)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0)
Fotogalerie (x32 Version: 16.4.3505.0912)
FreeCommander 2009.02b (x32 Version: 2009.02)
Galeria de Fotografias (x32 Version: 16.4.3505.0912)
Galería de fotos (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Gigaset QuickSync (Version: 8.0.0856.1)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService (x32 Version: 001.001.0.0)
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0)
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1)
HPSSupply (x32 Version: 2.1.1.0000)
InstantOn for NB (x32 Version: 2.1.2)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2405)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
iTunes (Version: 10.6.0.40)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374)
LyricsContainer (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Movie Maker (x32 Version: 16.4.3505.0912)
Mp3tag v2.50 (x32 Version: v2.50)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Now! (x32 Version: 1.0.9.0)
Nikon Message Center (x32 Version: 0.92.000)
Nikon Transfer (x32 Version: 1.1.1)
NVIDIA 3D Vision Driver 268.74 (Version: 268.74)
NVIDIA Control Panel 268.74 (Version: 268.74)
NVIDIA Graphics Driver 268.74 (Version: 268.74)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6874)
NVIDIA Update Components (Version: 1.0.23)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Photomatix Essentials 64-bit version 3.1.1 (Version: 3.1.1)
Picasa 3 (x32 Version: 3.8)
Plus-HD-1.6 (x32 Version: 1.27.153.8)
Prism Videodatei-Konverter (x32)
Qtrax (HKCU Version: 20.13.06.24)
Qtrax Player (HKCU)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413)
Revo Uninstaller 1.93 (x32 Version: 1.93)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Saturn Fotoservice (x32 Version: 5.0.4)
SonicMaster (x32 Version: 1.0.0.4)
streamWriter (x32)
Synaptics Pointing Device Driver (Version: 15.3.6.0)
syncables desktop SE (x32 Version: 5.5.746.11492)
Twonky 7 (x32 Version: 7.1.2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VideoPad Videobearbeitungs-Software (x32)
WebCake 3.00 (Version: 3.00)
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Live 程式集 (x32 Version: 16.4.3505.0912)
WinFlash (x32 Version: 2.31.1)
Wireless Console 3 (x32 Version: 3.0.19)
Wsys Control 1.0.0.2539 (x32 Version: 1.0.0.2539)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912)
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912)
Почта Windows Live (x32 Version: 16.4.3505.0912)
Фотоальбом (x32 Version: 16.4.3505.0912)
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912)
גלריית התמונות (x32 Version: 16.4.3505.0912)
بريد Windows Live (x32 Version: 16.4.3505.0912)
معرض الصور (x32 Version: 16.4.3505.0912)
影像中心 (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

29-06-2013 17:10:13 Windows Update
03-07-2013 12:47:43 Windows Update
03-07-2013 13:24:35 Windows Update
03-07-2013 20:35:30 Windows Update
12-07-2013 22:24:58 Windows Update
12-07-2013 22:38:00 Windows Update
14-07-2013 21:24:29 Removed Internet Explorer Toolbar 4.9 by SweetPacks

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F878681-35E4-444F-B3BF-A3145F2B0A5F} - System32\Tasks\LyricsContainer Update => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-07-08] (RYD Software)
Task: {18387617-6EB2-4EF7-8A9F-68E875C70382} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-14] (Plus HD)
Task: {1D667096-8482-4EA4-8A91-567CE3E5D246} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {1DA69E7F-EDCB-499B-82DF-5C78D95CB117} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {42DEA711-8B2F-4861-A18D-2CF9AEC5CDE0} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.)
Task: {504216D4-8E67-441B-981C-8D77969D8638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {611C23BE-BB80-4822-8D96-590CFF7EB529} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {62E8CE4D-3FC6-4B08-96F9-B60B45E10802} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {6B777E35-5966-4345-B850-0365437A137B} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software)
Task: {6E94109F-2AF3-4419-A80B-C63B2B3DDAD9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {7B4C7171-E3A0-4C45-9D55-1B81B8288ADF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {7F0901EE-0C75-4B06-9AAC-E5F79D981AE5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File
Task: {7F2B3B36-39EE-4DBD-B605-A844A9F68A6D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {9C22813A-BF70-409A-9638-26AFAB8EBE57} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1038504468-1263906284-4239949246-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {9CCA9DB4-ACF2-4C0E-A89C-735E94390DFF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {9F907014-6D8A-40ED-AF2C-6D7FAC507E6E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe No File
Task: {A1B339F7-738C-410D-AE56-9F5555C4CCE8} - System32\Tasks\NCH Software\videopadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software)
Task: {B31C0C03-924E-4D49-AC4A-E928DF7ECDFD} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-14] (Plus HD)
Task: {C6B88561-4648-4249-9E00-431A2F0BCD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.)
Task: {CEBCBBC3-BB28-4A7B-94AD-30123FC978B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DBD9B0F2-9794-4B7F-A066-F6043D403F8E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-14] (Plus HD)
Task: {E9FE1CC5-0C9D-47B6-845D-DEE936689AF5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {EA6CA77E-0AD5-4F13-9A77-63ADA5B92841} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-14] (Plus HD)
Task: {F3E58099-D38B-4FE3-AC42-318231512A39} - System32\Tasks\Dealply => C:\Users\SIEMER~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [2013-07-13] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 03:27:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/14/2013 01:14:52 AM) (Source: MsiInstaller) (User: NOTEBOOK)
Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (07/14/2013 01:14:25 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: notification.exe, Version: 0.0.0.0, Zeitstempel: 0x51cda4f4
Name des fehlerhaften Moduls: notification.exe, Version: 0.0.0.0, Zeitstempel: 0x51cda4f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000030e2
ID des fehlerhaften Prozesses: 0x277c
Startzeit der fehlerhaften Anwendung: 0xnotification.exe0
Pfad der fehlerhaften Anwendung: notification.exe1
Pfad des fehlerhaften Moduls: notification.exe2
Berichtskennung: notification.exe3

Error: (07/13/2013 10:28:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6240

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6240

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2013 05:24:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ACDSeePro5.exe, Version: 5.2.157.0, Zeitstempel: 0x4f755eba
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x9f4
Startzeit der fehlerhaften Anwendung: 0xACDSeePro5.exe0
Pfad der fehlerhaften Anwendung: ACDSeePro5.exe1
Pfad des fehlerhaften Moduls: ACDSeePro5.exe2
Berichtskennung: ACDSeePro5.exe3

Error: (07/13/2013 04:06:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/13/2013 03:47:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1965


System errors:
=============
Error: (07/16/2013 10:43:31 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.247
registriert werden. Der Computer mit IP-Adresse 10.0.0.130 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/16/2013 09:30:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/16/2013 09:29:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/15/2013 07:16:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/15/2013 07:15:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/14/2013 11:01:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/14/2013 11:00:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/14/2013 05:35:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/14/2013 05:34:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/14/2013 04:09:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (07/15/2013 03:27:35 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8

Error: (07/14/2013 01:14:52 AM) (Source: MsiInstaller)(User: NOTEBOOK)
Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/14/2013 01:14:25 AM) (Source: Application Error)(User: )
Description: notification.exe0.0.0.051cda4f4notification.exe0.0.0.051cda4f4c0000005000030e2277c01ce801eb426cfe9C:\Users\Siemering\Qtrax\Player\notification.exeC:\Users\Siemering\Qtrax\Player\notification.exef4ef8b6e-ec11-11e2-978c-742f68e36d21

Error: (07/13/2013 10:28:50 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6240

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6240

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2013 05:24:04 PM) (Source: Application Error)(User: )
Description: ACDSeePro5.exe5.2.157.04f755ebantdll.dll6.1.7601.177254ec49b8fc0000374000ce6c39f401ce7fbd71c7cfa7C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeePro5.exeC:\Windows\SysWOW64\ntdll.dll401e513e-ebd0-11e2-978c-742f68e36d21

Error: (07/13/2013 04:06:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Siemering\Downloads\SoftonicDownloader_for_volume-control.exe

Error: (07/13/2013 03:47:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1965


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 8096.05 MB
Available physical RAM: 5663.23 MB
Total Pagefile: 16190.29 MB
Available Pagefile: 13526.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:305.67 GB) (Free:188.71 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:367.97 GB) (Free:154.03 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=306 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-07-2013 03
Ran by Siemering at 2013-07-16 22:54:37
Running from C:\Users\Siemering\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
ACDSee Pro 5 (x32 Version: 5.2.157)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
akeLink
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443)
Anti-Twin (Installation 23.03.2012) (x32)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0)
ASUS AI Recovery (x32 Version: 1.0.24)
ASUS FancyStart (x32 Version: 1.1.1)
ASUS LifeFrame3 (x32 Version: 3.0.22)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Music Maker (x32 Version: 17.0.2.22)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS USB Charger Plus (x32 Version: 2.0.3)
ASUS Video Magic (x32 Version: 6.0.4710)
ASUS Virtual Camera (x32 Version: 1.0.21)
AsusScr_N5_En (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.4.617)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.4.2.3442)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDirector (x32 Version: 8.0.3327)
CyberLink PowerDVD 10 (x32 Version: 10.0.3122.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Dealply (HKCU)
DealPly (remove only) (x32 Version: 4.8.6.6)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ElsterFormular (x32 Version: 13.4.1.10296)
Fast Boot (Version: 1.0.9)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0)
Fotogalerie (x32 Version: 16.4.3505.0912)
FreeCommander 2009.02b (x32 Version: 2009.02)
Galeria de Fotografias (x32 Version: 16.4.3505.0912)
Galería de fotos (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Gigaset QuickSync (Version: 8.0.0856.1)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService (x32 Version: 001.001.0.0)
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0)
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1)
HPSSupply (x32 Version: 2.1.1.0000)
InstantOn for NB (x32 Version: 2.1.2)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2405)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
iTunes (Version: 10.6.0.40)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374)
LyricsContainer (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Movie Maker (x32 Version: 16.4.3505.0912)
Mp3tag v2.50 (x32 Version: v2.50)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Now! (x32 Version: 1.0.9.0)
Nikon Message Center (x32 Version: 0.92.000)
Nikon Transfer (x32 Version: 1.1.1)
NVIDIA 3D Vision Driver 268.74 (Version: 268.74)
NVIDIA Control Panel 268.74 (Version: 268.74)
NVIDIA Graphics Driver 268.74 (Version: 268.74)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6874)
NVIDIA Update Components (Version: 1.0.23)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Photomatix Essentials 64-bit version 3.1.1 (Version: 3.1.1)
Picasa 3 (x32 Version: 3.8)
Plus-HD-1.6 (x32 Version: 1.27.153.8)
Prism Videodatei-Konverter (x32)
Qtrax (HKCU Version: 20.13.06.24)
Qtrax Player (HKCU)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413)
Revo Uninstaller 1.93 (x32 Version: 1.93)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Saturn Fotoservice (x32 Version: 5.0.4)
SonicMaster (x32 Version: 1.0.0.4)
streamWriter (x32)
Synaptics Pointing Device Driver (Version: 15.3.6.0)
syncables desktop SE (x32 Version: 5.5.746.11492)
Twonky 7 (x32 Version: 7.1.2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VideoPad Videobearbeitungs-Software (x32)
WebCake 3.00 (Version: 3.00)
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Live 程式集 (x32 Version: 16.4.3505.0912)
WinFlash (x32 Version: 2.31.1)
Wireless Console 3 (x32 Version: 3.0.19)
Wsys Control 1.0.0.2539 (x32 Version: 1.0.0.2539)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912)
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912)
Почта Windows Live (x32 Version: 16.4.3505.0912)
Фотоальбом (x32 Version: 16.4.3505.0912)
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912)
גלריית התמונות (x32 Version: 16.4.3505.0912)
بريد Windows Live (x32 Version: 16.4.3505.0912)
معرض الصور (x32 Version: 16.4.3505.0912)
影像中心 (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

29-06-2013 17:10:13 Windows Update
03-07-2013 12:47:43 Windows Update
03-07-2013 13:24:35 Windows Update
03-07-2013 20:35:30 Windows Update
12-07-2013 22:24:58 Windows Update
12-07-2013 22:38:00 Windows Update
14-07-2013 21:24:29 Removed Internet Explorer Toolbar 4.9 by SweetPacks

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F878681-35E4-444F-B3BF-A3145F2B0A5F} - System32\Tasks\LyricsContainer Update => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-07-08] (RYD Software)
Task: {18387617-6EB2-4EF7-8A9F-68E875C70382} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-14] (Plus HD)
Task: {1D667096-8482-4EA4-8A91-567CE3E5D246} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {1DA69E7F-EDCB-499B-82DF-5C78D95CB117} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {42DEA711-8B2F-4861-A18D-2CF9AEC5CDE0} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.)
Task: {504216D4-8E67-441B-981C-8D77969D8638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {611C23BE-BB80-4822-8D96-590CFF7EB529} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {62E8CE4D-3FC6-4B08-96F9-B60B45E10802} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {6B777E35-5966-4345-B850-0365437A137B} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software)
Task: {6E94109F-2AF3-4419-A80B-C63B2B3DDAD9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {7B4C7171-E3A0-4C45-9D55-1B81B8288ADF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {7F0901EE-0C75-4B06-9AAC-E5F79D981AE5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File
Task: {7F2B3B36-39EE-4DBD-B605-A844A9F68A6D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {9C22813A-BF70-409A-9638-26AFAB8EBE57} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1038504468-1263906284-4239949246-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {9CCA9DB4-ACF2-4C0E-A89C-735E94390DFF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {9F907014-6D8A-40ED-AF2C-6D7FAC507E6E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe No File
Task: {A1B339F7-738C-410D-AE56-9F5555C4CCE8} - System32\Tasks\NCH Software\videopadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software)
Task: {B31C0C03-924E-4D49-AC4A-E928DF7ECDFD} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-14] (Plus HD)
Task: {C6B88561-4648-4249-9E00-431A2F0BCD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.)
Task: {CEBCBBC3-BB28-4A7B-94AD-30123FC978B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DBD9B0F2-9794-4B7F-A066-F6043D403F8E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-14] (Plus HD)
Task: {E9FE1CC5-0C9D-47B6-845D-DEE936689AF5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {EA6CA77E-0AD5-4F13-9A77-63ADA5B92841} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-14] (Plus HD)
Task: {F3E58099-D38B-4FE3-AC42-318231512A39} - System32\Tasks\Dealply => C:\Users\SIEMER~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [2013-07-13] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 03:27:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/14/2013 01:14:52 AM) (Source: MsiInstaller) (User: NOTEBOOK)
Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (07/14/2013 01:14:25 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: notification.exe, Version: 0.0.0.0, Zeitstempel: 0x51cda4f4
Name des fehlerhaften Moduls: notification.exe, Version: 0.0.0.0, Zeitstempel: 0x51cda4f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000030e2
ID des fehlerhaften Prozesses: 0x277c
Startzeit der fehlerhaften Anwendung: 0xnotification.exe0
Pfad der fehlerhaften Anwendung: notification.exe1
Pfad des fehlerhaften Moduls: notification.exe2
Berichtskennung: notification.exe3

Error: (07/13/2013 10:28:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6240

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6240

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2013 05:24:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ACDSeePro5.exe, Version: 5.2.157.0, Zeitstempel: 0x4f755eba
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x9f4
Startzeit der fehlerhaften Anwendung: 0xACDSeePro5.exe0
Pfad der fehlerhaften Anwendung: ACDSeePro5.exe1
Pfad des fehlerhaften Moduls: ACDSeePro5.exe2
Berichtskennung: ACDSeePro5.exe3

Error: (07/13/2013 04:06:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/13/2013 03:47:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1965


System errors:
=============
Error: (07/16/2013 10:43:31 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.247
registriert werden. Der Computer mit IP-Adresse 10.0.0.130 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/16/2013 09:30:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/16/2013 09:29:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/15/2013 07:16:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/15/2013 07:15:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/14/2013 11:01:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/14/2013 11:00:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/14/2013 05:35:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/14/2013 05:34:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/14/2013 04:09:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (07/15/2013 03:27:35 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8

Error: (07/14/2013 01:14:52 AM) (Source: MsiInstaller)(User: NOTEBOOK)
Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/14/2013 01:14:25 AM) (Source: Application Error)(User: )
Description: notification.exe0.0.0.051cda4f4notification.exe0.0.0.051cda4f4c0000005000030e2277c01ce801eb426cfe9C:\Users\Siemering\Qtrax\Player\notification.exeC:\Users\Siemering\Qtrax\Player\notification.exef4ef8b6e-ec11-11e2-978c-742f68e36d21

Error: (07/13/2013 10:28:50 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6240

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6240

Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2013 05:24:04 PM) (Source: Application Error)(User: )
Description: ACDSeePro5.exe5.2.157.04f755ebantdll.dll6.1.7601.177254ec49b8fc0000374000ce6c39f401ce7fbd71c7cfa7C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeePro5.exeC:\Windows\SysWOW64\ntdll.dll401e513e-ebd0-11e2-978c-742f68e36d21

Error: (07/13/2013 04:06:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Siemering\Downloads\SoftonicDownloader_for_volume-control.exe

Error: (07/13/2013 03:47:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1965


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 8096.05 MB
Available physical RAM: 5663.23 MB
Total Pagefile: 16190.29 MB
Available Pagefile: 13526.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:305.67 GB) (Free:188.71 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:367.97 GB) (Free:154.03 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=306 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 17.07.2013, 08:16   #7
schrauber
/// the machine
/// TB-Ausbilder
 

QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



Du hast 2mal die Additional.txt gepostet und die FRST.txt vergessen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.07.2013, 21:51   #8
TorpedoMoska
 
QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



FSRT die 2.

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 03
Ran by xxx (administrator) on 16-07-2013 22:52:51
Running from C:\Users\xxx\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Splashtop Inc.) C:\ASUS.SYS\SIONExportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Splashtop Inc.) C:\ASUS.SYS\wifiexport.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-27] (Google Inc.)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
MountPoints2: F - F:\SISetup.exe
HKLM-x32\...\Run: [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ACPW05DE] - "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE [822384 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-06-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TwonkyServer.lnk
ShortcutTarget: TwonkyServer.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
Startup: C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02 Microsoft Outlook 2010.lnk
ShortcutTarget: 02 Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21}
HKCU SearchScopes: DefaultScope {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - hxxp://www.google.de/search?q={searchTerms}
CHR DefaultSuggestURL: (Google) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Siemering\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (LyricsContainer) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.120_0
CHR Extension: (Docs) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Plus-HD-1.6) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0
CHR Extension: (Anti-Banner) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [249856 2011-02-15] ()
R2 Splashtop MDES; C:\ASUS.SYS\SIONExportService.exe [338208 2011-05-11] (Splashtop Inc.)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [770888 2012-10-22] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [557896 2012-10-22] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [283464 2012-10-22] ()
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [386112 2013-07-13] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-10-08] (Marvell Semiconductor, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\Siemering\Downloads\FRST64.exe
2013-07-16 21:30 - 2013-07-16 21:30 - 00000000 ___RD C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:32 - 2013-07-15 20:03 - 00000000 ____D C:\Users\Siemering\Desktop\Anti-Malware
2013-07-15 19:31 - 2013-07-15 13:38 - 00377856 _____ C:\Users\Siemering\Desktop\3 gmer_2.1.19163 desktop.exe
2013-07-14 23:20 - 2013-07-15 02:57 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 17:05 - 2013-07-14 17:06 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Siemering\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\Siemering\Desktop\Qtrax Player.lnk
2013-07-14 01:13 - 2013-07-16 21:29 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-14 01:13 - 2013-07-16 21:29 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-14 01:13 - 2013-07-16 21:29 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-14 01:13 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-14 01:12 - 2013-07-16 21:32 - 00000416 _____ C:\Windows\Tasks\LyricsContainer Update.job
2013-07-14 01:12 - 2013-07-16 21:29 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-14 01:12 - 2013-07-14 01:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\Siemering\Desktop\FLVMPlayer.exe
2013-07-14 01:12 - 2013-07-14 01:12 - 00003072 _____ C:\Windows\System32\Tasks\LyricsContainer Update
2013-07-14 01:12 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\LyricsContainer
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:14 - 2013-07-13 16:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\Siemering\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-16 22:45 - 00000000 ____D C:\ProgramData\eSafe
2013-07-13 16:08 - 2013-07-16 22:09 - 00000304 _____ C:\Windows\Tasks\Dealply.job
2013-07-13 16:08 - 2013-07-14 23:00 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\WebCake
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 16:08 - 2013-07-13 16:08 - 00003252 _____ C:\Windows\System32\Tasks\Dealply
2013-07-13 16:08 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\eIntaller
2013-07-13 16:08 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Dealply
2013-07-13 16:07 - 2013-07-14 17:33 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\SwvUpdater
2013-07-13 16:07 - 2013-07-13 16:07 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-13 16:07 - 2013-07-13 16:07 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-13 00:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 00:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 00:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 00:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 00:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 00:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 00:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 00:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 00:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 00:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 00:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 22:36 - 2013-07-03 22:53 - 00009228 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\Siemering\Downloads\FRST64.exe
2013-07-16 22:51 - 2012-02-27 16:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-16 22:51 - 2012-02-27 16:19 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-16 22:47 - 2012-02-25 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-16 22:46 - 2012-02-27 16:19 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 22:46 - 2012-02-27 16:19 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-16 22:45 - 2013-07-13 16:08 - 00000000 ____D C:\ProgramData\eSafe
2013-07-16 22:43 - 2013-02-24 19:29 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-07-16 22:42 - 2012-03-04 19:43 - 00000000 ____D C:\Users\Siemering\Outlook-Dateien
2013-07-16 22:42 - 2012-03-04 19:43 - 00000000 ____D C:\Users\Siemering\Outlook-Dateien
2013-07-16 22:42 - 2012-03-04 19:43 - 00000000 ____D C:\Users\Siemering\Outlook-Dateien
2013-07-16 22:41 - 2012-02-28 19:10 - 00000177 ____H C:\dvmexp.idx
2013-07-16 22:28 - 2013-02-23 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 22:09 - 2013-07-13 16:08 - 00000304 _____ C:\Windows\Tasks\Dealply.job
2013-07-16 21:39 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 21:39 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 21:32 - 2013-07-14 01:12 - 00000416 _____ C:\Windows\Tasks\LyricsContainer Update.job
2013-07-16 21:30 - 2013-07-16 21:30 - 00000000 ___RD C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-16 21:30 - 2012-02-22 19:34 - 00000000 ___HD C:\ASUS.DAT
2013-07-16 21:30 - 2012-02-22 19:34 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\VirtualStore
2013-07-16 21:30 - 2011-11-20 07:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-16 21:29 - 2013-07-14 01:13 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-16 21:29 - 2013-07-14 01:13 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-16 21:29 - 2013-07-14 01:13 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-16 21:29 - 2013-07-14 01:12 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-16 21:29 - 2011-11-20 08:09 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-16 21:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 21:29 - 2009-07-14 06:51 - 00105462 _____ C:\Windows\setupact.log
2013-07-15 20:56 - 2011-11-20 07:32 - 01095607 _____ C:\Windows\WindowsUpdate.log
2013-07-15 20:03 - 2013-07-15 19:32 - 00000000 ____D C:\Users\Siemering\Desktop\Anti-Malware
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2012-02-22 19:34 - 00000000 ___RD C:\Users\Siemering
2013-07-15 19:32 - 2011-02-19 06:24 - 00665812 _____ C:\Windows\system32\perfh007.dat
2013-07-15 19:32 - 2011-02-19 06:24 - 00133992 _____ C:\Windows\system32\perfc007.dat
2013-07-15 19:32 - 2009-07-14 07:13 - 01529502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 13:38 - 2013-07-15 19:31 - 00377856 _____ C:\Users\Siemering\Desktop\3 gmer_2.1.19163 desktop.exe
2013-07-15 02:57 - 2013-07-14 23:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 23:17 - 2012-02-23 21:19 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\Google
2013-07-14 23:00 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\WebCake
2013-07-14 23:00 - 2011-04-13 03:39 - 00370596 _____ C:\Windows\PFRO.log
2013-07-14 17:33 - 2013-07-13 16:07 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\SwvUpdater
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-07-14 17:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Siemering\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 16:09 - 2011-11-20 07:55 - 00001574 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-14 16:08 - 2011-11-20 07:55 - 00002532 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\Siemering\Desktop\Qtrax Player.lnk
2013-07-14 01:14 - 2012-02-24 12:14 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\CrashDumps
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\Siemering\Desktop\FLVMPlayer.exe
2013-07-14 01:12 - 2013-07-14 01:12 - 00003072 _____ C:\Windows\System32\Tasks\LyricsContainer Update
2013-07-14 01:12 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\LyricsContainer
2013-07-13 17:00 - 2012-02-23 22:48 - 00203776 _____ C:\Users\SIEMER~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:15 - 2013-07-13 16:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\Siemering\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 16:08 - 2013-07-13 16:08 - 00003252 _____ C:\Windows\System32\Tasks\Dealply
2013-07-13 16:08 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\eIntaller
2013-07-13 16:08 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Dealply
2013-07-13 16:08 - 2012-02-22 19:35 - 00001683 _____ C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-13 16:07 - 2013-07-13 16:07 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-13 16:07 - 2013-07-13 16:07 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-13 13:30 - 2009-07-14 06:45 - 00498832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 13:28 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 01:04 - 2012-02-23 23:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 00:54 - 2012-02-25 14:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-04 20:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 22:53 - 2013-07-03 22:36 - 00009228 _____ C:\Windows\IE10_main.log
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-29 19:48 - 2012-02-23 22:57 - 00000000 ____D C:\ProgramData\tmp
2013-06-23 18:29 - 2012-11-30 17:42 - 00001334 _____ C:\Users\Public\Desktop\Saturn Fotoservice.lnk
2013-06-22 19:02 - 2011-11-20 08:19 - 00000224 _____ C:\WifiInfo.ini.enc
2013-06-16 17:05 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-16 17:05 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 22:26

==================== End Of Log ============================
         
--- --- ---

Alt 18.07.2013, 08:11   #9
schrauber
/// the machine
/// TB-Ausbilder
 

QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.07.2013, 21:35   #10
TorpedoMoska
 
QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



Combofix
Code:
ATTFilter
ComboFix 13-07-18.04 - xxx 18.07.2013  21:24:11.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8096.5958 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68ADA97B-ADA9-428A-8BF8-3F07B320F635}.xps
c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WsysSvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-18 bis 2013-07-18  ))))))))))))))))))))))))))))))
.
.
2013-07-18 19:39 . 2013-07-18 19:39	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-07-18 19:39 . 2013-07-18 19:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-18 19:14 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5001AA8A-2356-4D04-A5DE-B9881CA87E62}\mpengine.dll
2013-07-18 15:45 . 2013-07-18 15:45	--------	d-----w-	c:\program files (x86)\LyricsContainer
2013-07-16 20:52 . 2013-07-16 20:52	--------	d-----w-	C:\FRST
2013-07-14 15:07 . 2013-07-14 15:07	--------	d-----w-	c:\users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 15:06 . 2013-07-14 15:06	--------	d-----w-	c:\programdata\Malwarebytes
2013-07-14 15:06 . 2013-07-14 15:06	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-14 15:06 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-07-14 15:06 . 2013-07-14 15:06	--------	d-----w-	c:\users\xxx\AppData\Local\Programs
2013-07-13 23:13 . 2011-06-10 23:15	829264	----a-w-	c:\windows\system32\msvcr100.dll
2013-07-13 23:13 . 2011-06-10 23:15	608080	----a-w-	c:\windows\system32\msvcp100.dll
2013-07-13 23:13 . 2013-07-13 23:13	--------	d-----w-	c:\users\xxx\Qtrax
2013-07-13 23:12 . 2013-07-13 23:13	--------	d-----w-	c:\program files (x86)\Plus-HD-1.6
2013-07-13 14:15 . 2013-07-13 14:15	--------	d-----w-	c:\users\xxx\AppData\Roaming\NCH Software
2013-07-13 14:15 . 2013-07-13 14:15	--------	d-----w-	c:\programdata\NCH Software
2013-07-13 14:14 . 2013-07-13 14:15	--------	d-----w-	c:\program files (x86)\NCH Software
2013-07-13 14:08 . 2013-07-14 21:00	--------	d-----w-	c:\users\xxx\AppData\Roaming\WebCake
2013-07-13 14:08 . 2013-07-14 20:58	--------	d-----w-	c:\programdata\Tarma Installer
2013-07-13 14:08 . 2013-07-18 19:11	--------	d-----w-	c:\programdata\eSafe
2013-07-13 14:08 . 2013-07-13 14:08	--------	d-----w-	c:\users\xxx\AppData\Roaming\eIntaller
2013-07-13 14:08 . 2013-07-13 14:08	--------	d-----w-	c:\users\xxx\AppData\Roaming\Dealply
2013-07-13 14:07 . 2013-07-13 14:07	--------	d-----w-	c:\program files (x86)\DealPly
2013-07-13 14:07 . 2013-07-14 15:33	--------	d-----w-	c:\users\xxx\AppData\Local\SwvUpdater
2013-07-12 22:26 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-12 22:26 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-12 22:26 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-12 22:26 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-12 22:26 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-12 22:26 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-12 22:26 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 22:26 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-12 22:26 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-12 22:26 . 2013-05-06 06:03	1887744	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-12 22:26 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-12 22:25 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-12 22:25 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 22:25 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-12 22:25 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 22:25 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 22:25 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 22:24 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-12 22:24 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 19:40 . 2011-11-20 06:09	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-07-12 22:54 . 2012-02-25 12:39	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 18:28 . 2013-02-23 14:30	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 18:28 . 2012-02-28 14:40	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 19:35 . 2012-07-17 13:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-13 19:02	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 19:02	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 19:02	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 19:02	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 19:02	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 19:02	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 19:02	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-13 19:02	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 19:02	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 19:02	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-13 19:02	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 19:02	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-13 19:02	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2012-02-26 09:37	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-13 19:02	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-13 19:02	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-13 19:02	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}]
2013-07-13 23:13	752488	----a-w-	c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DA3D98A6-868D-4E1B-BB78-0887230DA405}]
2013-07-16 22:40	134144	----a-w-	c:\program files (x86)\LyricsContainer\122.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-02 17:06	220632	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-02 17:06	220632	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-02 17:06	220632	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-27 39408]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-05-25 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ACPW05DE"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-31 206448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2011-11-20 12862]
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
TwonkyServer.lnk - c:\program files (x86)\Twonky\TwonkyServer\twonkytray.exe [2012-10-22 1135432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/19 22:04;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\SIONExportService.exe;c:\asus.sys\SIONExportService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [x]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [x]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-15 00:49	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 18:28]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 14:19]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 14:19]
.
2013-07-18 c:\windows\Tasks\LyricsContainer Update.job
- c:\program files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-07-16 22:40]
.
2013-07-18 c:\windows\Tasks\Plus-HD-1.6-chromeinstaller.job
- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-13 23:12]
.
2013-07-18 c:\windows\Tasks\Plus-HD-1.6-codedownloader.job
- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-13 23:12]
.
2013-07-18 c:\windows\Tasks\Plus-HD-1.6-enabler.job
- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-13 23:13]
.
2013-07-18 c:\windows\Tasks\Plus-HD-1.6-updater.job
- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-13 23:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-02 17:06	244696	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-02 17:06	244696	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-02 17:06	244696	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02 Microsoft Outlook 2010.lnk - c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.032"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.abr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ani"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.apd"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.arw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bay"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bmp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cr2"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.crw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cs1"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cur"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dcr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dcx"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dib"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djv"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djvu"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dng"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.emf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.eps"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.erf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fff"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fpx"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.gif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.hdr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icl"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icn"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ico"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ilbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.int"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.inta"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iw4"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2c"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2k"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jbr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jfif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jp2"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpc"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpe"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpeg"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpg"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpk"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpx"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kdc"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.lbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mef"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mos"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mrw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.nef"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.nrw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.orf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pcd"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pct"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pcx"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pef"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pgm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pic"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pict"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pix"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.png"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ppm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.psd"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.psp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspbrush"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspimage"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.raf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.raw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgb"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgba"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rle"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rsb"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rw2"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rwl"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sgi"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sr2"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tga"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.thm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tiff"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ttc"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ttf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wbmp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wmf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-18  21:55:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-18 19:55
.
Vor Suchlauf: 14 Verzeichnis(se), 219.399.634.944 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 220.152.819.712 Bytes frei
.
- - End Of File - - D55EA4D6CADFCE2C586D6970B6B70645
D41D8CD98F00B204E9800998ECF8427E
         

Alt 19.07.2013, 10:41   #11
schrauber
/// the machine
/// TB-Ausbilder
 

QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.07.2013, 12:07   #12
TorpedoMoska
 
QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



ADW Cleaner [S1]
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 19/07/2013 um 12:11:37 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Gelöscht : C:\Windows\Tasks\LyricsContainer Update.job
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\LyricsContainer
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Ordner Gelöscht : C:\Users\xxx\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\WebCake

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311201102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lyrics@LyricsContainer.co
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21} --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [6375 octets] - [19/07/2013 12:11:37]

########## EOF - C:\AdwCleaner[S1].txt - [6435 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x64
Ran by xxx on 19.07.2013 at 12:19:26,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458-90e7-1ecb97406544}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2013 at 12:36:37,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST 19.07.13

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by xxx (administrator) on 19-07-2013 12:59:27
Running from C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Splashtop Inc.) C:\ASUS.SYS\SIONExportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-27] (Google Inc.)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKLM-x32\...\Run: [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ACPW05DE] - "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE [822384 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-06-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk
ShortcutTarget: TwonkyServer.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LyricsContainer - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\122.dll No File
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - hxxp://www.google.de/search?q={searchTerms}
CHR DefaultSuggestURL: (Google) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Plus-HD-1.6) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0
CHR Extension: (Anti-Banner) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [249856 2011-02-15] ()
R2 Splashtop MDES; C:\ASUS.SYS\SIONExportService.exe [338208 2011-05-11] (Splashtop Inc.)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [770888 2012-10-22] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [557896 2012-10-22] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [283464 2012-10-22] ()

==================== Drivers (Whitelisted) ====================

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-10-08] (Marvell Semiconductor, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-19 12:40 - 2013-07-19 12:40 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-19 12:36 - 2013-07-19 12:36 - 00001081 _____ C:\Users\xxx\Desktop\JRT.txt
2013-07-19 12:19 - 2013-07-19 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 12:18 - 2013-07-19 12:08 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-19 12:11 - 2013-07-19 12:12 - 00006488 _____ C:\AdwCleaner[S1].txt
2013-07-19 12:11 - 2013-07-19 12:06 - 00662345 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-07-19 12:04 - 2013-07-19 12:04 - 00277440 _____ C:\Users\xxx\Downloads\Setup.exe
2013-07-18 21:56 - 2013-07-18 21:56 - 00050429 _____ C:\ComboFix.txt
2013-07-18 21:21 - 2013-07-18 21:56 - 00000000 ____D C:\ComboFix
2013-07-18 17:50 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-18 17:50 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-18 17:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-18 17:42 - 2013-07-18 21:56 - 00000000 ____D C:\Qoobox
2013-07-18 17:42 - 2013-07-18 21:51 - 00000000 ____D C:\Windows\erdnt
2013-07-18 17:41 - 2013-07-18 21:20 - 05091168 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-07-17 21:48 - 2013-07-17 13:30 - 01778209 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-16 22:55 - 2013-07-16 22:55 - 00055548 _____ C:\Users\xxx\Downloads\FRST.txt
2013-07-16 22:54 - 2013-07-16 22:55 - 00025805 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:32 - 2013-07-15 20:03 - 00000000 ____D C:\Users\xxx\Desktop\Anti-Malware
2013-07-15 19:31 - 2013-07-15 13:38 - 00377856 _____ C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe
2013-07-14 23:20 - 2013-07-15 02:57 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 17:05 - 2013-07-14 17:06 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-14 01:13 - 2013-07-19 12:39 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-14 01:13 - 2013-07-19 12:39 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-14 01:13 - 2013-07-19 12:39 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-14 01:13 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-14 01:12 - 2013-07-19 12:39 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-14 01:12 - 2013-07-14 01:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\xxx\Desktop\FLVMPlayer.exe
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:14 - 2013-07-13 16:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\xxx\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 00:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 00:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 00:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 00:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 00:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 00:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 00:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 00:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 00:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 00:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 00:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 22:36 - 2013-07-03 22:53 - 00009228 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-19 12:51 - 2012-02-28 19:10 - 00000177 ____H C:\dvmexp.idx
2013-07-19 12:51 - 2012-02-27 16:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-19 12:49 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 12:49 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 12:45 - 2011-11-20 07:32 - 01277181 _____ C:\Windows\WindowsUpdate.log
2013-07-19 12:44 - 2013-02-24 19:29 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-07-19 12:41 - 2012-02-25 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-19 12:40 - 2013-07-19 12:40 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-19 12:40 - 2012-02-22 19:34 - 00000000 ___HD C:\ASUS.DAT
2013-07-19 12:39 - 2013-07-14 01:13 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-19 12:39 - 2013-07-14 01:13 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-19 12:39 - 2013-07-14 01:13 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-19 12:39 - 2013-07-14 01:12 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-19 12:39 - 2012-02-27 16:19 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-19 12:39 - 2011-11-20 08:09 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-19 12:39 - 2011-11-20 07:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-19 12:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 12:39 - 2009-07-14 06:51 - 00105966 _____ C:\Windows\setupact.log
2013-07-19 12:36 - 2013-07-19 12:36 - 00001081 _____ C:\Users\xxx\Desktop\JRT.txt
2013-07-19 12:28 - 2013-02-23 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 12:19 - 2013-07-19 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 12:12 - 2013-07-19 12:11 - 00006488 _____ C:\AdwCleaner[S1].txt
2013-07-19 12:11 - 2012-02-22 19:35 - 00001005 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-19 12:08 - 2013-07-19 12:18 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-19 12:06 - 2013-07-19 12:11 - 00662345 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-07-19 12:04 - 2013-07-19 12:04 - 00277440 _____ C:\Users\xxx\Downloads\Setup.exe
2013-07-18 21:56 - 2013-07-18 21:56 - 00050429 _____ C:\ComboFix.txt
2013-07-18 21:56 - 2013-07-18 21:21 - 00000000 ____D C:\ComboFix
2013-07-18 21:56 - 2013-07-18 17:42 - 00000000 ____D C:\Qoobox
2013-07-18 21:56 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-18 21:52 - 2012-02-22 19:35 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-18 21:51 - 2013-07-18 17:42 - 00000000 ____D C:\Windows\erdnt
2013-07-18 21:48 - 2009-07-14 04:34 - 00000248 _____ C:\Windows\system.ini
2013-07-18 21:40 - 2011-04-13 03:39 - 00371926 _____ C:\Windows\PFRO.log
2013-07-18 21:40 - 2009-07-14 04:34 - 88342528 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 19660800 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-18 21:20 - 2013-07-18 17:41 - 05091168 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-07-18 21:17 - 2012-03-04 19:43 - 00000000 ____D C:\Users\xxx\Outlook-Dateien
2013-07-18 21:17 - 2012-03-04 19:43 - 00000000 ____D C:\Users\xxx\Outlook-Dateien
2013-07-17 13:30 - 2013-07-17 21:48 - 01778209 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-16 22:55 - 2013-07-16 22:55 - 00055548 _____ C:\Users\xxx\Downloads\FRST.txt
2013-07-16 22:55 - 2013-07-16 22:54 - 00025805 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-16 22:46 - 2012-02-27 16:19 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 22:46 - 2012-02-27 16:19 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-16 21:30 - 2012-02-22 19:34 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\VirtualStore
2013-07-15 20:03 - 2013-07-15 19:32 - 00000000 ____D C:\Users\xxx\Desktop\Anti-Malware
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2012-02-22 19:34 - 00000000 ___RD C:\Users\xxx
2013-07-15 19:32 - 2011-02-19 06:24 - 00665812 _____ C:\Windows\system32\perfh007.dat
2013-07-15 19:32 - 2011-02-19 06:24 - 00133992 _____ C:\Windows\system32\perfc007.dat
2013-07-15 19:32 - 2009-07-14 07:13 - 01529502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 13:38 - 2013-07-15 19:31 - 00377856 _____ C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe
2013-07-15 02:57 - 2013-07-14 23:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 23:17 - 2012-02-23 21:19 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\Google
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-07-14 17:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 16:09 - 2011-11-20 07:55 - 00001574 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-14 16:08 - 2011-11-20 07:55 - 00002532 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-14 01:14 - 2012-02-24 12:14 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\CrashDumps
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\xxx\Desktop\FLVMPlayer.exe
2013-07-13 17:00 - 2012-02-23 22:48 - 00203776 _____ C:\Users\SIEMER~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:15 - 2013-07-13 16:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\xxx\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 13:30 - 2009-07-14 06:45 - 00498832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 13:28 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 01:04 - 2012-02-23 23:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 00:54 - 2012-02-25 14:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-04 20:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 22:53 - 2013-07-03 22:36 - 00009228 _____ C:\Windows\IE10_main.log
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-29 19:48 - 2012-02-23 22:57 - 00000000 ____D C:\ProgramData\tmp
2013-06-23 18:29 - 2012-11-30 17:42 - 00001334 _____ C:\Users\Public\Desktop\Saturn Fotoservice.lnk
2013-06-22 19:02 - 2011-11-20 08:19 - 00000224 _____ C:\WifiInfo.ini.enc

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 22:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Addition 19.7.13
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by xxx at 2013-07-19 13:00:36
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
ACDSee Pro 5 (x32 Version: 5.2.157)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
akeLink
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443)
Anti-Twin (Installation 23.03.2012) (x32)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0)
ASUS AI Recovery (x32 Version: 1.0.24)
ASUS FancyStart (x32 Version: 1.1.1)
ASUS LifeFrame3 (x32 Version: 3.0.22)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Music Maker (x32 Version: 17.0.2.22)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS USB Charger Plus (x32 Version: 2.0.3)
ASUS Video Magic (x32 Version: 6.0.4710)
ASUS Virtual Camera (x32 Version: 1.0.21)
AsusScr_N5_En (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.4.617)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.4.2.3442)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDirector (x32 Version: 8.0.3327)
CyberLink PowerDVD 10 (x32 Version: 10.0.3122.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ElsterFormular (x32 Version: 13.4.1.10296)
Fast Boot (Version: 1.0.9)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0)
Fotogalerie (x32 Version: 16.4.3505.0912)
FreeCommander 2009.02b (x32 Version: 2009.02)
Galeria de Fotografias (x32 Version: 16.4.3505.0912)
Galería de fotos (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Gigaset QuickSync (Version: 8.0.0856.1)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService (x32 Version: 001.001.0.0)
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0)
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1)
HPSSupply (x32 Version: 2.1.1.0000)
InstantOn for NB (x32 Version: 2.1.2)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2405)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
iTunes (Version: 10.6.0.40)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Movie Maker (x32 Version: 16.4.3505.0912)
Mp3tag v2.50 (x32 Version: v2.50)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Now! (x32 Version: 1.0.9.0)
Nikon Message Center (x32 Version: 0.92.000)
Nikon Transfer (x32 Version: 1.1.1)
NVIDIA 3D Vision Driver 268.74 (Version: 268.74)
NVIDIA Control Panel 268.74 (Version: 268.74)
NVIDIA Graphics Driver 268.74 (Version: 268.74)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6874)
NVIDIA Update Components (Version: 1.0.23)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Photomatix Essentials 64-bit version 3.1.1 (Version: 3.1.1)
Picasa 3 (x32 Version: 3.8)
Plus-HD-1.6 (x32 Version: 1.27.153.8)
Prism Videodatei-Konverter (x32)
Qtrax (HKCU Version: 20.13.06.24)
Qtrax Player (HKCU)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413)
Revo Uninstaller 1.93 (x32 Version: 1.93)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Saturn Fotoservice (x32 Version: 5.0.4)
SonicMaster (x32 Version: 1.0.0.4)
streamWriter (x32)
Synaptics Pointing Device Driver (Version: 15.3.6.0)
syncables desktop SE (x32 Version: 5.5.746.11492)
Twonky 7 (x32 Version: 7.1.2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VideoPad Videobearbeitungs-Software (x32)
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Live 程式集 (x32 Version: 16.4.3505.0912)
WinFlash (x32 Version: 2.31.1)
Wireless Console 3 (x32 Version: 3.0.19)
Wsys Control 1.0.0.2539 (x32 Version: 1.0.0.2539)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912)
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912)
Почта Windows Live (x32 Version: 16.4.3505.0912)
Фотоальбом (x32 Version: 16.4.3505.0912)
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912)
גלריית התמונות (x32 Version: 16.4.3505.0912)
بريد Windows Live (x32 Version: 16.4.3505.0912)
معرض الصور (x32 Version: 16.4.3505.0912)
影像中心 (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

03-07-2013 13:24:35 Windows Update
03-07-2013 20:35:30 Windows Update
12-07-2013 22:24:58 Windows Update
12-07-2013 22:38:00 Windows Update
14-07-2013 21:24:29 Removed Internet Explorer Toolbar 4.9 by SweetPacks
18-07-2013 15:51:09 ComboFix created restore point
18-07-2013 19:12:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-18 21:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18387617-6EB2-4EF7-8A9F-68E875C70382} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-14] (Plus HD)
Task: {1D667096-8482-4EA4-8A91-567CE3E5D246} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {1DA69E7F-EDCB-499B-82DF-5C78D95CB117} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {42DEA711-8B2F-4861-A18D-2CF9AEC5CDE0} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.)
Task: {488C007D-FF73-44AE-A398-F3D95FF06464} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {504216D4-8E67-441B-981C-8D77969D8638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {611C23BE-BB80-4822-8D96-590CFF7EB529} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {62E8CE4D-3FC6-4B08-96F9-B60B45E10802} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {6B777E35-5966-4345-B850-0365437A137B} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software)
Task: {6E94109F-2AF3-4419-A80B-C63B2B3DDAD9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {7F0901EE-0C75-4B06-9AAC-E5F79D981AE5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File
Task: {7F2B3B36-39EE-4DBD-B605-A844A9F68A6D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {9C22813A-BF70-409A-9638-26AFAB8EBE57} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1038504468-1263906284-4239949246-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {9CCA9DB4-ACF2-4C0E-A89C-735E94390DFF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {9F907014-6D8A-40ED-AF2C-6D7FAC507E6E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe No File
Task: {A1B339F7-738C-410D-AE56-9F5555C4CCE8} - System32\Tasks\NCH Software\videopadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software)
Task: {B31C0C03-924E-4D49-AC4A-E928DF7ECDFD} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-14] (Plus HD)
Task: {C6B88561-4648-4249-9E00-431A2F0BCD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.)
Task: {CEBCBBC3-BB28-4A7B-94AD-30123FC978B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DBD9B0F2-9794-4B7F-A066-F6043D403F8E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-14] (Plus HD)
Task: {E9FE1CC5-0C9D-47B6-845D-DEE936689AF5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {EA6CA77E-0AD5-4F13-9A77-63ADA5B92841} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-14] (Plus HD)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/19/2013 00:44:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet.

Error: (07/19/2013 00:43:06 PM) (Source: DCOM) (User: )
Description: {30D49246-D217-465F-B00B-AC9DDD652EB7}

Error: (07/19/2013 00:40:38 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/19/2013 00:39:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-18 21:37:54.228
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-18 21:37:53.916
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 8096.05 MB
Available physical RAM: 6072.08 MB
Total Pagefile: 16190.29 MB
Available Pagefile: 14144.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:305.67 GB) (Free:204.3 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:367.97 GB) (Free:174.43 GB) NTFS (Disk=0 Partition=3)
Drive f: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=306 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
         

Alt 19.07.2013, 12:24   #13
schrauber
/// the machine
/// TB-Ausbilder
 

QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.07.2013, 14:30   #14
TorpedoMoska
 
QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bf53e6255294654686a0b56bcd643f4c
# engine=14457
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-19 06:09:14
# local_time=2013-07-19 08:09:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1284 16777214 100 98 25107 70905266 0 0
# compatibility_mode=5893 16776573 100 94 23861 125887204 0 0
# scanned=271840
# found=0
# cleaned=0
# scan_time=21676
         
SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Anti-Virus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST(3)

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by xxx (administrator) on 20-07-2013 15:18:36
Running from C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Splashtop Inc.) C:\ASUS.SYS\SIONExportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-27] (Google Inc.)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ACPW05DE] - "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE [822384 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-06-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk
ShortcutTarget: TwonkyServer.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK - Verknüpfung.lnk
ShortcutTarget: OUTLOOK - Verknüpfung.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.radiobremen.de/bremenvier/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LyricsContainer - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\122.dll No File
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - hxxp://www.google.de/search?q={searchTerms}
CHR DefaultSuggestURL: (Google) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Plus-HD-1.6) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0
CHR Extension: (Anti-Banner) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [249856 2011-02-15] ()
R2 Splashtop MDES; C:\ASUS.SYS\SIONExportService.exe [338208 2011-05-11] (Splashtop Inc.)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [770888 2012-10-22] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [557896 2012-10-22] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [283464 2012-10-22] ()

==================== Drivers (Whitelisted) ====================

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-10-08] (Marvell Semiconductor, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-20 14:52 - 2013-07-20 14:52 - 00861184 _____ (Microsoft Corporation) C:\Users\xxx\Downloads\IE10-Windows6.1-de-de.exe
2013-07-20 14:34 - 2013-07-20 14:34 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner (3)
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner (2)
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner
2013-07-19 12:19 - 2013-07-19 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 12:11 - 2013-07-19 12:12 - 00006488 _____ C:\AdwCleaner[S1].txt
2013-07-19 12:04 - 2013-07-19 12:04 - 00277440 _____ C:\Users\xxx\Downloads\Setup.exe
2013-07-18 21:56 - 2013-07-18 21:56 - 00050429 _____ C:\ComboFix.txt
2013-07-18 21:21 - 2013-07-18 21:56 - 00000000 ____D C:\ComboFix
2013-07-18 17:50 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-18 17:50 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-18 17:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-18 17:42 - 2013-07-18 21:56 - 00000000 ____D C:\Qoobox
2013-07-18 17:42 - 2013-07-18 21:51 - 00000000 ____D C:\Windows\erdnt
2013-07-17 21:48 - 2013-07-17 13:30 - 01778209 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-16 22:55 - 2013-07-16 22:55 - 00055548 _____ C:\Users\xxx\Downloads\FRST.txt
2013-07-16 22:54 - 2013-07-16 22:55 - 00025805 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:32 - 2013-07-15 20:03 - 00000000 ____D C:\Users\xxx\Desktop\Anti-Malware
2013-07-14 23:20 - 2013-07-15 02:57 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 17:05 - 2013-07-14 17:06 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-14 01:13 - 2013-07-20 14:33 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-14 01:13 - 2013-07-20 14:33 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-14 01:13 - 2013-07-20 14:33 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-14 01:13 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-14 01:12 - 2013-07-20 14:33 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-14 01:12 - 2013-07-14 01:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\xxx\Desktop\FLVMPlayer.exe
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:14 - 2013-07-13 16:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\xxx\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 00:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 00:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 00:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 00:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 00:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 00:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 00:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 00:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 00:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 00:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 00:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 22:36 - 2013-07-20 14:52 - 00010422 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-20 15:16 - 2012-02-28 19:10 - 00000177 ____H C:\dvmexp.idx
2013-07-20 15:14 - 2012-03-04 19:43 - 00000000 ____D C:\Users\xxx\Outlook-Dateien
2013-07-20 15:14 - 2012-03-04 19:43 - 00000000 ____D C:\Users\xxx\Outlook-Dateien
2013-07-20 14:56 - 2012-02-22 19:35 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-20 14:52 - 2013-07-20 14:52 - 00861184 _____ (Microsoft Corporation) C:\Users\xxx\Downloads\IE10-Windows6.1-de-de.exe
2013-07-20 14:52 - 2013-07-03 22:36 - 00010422 _____ C:\Windows\IE10_main.log
2013-07-20 14:51 - 2012-02-27 16:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 14:44 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 14:44 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 14:39 - 2013-02-24 19:29 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-07-20 14:35 - 2012-02-25 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-20 14:34 - 2013-07-20 14:34 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-20 14:34 - 2012-02-22 19:34 - 00000000 ___HD C:\ASUS.DAT
2013-07-20 14:33 - 2013-07-14 01:13 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-20 14:33 - 2013-07-14 01:13 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-20 14:33 - 2013-07-14 01:13 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-20 14:33 - 2013-07-14 01:12 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-20 14:33 - 2012-02-27 16:19 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-20 14:33 - 2011-11-20 08:09 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-20 14:33 - 2011-11-20 07:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-20 14:33 - 2011-04-13 03:39 - 00372760 _____ C:\Windows\PFRO.log
2013-07-20 14:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-20 14:33 - 2009-07-14 06:51 - 00106078 _____ C:\Windows\setupact.log
2013-07-19 22:53 - 2011-11-20 07:32 - 01382466 _____ C:\Windows\WindowsUpdate.log
2013-07-19 22:28 - 2013-02-23 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner (3)
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner (2)
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner
2013-07-19 12:19 - 2013-07-19 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 12:12 - 2013-07-19 12:11 - 00006488 _____ C:\AdwCleaner[S1].txt
2013-07-19 12:11 - 2012-02-22 19:35 - 00001005 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-19 12:04 - 2013-07-19 12:04 - 00277440 _____ C:\Users\xxx\Downloads\Setup.exe
2013-07-18 21:56 - 2013-07-18 21:56 - 00050429 _____ C:\ComboFix.txt
2013-07-18 21:56 - 2013-07-18 21:21 - 00000000 ____D C:\ComboFix
2013-07-18 21:56 - 2013-07-18 17:42 - 00000000 ____D C:\Qoobox
2013-07-18 21:56 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-18 21:51 - 2013-07-18 17:42 - 00000000 ____D C:\Windows\erdnt
2013-07-18 21:48 - 2009-07-14 04:34 - 00000248 _____ C:\Windows\system.ini
2013-07-18 21:40 - 2009-07-14 04:34 - 88342528 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 19660800 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-17 13:30 - 2013-07-17 21:48 - 01778209 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-16 22:55 - 2013-07-16 22:55 - 00055548 _____ C:\Users\xxx\Downloads\FRST.txt
2013-07-16 22:55 - 2013-07-16 22:54 - 00025805 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-16 22:46 - 2012-02-27 16:19 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 22:46 - 2012-02-27 16:19 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-16 21:30 - 2012-02-22 19:34 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\VirtualStore
2013-07-15 20:03 - 2013-07-15 19:32 - 00000000 ____D C:\Users\xxx\Desktop\Anti-Malware
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2012-02-22 19:34 - 00000000 ___RD C:\Users\xxx
2013-07-15 19:32 - 2011-02-19 06:24 - 00665812 _____ C:\Windows\system32\perfh007.dat
2013-07-15 19:32 - 2011-02-19 06:24 - 00133992 _____ C:\Windows\system32\perfc007.dat
2013-07-15 19:32 - 2009-07-14 07:13 - 01529502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 02:57 - 2013-07-14 23:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 23:17 - 2012-02-23 21:19 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\Google
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-07-14 17:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 16:09 - 2011-11-20 07:55 - 00001574 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-14 16:08 - 2011-11-20 07:55 - 00002532 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-14 01:14 - 2012-02-24 12:14 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\CrashDumps
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\xxx\Desktop\FLVMPlayer.exe
2013-07-13 17:00 - 2012-02-23 22:48 - 00203776 _____ C:\Users\SIEMER~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:15 - 2013-07-13 16:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\xxx\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 13:30 - 2009-07-14 06:45 - 00498832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 13:28 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 01:04 - 2012-02-23 23:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 00:54 - 2012-02-25 14:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-04 20:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-29 19:48 - 2012-02-23 22:57 - 00000000 ____D C:\ProgramData\tmp
2013-06-23 18:29 - 2012-11-30 17:42 - 00001334 _____ C:\Users\Public\Desktop\Saturn Fotoservice.lnk
2013-06-22 19:02 - 2011-11-20 08:19 - 00000224 _____ C:\WifiInfo.ini.enc

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 22:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition(3)
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by xxx at 2013-07-20 15:20:05
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
ACDSee Pro 5 (x32 Version: 5.2.157)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
akeLink
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443)
Anti-Twin (Installation 23.03.2012) (x32)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0)
ASUS AI Recovery (x32 Version: 1.0.24)
ASUS FancyStart (x32 Version: 1.1.1)
ASUS LifeFrame3 (x32 Version: 3.0.22)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Music Maker (x32 Version: 17.0.2.22)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS USB Charger Plus (x32 Version: 2.0.3)
ASUS Video Magic (x32 Version: 6.0.4710)
ASUS Virtual Camera (x32 Version: 1.0.21)
AsusScr_N5_En (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.4.617)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.4.2.3442)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDirector (x32 Version: 8.0.3327)
CyberLink PowerDVD 10 (x32 Version: 10.0.3122.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ElsterFormular (x32 Version: 13.4.1.10296)
Fast Boot (Version: 1.0.9)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0)
Fotogalerie (x32 Version: 16.4.3505.0912)
FreeCommander 2009.02b (x32 Version: 2009.02)
Galeria de Fotografias (x32 Version: 16.4.3505.0912)
Galería de fotos (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Gigaset QuickSync (Version: 8.0.0856.1)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService (x32 Version: 001.001.0.0)
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0)
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1)
HPSSupply (x32 Version: 2.1.1.0000)
InstantOn for NB (x32 Version: 2.1.2)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2405)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
iTunes (Version: 10.6.0.40)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Movie Maker (x32 Version: 16.4.3505.0912)
Mp3tag v2.50 (x32 Version: v2.50)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Now! (x32 Version: 1.0.9.0)
Nikon Message Center (x32 Version: 0.92.000)
Nikon Transfer (x32 Version: 1.1.1)
NVIDIA 3D Vision Driver 268.74 (Version: 268.74)
NVIDIA Control Panel 268.74 (Version: 268.74)
NVIDIA Graphics Driver 268.74 (Version: 268.74)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6874)
NVIDIA Update Components (Version: 1.0.23)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Photomatix Essentials 64-bit version 3.1.1 (Version: 3.1.1)
Picasa 3 (x32 Version: 3.8)
Plus-HD-1.6 (x32 Version: 1.27.153.8)
Prism Videodatei-Konverter (x32)
Qtrax (HKCU Version: 20.13.06.24)
Qtrax Player (HKCU)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413)
Revo Uninstaller 1.93 (x32 Version: 1.93)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Saturn Fotoservice (x32 Version: 5.0.4)
SonicMaster (x32 Version: 1.0.0.4)
streamWriter (x32)
Synaptics Pointing Device Driver (Version: 15.3.6.0)
syncables desktop SE (x32 Version: 5.5.746.11492)
Twonky 7 (x32 Version: 7.1.2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VideoPad Videobearbeitungs-Software (x32)
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Live 程式集 (x32 Version: 16.4.3505.0912)
WinFlash (x32 Version: 2.31.1)
Wireless Console 3 (x32 Version: 3.0.19)
Wsys Control 1.0.0.2539 (x32 Version: 1.0.0.2539)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912)
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912)
Почта Windows Live (x32 Version: 16.4.3505.0912)
Фотоальбом (x32 Version: 16.4.3505.0912)
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912)
גלריית התמונות (x32 Version: 16.4.3505.0912)
بريد Windows Live (x32 Version: 16.4.3505.0912)
معرض الصور (x32 Version: 16.4.3505.0912)
影像中心 (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

03-07-2013 13:24:35 Windows Update
03-07-2013 20:35:30 Windows Update
12-07-2013 22:24:58 Windows Update
12-07-2013 22:38:00 Windows Update
14-07-2013 21:24:29 Removed Internet Explorer Toolbar 4.9 by SweetPacks
18-07-2013 15:51:09 ComboFix created restore point
18-07-2013 19:12:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-18 21:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18387617-6EB2-4EF7-8A9F-68E875C70382} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-14] (Plus HD)
Task: {1D667096-8482-4EA4-8A91-567CE3E5D246} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {1DA69E7F-EDCB-499B-82DF-5C78D95CB117} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {42DEA711-8B2F-4861-A18D-2CF9AEC5CDE0} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.)
Task: {504216D4-8E67-441B-981C-8D77969D8638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {611C23BE-BB80-4822-8D96-590CFF7EB529} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {62E8CE4D-3FC6-4B08-96F9-B60B45E10802} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {6B777E35-5966-4345-B850-0365437A137B} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software)
Task: {6E5690FF-03D3-4DA7-84C8-B3819B2664B4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {6E94109F-2AF3-4419-A80B-C63B2B3DDAD9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {7F0901EE-0C75-4B06-9AAC-E5F79D981AE5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File
Task: {7F2B3B36-39EE-4DBD-B605-A844A9F68A6D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {9C22813A-BF70-409A-9638-26AFAB8EBE57} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1038504468-1263906284-4239949246-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {9CCA9DB4-ACF2-4C0E-A89C-735E94390DFF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {9F907014-6D8A-40ED-AF2C-6D7FAC507E6E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe No File
Task: {A1B339F7-738C-410D-AE56-9F5555C4CCE8} - System32\Tasks\NCH Software\videopadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software)
Task: {B31C0C03-924E-4D49-AC4A-E928DF7ECDFD} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-14] (Plus HD)
Task: {C6B88561-4648-4249-9E00-431A2F0BCD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.)
Task: {CEBCBBC3-BB28-4A7B-94AD-30123FC978B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DBD9B0F2-9794-4B7F-A066-F6043D403F8E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-14] (Plus HD)
Task: {E9FE1CC5-0C9D-47B6-845D-DEE936689AF5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {EA6CA77E-0AD5-4F13-9A77-63ADA5B92841} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-14] (Plus HD)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2013 10:41:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2013 02:04:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2013 02:04:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2013 02:03:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2013 02:03:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2013 01:54:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (07/20/2013 02:38:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet.

Error: (07/20/2013 02:38:17 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (07/20/2013 02:38:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.

Error: (07/20/2013 02:37:38 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (07/20/2013 02:33:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/19/2013 01:10:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.

Error: (07/19/2013 00:44:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet.

Error: (07/19/2013 00:43:06 PM) (Source: DCOM) (User: )
Description: {30D49246-D217-465F-B00B-AC9DDD652EB7}

Error: (07/19/2013 00:40:38 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/19/2013 00:39:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (07/19/2013 10:41:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/19/2013 02:04:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

Error: (07/19/2013 02:04:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

Error: (07/19/2013 02:03:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

Error: (07/19/2013 02:03:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\esetsmartinstaller_enu.exe

Error: (07/19/2013 01:54:54 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8


CodeIntegrity Errors:
===================================
  Date: 2013-07-18 21:37:54.228
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-18 21:37:53.916
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 8096.05 MB
Available physical RAM: 6156.37 MB
Total Pagefile: 16190.29 MB
Available Pagefile: 14162.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:305.67 GB) (Free:197.07 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:367.97 GB) (Free:174.43 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=306 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Hallo Schrauber,
es funktioniert wieder alles normal. Ich hoffe, es bleibt so !
Ganz herzlichen Dank für Deine Hilfe !!!
Ich werde jetzt mal aufräumen, mich dann dem Thema Donation und dann dem Thema "Wie sichere meinen Rechner besser ab?" zuwenden.

Alt 20.07.2013, 20:01   #15
schrauber
/// the machine
/// TB-Ausbilder
 

QVO6.COM wird durch MS IE immer aufgerufen - Standard

QVO6.COM wird durch MS IE immer aufgerufen



Flash und Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu QVO6.COM wird durch MS IE immer aufgerufen
.com, addons, bereits, durchgeführt, eingefangen, erfolg, gefangen, gefunde, gen, hoffe, installier, installiert, neu, problem, qvo6.com, scan, seite, startseite, troja, trojaner, trojaner eingefangen, verdächtige, zu lang



Ähnliche Themen: QVO6.COM wird durch MS IE immer aufgerufen


  1. Programm wird andauernd minimiert durch "Suchergebnisse" + Firefox springt immer auf Startseite zurück
    Log-Analyse und Auswertung - 23.12.2014 (7)
  2. Win7 wird immer langsamer und Norton wird ab und an doppelt autogestartet
    Log-Analyse und Auswertung - 17.10.2014 (9)
  3. WIN 8 feed.helperbar.com wird ständig aufgerufen
    Log-Analyse und Auswertung - 03.05.2014 (9)
  4. Windows wird einfach beendet, Computer wird immer langsamer.....
    Log-Analyse und Auswertung - 21.04.2014 (5)
  5. Wsys Control, Bonanza Deals und qvo6 durch einen Player eingefangen. Browser laufen nicht mehr richtig.
    Log-Analyse und Auswertung - 30.10.2013 (11)
  6. Windows 7 -> Chrome geht nach Trojanermeldung immer über http://www.qvo6.com . . . .
    Log-Analyse und Auswertung - 28.10.2013 (17)
  7. Windows Vista, PC wird immer langsamer, CPU immer hoch, Malwarebytes Anti-Malware Funde
    Log-Analyse und Auswertung - 15.08.2013 (13)
  8. QVO6, Google-Site wird nicht richtig angezeigt, Rechner verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (2)
  9. Internet Turbo Toolbar und Browsermanipulation durch Qvo6 Suchmaschine
    Log-Analyse und Auswertung - 17.05.2013 (9)
  10. Komplettes System friert bei mehreren Browsern ein, sobald ebay-log-in-Seite aufgerufen wird.
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (18)
  11. TR/Spy.59392.133 wird immer und immer wieder gefunden...
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (11)
  12. Hilfe, mein Rechner wird immer langsamer seitdem ich bei Facebook Stalker Profil aufgerufen habe.
    Log-Analyse und Auswertung - 14.05.2011 (15)
  13. Laptop wird immer langsamer, es treten immer neue Probleme auf
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (17)
  14. Papierkorb wird immer aufgerufen egal was ich starte!
    Plagegeister aller Art und deren Bekämpfung - 20.01.2010 (1)
  15. pc wird immer geblockt durch windows sicherheits center
    Plagegeister aller Art und deren Bekämpfung - 22.12.2009 (2)
  16. automatisches Hintergrundbild wird bei start aufgerufen
    Plagegeister aller Art und deren Bekämpfung - 17.02.2005 (7)
  17. Spyblocs Seite wird ständig aufgerufen!!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2004 (11)

Zum Thema QVO6.COM wird durch MS IE immer aufgerufen - Hallo, sieht so aus, als hätte ich mir einen Trojaner eingefangen :-( MS IE ruft immer die Seite QVO6.COM auf. Chrome habe ich neu installiert und das Problem war weg. - QVO6.COM wird durch MS IE immer aufgerufen...
Archiv
Du betrachtest: QVO6.COM wird durch MS IE immer aufgerufen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.