Massenemails über meinen Account, Trojaner oder Virus auf dem Rechner?

asparagus · 20.08.2013, 11:58

Hallo zusammen!
Ich habe leider ein recht mühseliges, zumindest für mich, Problem.

Ich bekam am Samstag eine automatisiere Mail von T-Online, dass mein Account Massen-E-Mails versendet und daher gesperrt wurde. In der Mail wurde darauf hingewiesen, dass ich den Account wieder freischalten kann, davor aber meinen Rechner gründlich auf Viren, Trojaner, etc. untersuchen müsste und dann sämtliche Passwörter (am Besten auf einem anderen, völlig virenfreien Rechner) ändern müsste.

Ich habe die Mails, deren Zustellungsfehlermeldungen ich erhielt (ca. 3.500!) bis auf die erste und letzte Mail gelöscht und mich dann auf die Suche nach Trojanern oder Viren gemacht.

Sollte noch erwähnen, dass bei mir GData-Antivirus im Hintergrund läuft und weder Viren noch sonstige Schädlinge bis jetzt gemeldet hat. Virensignaturen und Progamm wird bei dem ersten Hinweis immer gleich aktualisiert, bzw. Virensignaturen werden automatisch alle Stunde geladen.

Zuerst habe ich mit Malwarebytes Anti-Malware auf die Suche begeben und einen vollständigen Suchlauf gemacht ...

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.19.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
RA :: RA-PC [Administrator]

19.08.2013 16:45:53
MBAM-log-2013-08-20 (01-05-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|O:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 1285058
Laufzeit: 7 Stunde(n), 52 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
O:\[[     LAUFWERKE    ]]\[[   PROGRAMME   ]]\PDF Password Remover v3.0\pdfdecrypt.exe (PUP.PDFPasswordRemover) -> Keine Aktion durchgeführt.

(Ende)

Die gefundene Datei habe ich samt Ordner, also PDF Password Remover v3.0 direkt gelöscht. (Drag&Drop mit gedrückter SHIFT-Taste auf den Papierkorb) Der Spaß hat schon fast 8 Stunden gedauert, alleine das finde ich schon total ermüdend... :-)

Danach habe ich SUPERAntiSpywarePro drüberlaufen lassen, hier wurden 12 Cookies gefunden, die ich gelöscht habe. Leider habe ich davon kein Log, oder wird das irgendwo automatisch noch gespeichert?
Dann habe ich eben noch den Trojan Remover 6.8.8 laufen lassen, der mir nur 2 Dateien Adobe CS5 Updater und Adobe CS6 Updater genannt hat, die ich ebenfalls wieder händisch gelöscht habe, da die beiden Programmversionen gar nicht mehr installiert sind.

Danach habe ich eben, wie von euch hier angegeben, Random's System Information Tool laufen lassen, mit folgenden zwei Logs
log.txt
RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.09 (written by random/random)
Run by RA at 2013-08-20 12:09:28
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 115 GB (38%) free of 305 GB
Total RAM: 4094 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:09:33, on 20.08.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
C:\Users\RA\Desktop\Scan\2\RSIT.exe
C:\Program Files (x86)\trend micro\RA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [G Data ASM] "C:\Program Files (x86)\G Data\AntiVirus\DelayLoader\AutorunDelayLoader.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [FMCore.exe] "C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" -standalone
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [iFunBoxConnector] "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe"
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = RA\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
O4 - Global Startup: FreeStyle Auto-Assist.lnk = C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DisplayFusionService - Binary Fortress Software - C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 13764 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job

=========Mozilla firefox=========

ProfilePath - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "www.google.de|hxxp://www.creative-nonstop.com/|hxxp://www.existenzgruender.de/selbstaendigkeit/vorbereitung/index.php|hxxp://www.s354533063.website-start.de"

"web2pdfextension@web2pdf.adobedotcom"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detektor-Plug-In
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/MycameraPlugin]
"Description"=Canon MycameraPlugin
"Path"=C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeExManDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll


C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\extensions\
isreaditlater@ideashower.com
sparpilot@sparpilot.com
{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
{e001c731-5e37-4538-a5cb-8168736a2360}
{E0B8C461-F8FB-49b4-8373-FE32E9252800}

C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\searchplugins\
rapidshare-filefinder.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-24 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-07-23 587104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-24 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"G Data ASM"=C:\Program Files (x86)\G Data\AntiVirus\DelayLoader\AutorunDelayLoader.exe [2013-02-25 472016]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2013-08-08 2236816]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2012-12-18 3478752]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-05-31 152392]
"G Data AntiVirus Tray"=C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [2013-02-25 1444304]
"TrojanScanner"=C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2013-07-19 1655568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"FMCore.exe"=C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe [2011-10-27 9211392]
"DisplayFusion"=C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2013-04-26 7283072]
"iFunBoxConnector"=C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [2013-04-23 812544]
"AirVideoServer"=C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [2012-07-20 4935112]
"Spotify Web Helper"=C:\Users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-06-26 1104384]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-08-15 6581488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe [2013-07-03 814472]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FreeStyle Auto-Assist.lnk - C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\RA\AppData\Roaming\Dropbox\bin\Dropbox.exe
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
EvernoteTray.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec32.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2013-08-20 12:09:28 ----D---- C:\rsit
2013-08-20 12:09:28 ----D---- C:\Program Files (x86)\trend micro
2013-08-20 11:49:27 ----D---- C:\Users\RA\AppData\Roaming\Simply Super Software
2013-08-20 11:49:12 ----D---- C:\ProgramData\Simply Super Software
2013-08-20 11:49:11 ----D---- C:\Program Files (x86)\Trojan Remover
2013-08-20 01:07:59 ----D---- C:\Users\RA\AppData\Roaming\SUPERAntiSpyware.com
2013-08-20 01:07:34 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2013-08-19 16:44:14 ----D---- C:\Users\RA\AppData\Roaming\Malwarebytes
2013-08-19 16:43:53 ----D---- C:\ProgramData\Malwarebytes
2013-08-19 16:43:52 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-15 19:54:41 ----A---- C:\Windows\SysWOW64\ieui.dll
2013-08-15 19:54:40 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 19:54:40 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 19:54:40 ----A---- C:\Windows\SysWOW64\iesetup.dll
2013-08-15 19:54:40 ----A---- C:\Windows\SysWOW64\iernonce.dll
2013-08-15 19:54:39 ----A---- C:\Windows\SysWOW64\iertutil.dll
2013-08-15 19:54:38 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 19:54:37 ----A---- C:\Windows\SysWOW64\jscript.dll
2013-08-15 19:54:36 ----A---- C:\Windows\SysWOW64\urlmon.dll
2013-08-15 19:54:36 ----A---- C:\Windows\SysWOW64\jscript9.dll
2013-08-15 19:54:34 ----A---- C:\Windows\SysWOW64\wininet.dll
2013-08-15 19:54:34 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 19:54:32 ----A---- C:\Windows\SysWOW64\ieframe.dll
2013-08-15 19:54:27 ----A---- C:\Windows\SysWOW64\mshtml.dll
2013-08-15 19:39:23 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 19:39:18 ----A---- C:\Windows\SysWOW64\wintrust.dll
2013-08-15 19:39:18 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 19:39:18 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 19:39:18 ----A---- C:\Windows\SysWOW64\crypt32.dll
2013-08-15 19:39:00 ----A---- C:\Windows\SysWOW64\tzres.dll
2013-08-15 19:38:47 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 19:38:47 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 19:38:46 ----A---- C:\Windows\SysWOW64\ntdll.dll
2013-08-15 19:38:45 ----A---- C:\Windows\SysWOW64\wow32.dll
2013-08-15 19:38:45 ----A---- C:\Windows\SysWOW64\user.exe
2013-08-15 19:38:45 ----A---- C:\Windows\SysWOW64\setup16.exe
2013-08-15 19:38:45 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 19:38:45 ----A---- C:\Windows\SysWOW64\instnm.exe
2013-08-15 19:38:36 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-03 23:28:54 ----D---- C:\Program Files (x86)\SetEdit8500
2013-08-02 18:51:34 ----D---- C:\Users\RA\AppData\Roaming\Google
2013-08-02 18:26:19 ----D---- C:\ProgramData\Google
2013-08-02 18:26:01 ----D---- C:\Program Files (x86)\Google
2013-08-02 17:13:26 ----D---- C:\Users\RA\AppData\Roaming\WinFellow
2013-07-29 23:23:14 ----D---- C:\Users\RA\AppData\Roaming\WTablet
2013-07-26 09:43:11 ----D---- C:\Program Files (x86)\Common Files\G Data
2013-07-26 09:36:57 ----D---- C:\Program Files (x86)\TabletPlugins
2013-07-26 09:36:39 ----A---- C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2013-07-26 09:36:38 ----A---- C:\Windows\SysWOW64\Wintab32.dll
2013-07-26 09:36:38 ----A---- C:\Windows\SysWOW64\WacomMT.dll
2013-07-26 09:36:38 ----A---- C:\Windows\SysWOW64\Wacom_Tablet.dll
2013-07-25 21:09:41 ----D---- C:\Windows\pss
2013-07-22 09:38:22 ----D---- C:\ProgramData\RIBS
2013-07-10 22:31:31 ----A---- C:\Windows\SysWOW64\qedit.dll
2013-07-10 22:28:01 ----A---- C:\Windows\SysWOW64\DWrite.dll
2013-07-09 13:32:50 ----SHD---- C:\Windows\ftpcache
2013-06-26 12:02:03 ----D---- C:\Users\RA\AppData\Roaming\Spotify
2013-06-24 09:05:34 ----A---- C:\Windows\SysWOW64\javaws.exe
2013-06-24 09:05:31 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 09:05:31 ----A---- C:\Windows\SysWOW64\javaw.exe
2013-06-24 09:05:31 ----A---- C:\Windows\SysWOW64\java.exe
2013-06-21 10:54:47 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-21 10:54:47 ----D---- C:\Program Files (x86)\iTunes
2013-06-17 20:15:07 ----D---- C:\Program Files (x86)\RescuePRO
2013-06-17 09:06:37 ----D---- C:\Program Files (x86)\PhotoRescue PC v3.3.2.13314
2013-06-17 08:33:23 ----D---- C:\Program Files (x86)\ZAR
2013-06-12 16:23:41 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-12 16:23:41 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-12 16:23:40 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll
2013-06-12 16:23:39 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-12 16:23:37 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-12 16:23:37 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll
2013-06-12 16:23:35 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll
2013-06-12 16:23:34 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll
2013-06-12 16:23:33 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll
2013-06-12 16:23:33 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-06-12 16:23:31 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll
2013-06-12 16:23:31 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-06-12 16:23:29 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2013-06-12 16:23:27 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll
2013-06-12 16:23:25 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-06-12 16:23:23 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2013-06-12 16:23:23 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll
2013-06-12 16:23:22 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-12 16:23:20 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2013-06-12 16:23:18 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2013-06-12 16:23:18 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-06-12 16:23:16 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2013-06-12 16:23:15 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2013-06-12 16:23:15 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-06-12 16:22:00 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2013-06-12 16:21:59 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-06-12 16:21:57 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2013-06-12 16:21:57 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-06-12 16:21:56 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2013-06-12 16:21:54 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2013-06-12 16:21:54 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-06-12 16:21:52 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2013-06-12 16:21:51 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-06-12 16:21:50 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2013-06-12 16:21:50 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-06-12 16:21:47 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2013-06-12 16:21:46 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2013-06-12 16:21:46 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-06-12 16:21:44 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2013-06-12 16:21:42 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2013-06-12 16:21:42 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-06-12 16:21:39 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2013-06-12 16:21:38 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-06-12 16:21:36 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2013-06-12 16:21:36 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-06-12 16:21:35 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2013-06-12 16:21:34 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2013-06-12 16:21:32 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2013-06-12 16:21:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-06-12 16:21:24 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2013-06-12 16:21:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-06-12 16:21:23 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2013-06-12 16:21:21 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2013-06-12 16:21:16 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2013-06-12 16:21:15 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-06-12 16:21:14 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2013-06-12 16:21:12 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2013-06-12 16:21:10 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2013-06-12 16:21:10 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-06-12 16:21:08 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2013-06-12 16:21:07 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2013-06-12 16:21:07 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-06-12 16:21:05 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2013-06-12 16:21:05 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-06-12 16:21:04 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2013-06-12 16:21:03 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2013-06-12 16:21:02 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2013-06-12 16:21:00 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2013-06-12 16:21:00 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-06-12 16:20:59 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2013-06-12 16:20:58 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2013-06-12 16:20:56 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2013-06-12 16:20:56 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2013-06-12 16:20:55 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-12 16:20:53 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2013-06-12 16:20:53 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2013-06-12 16:20:52 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2013-06-12 16:20:50 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2013-06-12 16:20:50 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2013-06-12 16:20:48 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2013-06-12 16:20:48 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2013-06-12 16:20:46 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2013-06-12 16:20:32 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2013-06-12 16:20:30 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2013-06-12 16:20:30 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2013-06-12 16:20:29 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2013-06-12 16:20:28 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2013-06-12 16:20:26 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2013-06-12 16:20:25 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2013-06-12 16:20:25 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2013-06-12 16:20:23 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2013-06-12 15:11:46 ----A---- C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 15:11:31 ----A---- C:\Windows\SysWOW64\win32spl.dll
2013-06-12 15:11:22 ----A---- C:\Windows\SysWOW64\certutil.exe
2013-06-12 15:11:21 ----A---- C:\Windows\SysWOW64\certenc.dll
2013-06-12 15:10:26 ----A---- C:\Windows\SysWOW64\d3d11.dll
2013-06-12 15:10:25 ----A---- C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 13:37:43 ----D---- C:\Users\RA\AppData\Roaming\AdobeMuse
2013-06-07 00:20:52 ----D---- C:\ProgramData\LogiShrd
2013-06-07 00:20:49 ----D---- C:\Users\RA\AppData\Roaming\Logitech
2013-06-07 00:17:18 ----D---- C:\ProgramData\Logitech
2013-06-07 00:17:10 ----D---- C:\Users\RA\AppData\Roaming\InstallShield
2013-06-05 11:38:52 ----D---- C:\Program Files (x86)\BMWi-Businessplaner

======List of files/folders modified in the last 3 months======

2013-08-20 12:09:29 ----D---- C:\Windows\Temp
2013-08-20 12:09:28 ----RD---- C:\Program Files (x86)
2013-08-20 11:53:45 ----AD---- C:\ProgramData\TEMP
2013-08-20 11:49:12 ----HD---- C:\ProgramData
2013-08-20 10:48:57 ----SHD---- C:\System Volume Information
2013-08-20 10:08:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-08-20 01:08:02 ----D---- C:\Windows\Tasks
2013-08-20 01:07:34 ----RD---- C:\Program Files
2013-08-19 16:34:57 ----D---- C:\Users\RA\AppData\Roaming\Dropbox
2013-08-19 16:01:16 ----SD---- C:\ProgramData\Microsoft
2013-08-19 15:48:39 ----HD---- C:\jexepackres
2013-08-19 15:45:52 ----D---- C:\ProgramData\NVIDIA
2013-08-16 23:16:30 ----D---- C:\Windows\Microsoft.NET
2013-08-16 23:16:01 ----RSD---- C:\Windows\assembly
2013-08-16 22:42:33 ----D---- C:\Windows\winsxs
2013-08-15 22:51:55 ----D---- C:\Windows\SysWOW64\de-DE
2013-08-15 22:51:55 ----D---- C:\Windows\SysWOW64
2013-08-15 22:51:55 ----D---- C:\Windows\System32
2013-08-15 22:51:55 ----D---- C:\Program Files (x86)\Internet Explorer
2013-08-15 22:51:54 ----D---- C:\Windows\AppPatch
2013-08-15 19:54:09 ----SHD---- C:\Windows\Installer
2013-08-15 19:51:33 ----D---- C:\ProgramData\Microsoft Help
2013-08-13 01:13:08 ----D---- C:\Users\RA\AppData\Roaming\vlc
2013-08-13 00:47:50 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2013-08-07 17:03:20 ----D---- C:\Users\RA\AppData\Roaming\FileZilla
2013-08-03 21:26:14 ----D---- C:\Windows\rescache
2013-08-02 20:13:39 ----D---- C:\Users\RA\AppData\Roaming\Mp3tag
2013-07-31 10:58:56 ----D---- C:\Users\RA\AppData\Roaming\iFunbox_UserCache
2013-07-30 11:31:19 ----D---- C:\Users\RA\AppData\Roaming\Skype
2013-07-26 09:49:25 ----D---- C:\Windows
2013-07-26 09:45:01 ----D---- C:\ProgramData\G DATA
2013-07-26 09:43:13 ----D---- C:\Program Files (x86)\G Data
2013-07-26 09:43:11 ----D---- C:\Program Files (x86)\Common Files
2013-07-26 09:39:10 ----D---- C:\Windows\inf
2013-07-26 09:33:19 ----D---- C:\Windows\SysWOW64\wbem
2013-07-26 09:31:16 ----D---- C:\Windows\SysWOW64\Setup
2013-07-26 09:31:16 ----D---- C:\Windows\SysWOW64\oobe
2013-07-26 09:31:16 ----D---- C:\Windows\SysWOW64\MUI
2013-07-26 09:31:16 ----D---- C:\Windows\SysWOW64\DriverStore
2013-07-26 09:31:15 ----D---- C:\Windows\SysWOW64\config
2013-07-26 09:31:15 ----D---- C:\Windows\SysWOW64\com
2013-07-26 09:31:14 ----D---- C:\Windows\SysWOW64\drivers
2013-07-23 16:19:41 ----D---- C:\Program Files (x86)\Common Files\Adobe
2013-07-23 16:17:15 ----D---- C:\Program Files (x86)\Adobe
2013-07-23 14:55:58 ----D---- C:\Users\RA\AppData\Roaming\Adobe
2013-07-23 12:57:53 ----D---- C:\ProgramData\Adobe
2013-07-22 11:45:01 ----D---- C:\Users\RA\AppData\Roaming\Apple Computer
2013-07-22 11:41:45 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-07-12 08:47:39 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2013-07-11 13:59:12 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 01:36:35 ----D---- C:\Program Files (x86)\Windows Defender
2013-07-10 22:15:00 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 17:23:46 ----D---- C:\Windows\LiveKernelReports
2013-07-03 15:34:05 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-24 09:05:25 ----A---- C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-24 09:05:25 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2013-06-21 10:54:48 ----D---- C:\Program Files (x86)\Common Files\Apple
2013-06-21 10:48:34 ----D---- C:\Program Files (x86)\QuickTime
2013-06-18 11:27:42 ----RSD---- C:\Windows\Fonts
2013-06-18 11:14:49 ----D---- C:\Users\RA\AppData\Roaming\DisplayFusion
2013-06-13 07:44:51 ----D---- C:\Windows\Panther
2013-06-12 19:14:20 ----D---- C:\Windows\Prefetch
2013-06-12 17:05:53 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-06-12 16:18:51 ----D---- C:\Windows\Logs
2013-06-12 15:17:23 ----D---- C:\Windows\debug
2013-06-12 13:14:36 ----D---- C:\Users\RA\AppData\Roaming\Lasersoft Imaging
2013-06-09 01:37:16 ----D---- C:\Users\RA\AppData\Roaming\redsn0w
2013-06-07 00:23:54 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2013-06-07 00:17:15 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-06-05 10:17:48 ----RD---- C:\Users
2013-05-27 08:31:53 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys []
R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys []
R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys []
R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 PRISM_A00;PRISM 802.11 Driver; C:\Windows\system32\DRIVERS\PRISMA00.sys []
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys []
R3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys []
R3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-23 143120]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-03-04 1956304]
R2 AVKService;G Data Scheduler; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [2013-02-25 635344]
R2 AVKWCtl;G Data Dateisystem Wächter; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe [2013-02-25 2249944]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DisplayFusionService;DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-04-26 1498000]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 160272]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2013-02-22 2849120]
R2 WTabletServicePro;Wacom Professional Service; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-06-06 598808]
R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2013-02-25 696808]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 641352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Google Update-Dienst (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 gupdatem;Google Update-Dienst (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-18 117144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

--- --- ---

und info.txt
[code]
info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.09 2013-08-20 12:09:40

======Uninstall list======

-->C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}\Netzmanager1.071.0301_120720a.exe
Adobe Acrobat XI Pro-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{23D3F585-AE29-4670-8E3E-64A0EFB29240}"
Adobe Acrobat XI Pro-->MsiExec.exe /I{AC76BA86-1033-FFFF-7760-000000000006}
Adobe After Effects CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{317243C1-6580-4F43-AED7-37D4438C3DD5}"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A0087DDE-69D0-11E2-AD57-43CA6188709B}
Adobe Bridge CC (64 Bit)-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{359F8007-6486-429C-A8C5-D67F6897C88C}"
Adobe Creative Cloud-->"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Adobe Download Assistant-->msiexec /qb /x {C8773FDB-D0DB-BE52-D536-F48F9886B57B}
Adobe Download Assistant-->MsiExec.exe /I{C8773FDB-D0DB-BE52-D536-F48F9886B57B}
Adobe Dreamweaver CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{00E094E1-A852-11E2-803D-ACEA632352B4}"
Adobe Edge Animate CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{A8F90989-523C-450A-9793-E950D5E0F8C6}"
Adobe Edge Animate-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{181241DD-2FC2-4CF9-94CE-97F3E37D6F0B}"
Adobe Edge Code CC-->MsiExec.exe /X{B3EDB8D8-AA2E-F0FA-1A5A-EDE9F9CAD4A7}
Adobe Edge Inspect CC-->MsiExec.exe /X{67D22EA0-4601-4450-9C99-042DABB0A315}
Adobe Edge Reflow CC Preview-->MsiExec.exe /X{BECBB650-C167-4F12-A264-7396BF4ED769}
Adobe Exchange Panel-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{41A12FFC-89E9-4743-A51E-00975CA31F40}"
Adobe ExtendScript Toolkit CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{6297487E-3778-4F72-B458-55690418DB98}"
Adobe Extension Manager CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}"
Adobe Flash Builder 4.7 (64 Bit)-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{848DE8E1-521D-4748-A158-517708107EF3}"
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -maintain plugin
Adobe Flash Professional CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}"
Adobe Help Manager-->msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1}
Adobe Help Manager-->MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1}
Adobe Illustrator CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{F2321021-08A2-44D6-B1DF-BDB415F23EC3}"
Adobe InCopy CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{2606D96F-C1A3-1014-9A8F-E3561A1AC78D}"
Adobe InDesign CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{BC448016-6F11-1014-B0EA-97CEE6E26CB6}"
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Muse-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{9A554C9D-E12D-4205-8101-9F4337CD5673}"
Adobe Muse-->msiexec /qb /x {57D75592-1B6E-1425-244B-11BCDC027707}
Adobe Muse-->MsiExec.exe /I{57D75592-1B6E-1425-244B-11BCDC027707}
Adobe Photoshop CC-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}"
Adobe Reader XI (11.0.03) - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-AB0000000001}
Adobe Touch App Plugins-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}"
Adobe Widget Browser-->msiexec /qb /x {EFBE6DD5-B224-96E5-72B9-68D328CB12A6}
Adobe Widget Browser-->MsiExec.exe /I{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}
Adobe® Content Viewer-->msiexec /qb /x {7E44D023-7032-5F3C-C14B-833915E11A4A}
Adobe® Content Viewer-->MsiExec.exe /I{7E44D023-7032-5F3C-C14B-833915E11A4A}
Air Video Server 2.4.6-beta3-->C:\Program Files (x86)\AirVideoServer\uninst.exe
Apple Application Support-->MsiExec.exe /I{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Attribute Changer 7.10c-->"C:\Program Files (x86)\Attribute Changer\unins000.exe"
Axialis IconWorkshop 6.33-->C:\Program Files (x86)\Axialis\IconWorkshop\UnInstall.exe "IconWorkshop" "IconWorkshop.exe"
Biet-O-Matic v2.14.12-->C:\PROGRA~2\BIET-O~1\UNWISE.EXE C:\PROGRA~2\BIET-O~1\install.log
bl-->MsiExec.exe /I{2A075BB4-E976-4278-BF3F-E5C6945D84C0}
BMWi-Businessplaner Gründung-->msiexec /qb /x {258EE4D3-BDB5-9013-145B-1B8807B6A9DC}
BMWi-Businessplaner Gründung-->MsiExec.exe /I{258EE4D3-BDB5-9013-145B-1B8807B6A9DC}
Camtasia Studio 8-->MsiExec.exe /I{CB2B4C2B-0805-4E06-873D-CECB046A5BE8}
Canon Auto Update Service-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Auto Update Service\Uninst.ini"
CANON iMAGE GATEWAY MyCamera Download Plugin-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\MyCamera Download Plugin\MyCameraPluginUninstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon MOV Decoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator EX 1.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 1.0\uninst.ini
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\EOS Video Snapshot Task\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\Uninst.ini"
Directory Lister Pro v1.49-->"C:\Program Files (x86)\Directory Lister Pro\unins000.exe"
DisplayFusion 5.0.1-->"C:\Program Files (x86)\DisplayFusion\unins000.exe"
Evernote v. 4.6.7-->MsiExec.exe /X{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}
ExposurePlot 1.1.5a-->"C:\Program Files (x86)\ExposurePlot\unins000.exe"
Extensis Suitcase Fusion 3-->MsiExec.exe /X{CAEDF1F9-70A0-45EB-B344-5AE44EB6F726}
FileZilla Client 3.6.0.2-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
FreeStyle Auto-Assist-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E882771E-1C12-4E8C-99B6-E1B58DFCCFB2}\Setup.exe" 
G Data AntiVirus 2014-->C:\ProgramData\G Data\Setups\{5F17164A-FE5F-48B4-916F-56C6C4470D32}\setup.exe /InstallMode=Uninstall /_DoNotShowChange=true
GeoSetter 3.4.16-->"C:\Program Files (x86)\GeoSetter\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HandBrake 0.9.8-->C:\Program Files\Handbrake\uninst.exe
iFunbox (v2.0.2150.728), iFunbox DevTeam-->"C:\Program Files (x86)\i-Funbox DevTeam\unins000.exe"
ipswDownloader 1.6-->C:\Program Files (x86)\ipswDownloader\uninst.exe
Java 7 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
K-Lite Codec Pack 5.2.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Lightroom 5.0-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{9bcd38e7-1f9a-4536-8cd4-96448263f367}"
Logitech SetPoint-->C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes Anti-Malware Version 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {A6353E8F-5B8D-47CC-8737-DFF032ED3973}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {A6353E8F-5B8D-47CC-8737-DFF032ED3973}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {A23BFC95-4A73-410F-9248-4C2B48E38C49}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Microsoft_VC90_MFCLOC_x86-->MsiExec.exe /I{B6D38690-755E-4F40-A35A-23F8BC2B86AC}
MozBackup 1.5.1-->C:\Program Files (x86)\MozBackup\Uninstall.exe
Mozilla Firefox 22.0 (x86 de)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Mozilla Thunderbird 17.0.7 (x86 de)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag v2.54-->C:\Program Files (x86)\Mp3tag\Mp3tagUninstall.EXE
Nik Collection-->C:\Program Files\Google\Nik Collection\Uninstall Nik Collection.exe
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
PDF Settings CC-->MsiExec.exe /I{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}
ph-->MsiExec.exe /I{185F9795-9663-4F13-9EF9-307A282ADB5A}
PxMergeModule-->MsiExec.exe /I{024521CF-C07E-4F8E-8481-0D75695E03AF}
QuickTime-->MsiExec.exe /I{B67BAFBA-4C9F-48FA-9496-933E3B255044}
Safari-->MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}
Security Update for Microsoft .NET Framework 4.5 (KB2737083)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {00909A54-CC11-3F00-9279-3CE090432A91}
Security Update for Microsoft .NET Framework 4.5 (KB2742613)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {36E5C79E-06D3-32C3-9251-D284B9F3F7E7}
Security Update for Microsoft .NET Framework 4.5 (KB2789648)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {698F9EB6-6753-318E-8615-53D77414313F}
Security Update for Microsoft .NET Framework 4.5 (KB2804582)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {CEB05EDA-D069-31BF-9789-81637633C0BF}
Security Update for Microsoft .NET Framework 4.5 (KB2833957)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {9BBF7EC5-5F9A-3D5E-85E5-3EE53A16166E}
Security Update for Microsoft .NET Framework 4.5 (KB2840642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {DDCAB505-6883-380B-97BD-59381822883B}
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {4F658047-A12E-38D9-8EA9-D941E4A84B7D}
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E949D8B9-24FD-4AB7-B427-FC42AA8BB2D9}
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {43171CAD-DC60-4E7B-9703-B2EC18001B9F}
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3579CE34-B225-4B19-A3AF-DE5F562A212F}
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5}
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {488F0918-97F9-4CD0-8AD5-8986A46AC962}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9D689455-5858-4AE4-A3CA-6E4149FE3F70}
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {718E87EC-6590-485A-B12D-C01D290EDB12}
SilverFast CanonSDK 6.6.2r5-->C:\Program Files (x86)\SilverFast Application\SilverFast CanonSDK\uninst.exe
Skype™ 6.1-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
StreamTransport version: 1.0.2.2171-->"C:\Program Files (x86)\StreamTransport\unins000.exe"
TeamViewer 7-->C:\Program Files (x86)\TeamViewer\Version7\uninstall.exe
theRenamer 7.58-->"C:\Program Files (x86)\theRenamer\unins000.exe"
Trojan Remover 6.8.8-->"C:\Program Files (x86)\Trojan Remover\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4.5 (KB2750147)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {BEBBFEB1-EA1C-3479-A39D-23A76BCB7BFC}
Update for Microsoft .NET Framework 4.5 (KB2805221)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {83FD3E08-19A9-3E5F-85EF-C4786CB743B5}
Update for Microsoft .NET Framework 4.5 (KB2805226)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {87B3F837-4DE6-35DE-B11D-D21554DD8412}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {620E77C0-CDFE-4C14-AAEB-830ABB65864C}
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8153EC80-C988-4336-8DAF-6D99C0D26E0C}
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {EA54F104-79D2-48CC-9ABC-91A63C43D353}
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {319951E8-E272-4F02-A752-DD6FCD7D4519}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9680B76D-042F-4FF2-BD87-6E859531452D}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VLC media player 2.0.6-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Webocton - Scriptly 0.8.95.6-->"C:\Program Files (x86)\Webocton - Scriptly\unins000.exe"
WebTablet FB Plugin 32 bit-->"C:\Program Files (x86)\TabletPlugins\fbWTPUninstall.exe"

======Hosts File======

::1            localhost

======System event log======

Computer Name: RA-PC
Event Code: 7036
Message: Dienst "Windows Installer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2175
Source Name: Service Control Manager
Time Written: 20121031104326.899418-000
Event Type: Informationen
User: 

Computer Name: RA-PC
Event Code: 20001
Message: Der Prozess zum Installieren von Treiber FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.inf für Geräteinstanz-ID STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT12 wurde mit folgendem Status beendet: 0x0.
Record Number: 2174
Source Name: Microsoft-Windows-UserPnp
Time Written: 20121031104243.851956-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: RA-PC
Event Code: 7036
Message: Dienst "Microsoft-Softwareschattenkopie-Anbieter" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2173
Source Name: Service Control Manager
Time Written: 20121031104226.353955-000
Event Type: Informationen
User: 

Computer Name: RA-PC
Event Code: 7036
Message: Dienst "Volumeschattenkopie" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2172
Source Name: Service Control Manager
Time Written: 20121031104225.498906-000
Event Type: Informationen
User: 

Computer Name: RA-PC
Event Code: 7036
Message: Dienst "Multimediaklassenplaner" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2171
Source Name: Service Control Manager
Time Written: 20121031104116.467957-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Fehlerbucket , Typ 0
Ereignisname: PnPRequestAdditionalSoftware
Antwort: Nicht verfügbar
CAB-Datei-ID: 0

Problemsignatur:
P1: x64
P2: HID\VID_046D&PID_C703&REV_2404&MI_01&Col05
P3: 6.1.0.0
P4: 0407
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

Angefügte Dateien:

Diese Dateien befinden sich möglicherweise hier:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_6f07b743177719ad8d89058c4838953d353fcb0_cab_05c4dd43

Analysesymbol: 
Es wird erneut nach einer Lösung gesucht: 0
Berichts-ID: 0b9c8de6-1f96-11e2-964e-ae0f12a83a7c
Berichtstatus: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20121026175328.000000-000
Event Type: Informationen
User: 

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20121026175327.000000-000
Event Type: Informationen
User: 

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20121026175324.000000-000
Event Type: Informationen
User: 

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20121026175320.502882-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20121026175320.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121026175308.428461-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		37L4247E29-32$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x1e0
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121026175308.428461-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

	Anzahl von Elementen:	0
	Richtlinienkennung:	0x32ab6
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121026175305.136855-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-0-0
	Kontoname:		-
	Kontodomäne:		-
	Anmelde-ID:		0x0

Anmeldetyp:			0

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x4
	Prozessname:		

Netzwerkinformationen:
	Arbeitsstationsname:	-
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		-
	Authentifizierungspaket:	-
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121026175303.327252-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows wird gestartet.

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121026175303.280452-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Extensis\Suitcase Fusion 3\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip

-----------------EOF-----------------

--- --- ---

Anschließend dann HJTScanlist mit folgendem Log (siehe Anhang, leider zu groß!)

Und abschließend noch CCleaner mit folgendem Log

Code:

ATTFilter

7-Zip 9.28 (x64 edition)	Igor Pavlov	26.10.2012	4,30 MB	9.28.00.0
Adobe Acrobat XI Pro	Adobe Systems	19.07.2013	3,40 GB	11.0.02
Adobe Acrobat XI Pro	Adobe Systems Incorporated	19.07.2013	1,84 GB	11.0
Adobe After Effects CC	Adobe Systems Incorporated	18.06.2013	2,47 GB	12
Adobe AIR	Adobe Systems Incorporated	12.07.2013		3.7.0.2090
Adobe Bridge CC (64 Bit)	Adobe Systems Incorporated	18.06.2013	757 MB	6.0
Adobe Connect 9 Add-in	Adobe Systems Incorporated	22.07.2013		11,2,381,0
Adobe Creative Cloud	Adobe Systems Incorporated	11.08.2013	188 MB	2.1.0.213
Adobe Download Assistant	Adobe Systems Incorporated	27.10.2012		1.2.3
Adobe Dreamweaver CC	Adobe Systems Incorporated	18.06.2013	720 MB	13
Adobe Edge Animate	Adobe Systems Incorporated	12.06.2013	217 MB	1.5
Adobe Edge Animate CC	Adobe Systems Incorporated	18.06.2013	221 MB	2.0
Adobe Edge Code CC	Adobe Systems Incorporated	18.06.2013	91,0 MB	0.94
Adobe Edge Inspect CC	Adobe Systems Incorporated	18.06.2013	66,4 MB	1.0.408
Adobe Edge Reflow CC Preview	Adobe Systems Incorporated	18.06.2013	55,0 MB	0.23.10993
Adobe Exchange Panel	Adobe Systems Incorporated	12.06.2013	45,3 MB	1
Adobe ExtendScript Toolkit CC	Adobe Systems Incorporated	18.06.2013	68,7 MB	4.0.0.0
Adobe Extension Manager CC	Adobe Systems Incorporated	25.07.2013	66,3 MB	7.1
Adobe Flash Builder 4.7 (64 Bit)	Adobe Systems Incorporated	12.06.2013	2,02 GB	4.7
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	03.07.2013	6,00 MB	11.7.700.224
Adobe Flash Professional CC	Adobe Systems Incorporated	18.06.2013	2,21 GB	13.0
Adobe Help Manager	Adobe Systems Incorporated	27.10.2012		4.0.244
Adobe Illustrator CC	Adobe Systems Incorporated	18.06.2013	1,51 GB	17.0
Adobe InCopy CC	Adobe Systems Incorporated	18.06.2013	1,45 GB	9.0
Adobe InDesign CC	Adobe Systems Incorporated	18.06.2013	1,98 GB	9.0
Adobe Media Player	Adobe Systems Incorporated	26.10.2012		1.8
Adobe Muse	Adobe Systems Incorporated	12.06.2013		4.1.8
Adobe Muse	Adobe Systems Incorporated	12.06.2013	65,7 MB	4.1
Adobe Photoshop CC	Adobe Systems Incorporated	18.06.2013	2,46 GB	14.0
Adobe Photoshop Lightroom 4.2 64-bit	Adobe	27.10.2012	858 MB	4.2.1
Adobe Photoshop Lightroom 5 64-bit	Adobe	22.07.2013	958 MB	5.0.1
Adobe Reader XI (11.0.03) - Deutsch	Adobe Systems Incorporated	03.07.2013	133 MB	11.0.03
Adobe Touch App Plugins	Adobe Systems Incorporated	12.06.2013	3,41 MB	1.0
Adobe Widget Browser	Adobe Systems Incorporated.	27.10.2012		2.0 Build 348
Adobe® Content Viewer	Adobe Systems Incorporated	17.07.2013		3.2.0
Air Video Server 2.4.6-beta3	InMethod, s.r.o.	31.10.2012		2.4.6-beta3
Apple Application Support	Apple Inc.	21.06.2013	64,7 MB	2.3.4
Apple Mobile Device Support	Apple Inc.	21.06.2013	25,2 MB	6.1.0.13
Apple Software Update	Apple Inc.	26.10.2012	2,38 MB	2.1.3.127
Attribute Changer 7.10c	Romain Petges	07.02.2013	3,42 MB	7.10c
Axialis IconWorkshop 6.33	Axialis Software	27.03.2013		6.33
Biet-O-Matic v2.14.12	BOM Development Team	20.02.2013	6,83 MB	2.14.12
BMWi-Businessplaner Gründung	Bundesministerium für Wirtschaft und Technologie	05.06.2013		1.0.2
Bonjour	Apple Inc.	26.10.2012	2,00 MB	3.0.0.10
Bonjour-Druckdienste	Apple Inc.	27.11.2012	597 KB	2.0.2.0
Camtasia Studio 8	TechSmith Corporation	04.11.2012	362 MB	8.0.2.964
Canon Auto Update Service	Canon Inc.	17.05.2013		1.1.2.18
CANON iMAGE GATEWAY MyCamera Download Plugin	Canon Inc.	17.05.2013		3.1.1.2
CANON iMAGE GATEWAY Task for ZoomBrowser EX	Canon Inc.	17.05.2013		1.9.0.9
Canon MOV Decoder	Canon Inc.	17.05.2013		1.9.0.8
Canon MOV Encoder	Canon Inc.	17.05.2013		1.8.0.1
Canon MovieEdit Task for ZoomBrowser EX	Canon Inc.	17.05.2013		3.9.0.6
Canon MP Navigator EX 1.0		07.11.2012		
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX	Canon Inc.	17.05.2013		1.0.0.10
Canon Utilities ZoomBrowser EX	Canon Inc.	17.05.2013		6.9.0.1
Canon ZoomBrowser EX Memory Card Utility	Canon Inc.	17.05.2013		1.6.0.15
CCleaner	Piriform	22.07.2013		4.04
Directory Lister Pro v1.49	KRKSoft	29.10.2012	13,2 MB	1.49
DisplayFusion 5.0.1	Binary Fortress Software	28.04.2013	28,6 MB	5.0.1.0
Dropbox	Dropbox, Inc.	30.10.2012		1.4.20
Evernote v. 4.6.7	Evernote Corp.	24.07.2013	136 MB	4.6.7.8409
ExposurePlot 1.1.5a	Paul van Andel	21.11.2012	1,75 MB	
Extensis Suitcase Fusion 3	2011 Celartem, Inc. d.b.a Extensis All rights reserved	27.10.2012	167 MB	14.2.0
FileZilla Client 3.6.0.2	FileZilla Project	12.12.2012	16,8 MB	3.6.0.2
FreeStyle Auto-Assist		16.11.2012		
G Data AntiVirus 2014	G Data Software AG	26.07.2013	417 MB	24.0.1.5
GeoSetter 3.4.16	Friedemann Schmidt	11.01.2013	28,1 MB	
HandBrake 0.9.8		30.10.2012		0.9.8
iFunbox (v2.0.2150.728), iFunbox DevTeam		09.11.2012	39,7 MB	v2.0.2150.728
ipswDownloader 1.6	Sergey 'iOrange' Kudlay	26.03.2013		1.6
iTunes	Apple Inc.	21.06.2013	187 MB	11.0.4.4
Java 7 Update 25	Oracle	24.06.2013	129 MB	7.0.250
K-Lite Codec Pack 5.2.0 (Full)		04.02.2013		5.2.0
Kolor Autopano Giga 2.6	Kolor	20.12.2012		V2.6.4
Lightroom 5.0	Adobe Systems Incorporated	22.07.2013	803 MB	5.0
Logitech SetPoint	Logitech	07.06.2013		4.24
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	19.08.2013	19,2 MB	1.75.0.1300
MetroTwit	Pixel Tucker Pty Ltd	20.05.2013		1.1.0.3076
Microsoft .NET Framework 4.5	Microsoft Corporation	20.05.2013	38,8 MB	4.5.50709
Microsoft Office Enterprise 2007	Microsoft Corporation	09.11.2012		12.0.6612.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	15.11.2012	7,95 MB	14.0.5130.5003
Microsoft Office Live Add-in 1.5	Microsoft Corporation	09.11.2012	508 KB	2.0.4024.1
Microsoft Silverlight	Microsoft Corporation	10.07.2013	149 MB	5.1.20513.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	07.06.2013	2,38 MB	8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	07.06.2013	3,85 MB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	20.12.2012	246 KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	27.10.2012	788 KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	14.11.2012	788 KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	27.10.2012	240 KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	26.10.2012	596 KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	14.11.2012	600 KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	18.06.2013	13,8 MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	18.06.2013	12,2 MB	10.0.40219
Microsoft WSE 3.0 Runtime	Microsoft Corp.	16.05.2013	942 KB	3.0.5305.0
MozBackup 1.5.1	Pavel Cvrcek	26.10.2012		
Mozilla Firefox 22.0 (x86 de)	Mozilla	10.07.2013	91,7 MB	22.0
Mozilla Maintenance Service	Mozilla	10.07.2013	333 KB	22.0
Mozilla Thunderbird 17.0.7 (x86 de)	Mozilla	27.06.2013	83,9 MB	17.0.7
Mp3tag v2.54	Florian Heidenreich	07.02.2013		v2.54
Nik Collection	Google	02.08.2013		1.0.0.7
Notepad++		08.11.2012		6.2
NVIDIA 3D Vision Treiber 311.06	NVIDIA Corporation	21.03.2013		311.06
NVIDIA Grafiktreiber 311.06	NVIDIA Corporation	21.03.2013		311.06
NVIDIA Update 1.11.3	NVIDIA Corporation	21.03.2013		1.11.3
QuickTime	Apple Inc.	21.06.2013	74,6 MB	7.74.80.86
Recuva	Piriform	12.07.2013		1.47
Safari	Apple Inc.	02.11.2012	104 MB	5.34.57.2
SilverFast CanonSDK 6.6.2r5	LaserSoft Imaging AG	07.11.2012		
Skype™ 6.1	Skype Technologies S.A.	23.01.2013	21,1 MB	6.1.129
Spotify	Spotify AB	26.06.2013		0.9.1.53.g876fa9df
StreamTransport version: 1.0.2.2171		30.10.2012		
SUPERAntiSpyware	SUPERAntiSpyware.com	20.08.2013	62,1 MB	5.6.1032
TeamViewer 7	TeamViewer	04.03.2013		7.0.17271
theRenamer 7.58	theRenamer	15.11.2012	4,89 MB	
Trojan Remover 6.8.8	Simply Super Software	20.08.2013	52,6 MB	6.8.8
VLC media player 2.0.6	VideoLAN	19.04.2013		2.0.6
Wacom Tablett	Wacom Technology Corp.	26.07.2013		6.3.6w3
Webocton - Scriptly 0.8.95.6	Webocton	15.05.2013		0.8.95.6
WebTablet FB Plugin 32 bit	Wacom Technology Corp.	26.07.2013		2.1.0.3
WebTablet FB Plugin 64 bit	Wacom Technology Corp.	26.07.2013		2.1.0.3

Wäre fantastisch, wenn ihr mir weiterhelfen könntet, sollte noch etwas fehlen, dann liefere ich die Angaben gerne nach, sollte aber, soweit ich das jetzt sehe, erst mal die Grundanforderungen erfüllen, oder?

schrauber · 20.08.2013, 12:27

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

asparagus · 20.08.2013, 13:08

Hallo Schrauber,

vielen Dank, dass du dich meines Problems annimmst!

Habe jetzt mal, wie von dir beschrieben, FRST 64-Bit geladen und laufen lassen.

Beim ersten Lauf kam direkt eine Fehlermeldung seitens GData, dass die Datei NTUSER.DAT aus dem Verzeichnis C:\FRST\Hives\Users\00000001 in Quarantäne verschoben wurde, "Auf Grund bösartigen Verhaltens in Quarantäne verschoben."

Habe dann weiter nichts unternommen und die Datei in Quarantäne gelassen. Danach habe ich dann erneut FRST gestartet und das lief dann komplett durch, ohne Fehlermeldung seitens GDATA Antivirus!

Hier die Logs:

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 03
Ran by RA (administrator) on 20-08-2013 13:40:29
Running from C:\Users\RA\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
() C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
(Spotify Ltd) C:\Users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Abbott Diabetes Care) C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\RA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [134160 2007-09-21] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe [9211392 2011-10-27] (Celartem, Inc., doing business as Extensis.)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7283072 2013-04-26] (Binary Fortress Software)
HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2013-04-23] ()
HKCU\...\Run: [AirVideoServer] - C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4935112 2012-07-20] ()
HKCU\...\Run: [Spotify Web Helper] - C:\Users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-26] (Spotify Ltd)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
MountPoints2: {b58c781e-2fe8-11e2-a3b7-0007ca045fc4} - P:\Windows\StartInstall.exe
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\AntiVirus\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444304 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeStyle Auto-Assist.lnk
ShortcutTarget: FreeStyle Auto-Assist.lnk -> C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe (Abbott Diabetes Care)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\RA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default
FF user.js: detected! => C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\user.js
FF Homepage: www.google.de|hxxp://www.creative-nonstop.com/|hxxp://www.existenzgruender.de/selbstaendigkeit/vorbereitung/index.php|hxxp://www.s354533063.website-start.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\searchplugins\rapidshare-filefinder.xml
FF Extension: Pocket - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\isreaditlater@ideashower.com
FF Extension: Spartipps von SparPilot.com - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\sparpilot@sparpilot.com
FF Extension: PriceGong - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
FF Extension: Flash and Video Download - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: Bitdefender QuickScan - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: amznUWL2 - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: artur.dubovoy - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: autofillForms - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\autofillForms@blueimp.net.xpi
FF Extension: checkin - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\checkin@my4squarealibi.com.xpi
FF Extension: duplicate-this-tab - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\duplicate-this-tab@mozilla.org.xpi
FF Extension: exif_viewer - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: firebug - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: fireform - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\fireform@mozilla.org.xpi
FF Extension: firefox - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\firefox@red-cog.com.xpi
FF Extension: HighlightedTextToFile - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi
FF Extension: jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4 - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi
FF Extension: picbrowser - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\picbrowser@iodragon.com.xpi
FF Extension: readability - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\readability@readability.com.xpi
FF Extension: rsDownloader - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\rsDownloader@163.com.xpi
FF Extension: snaplinks - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\snaplinks@snaplinks.mozdev.org.xpi
FF Extension: testpilot - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: tineye - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{62b958b4-9962-4fc2-9983-01a9a42d6f2d}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{B347DFB4-AC21-11DD-9016-B77D55D89593}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1956304 2013-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe [2249944 2013-02-25] (G Data Software AG)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-07-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-07-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-07-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-07-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-08-19] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-08-19] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-07-26] (G Data Software AG)
R3 PRISM_A00; C:\Windows\System32\DRIVERS\PRISMA00.sys [407136 2009-10-27] (Conexant Systems, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 13:38 - 2013-08-20 01:45 - 01576196 _____ (Farbar) C:\Users\RA\Desktop\FRST64.exe
2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____D C:\Users\RA\Desktop\FontDoctor-2-6-1
2013-08-20 13:36 - 2012-09-19 20:31 - 05278816 _____ C:\Users\RA\Desktop\FontDoctor-2-6-1.zip
2013-08-20 12:52 - 2013-08-20 12:52 - 00000000 ____D C:\Program Files\7-Zip
2013-08-20 12:18 - 2013-08-20 12:18 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-20 12:18 - 2013-08-20 12:18 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-20 12:18 - 2013-08-20 12:18 - 00000000 ____D C:\Program Files\CCleaner
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\rsit
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\Program Files (x86)\trend micro
2013-08-20 12:07 - 2013-08-20 12:17 - 00000000 ____D C:\Users\RA\Desktop\Scan
2013-08-20 11:53 - 2013-08-20 11:53 - 00000217 _____ C:\Users\RA\Desktop\impressum.URL
2013-08-20 11:53 - 2013-08-20 11:53 - 00000198 _____ C:\Users\RA\Desktop\Meschert Elektro-Technik GbR » Hier entsteht die Website der Meschert Elektro-Technik GbR.URL
2013-08-20 11:51 - 2013-07-22 11:36 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.trb
2013-08-20 11:49 - 2013-08-20 11:49 - 00001139 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\Documents\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\AppData\Roaming\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-08-20 09:48 - 2013-08-20 09:48 - 00000242 _____ C:\Users\RA\Desktop\Formular-Management-System der Bundesfinanzverwaltung (Fragebogen zur steuerlichen Erfassung Aufnahme einer gewerblichen, se.URL
2013-08-20 09:22 - 2013-07-25 15:45 - 23334896 _____ (Simply Super Software                                       ) C:\Users\RA\Desktop\trjsetup_688.exe
2013-08-20 01:08 - 2013-08-20 02:00 - 00000504 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job
2013-08-20 01:08 - 2013-08-20 01:08 - 00003570 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb
2013-08-20 01:07 - 2013-08-20 01:07 - 00001808 _____ C:\Users\RA\Desktop\SUPERAntiSpyware Professional.lnk
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\RA\AppData\Roaming\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 16:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-19 16:36 - 2013-08-19 13:54 - 27088288 _____ (SUPERAntiSpyware) C:\Users\RA\Desktop\SUPERAntiSpywarePro.exe
2013-08-19 15:48 - 2013-08-19 15:48 - 00107128 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-08-15 19:54 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 19:54 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 19:54 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 19:54 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 19:54 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 19:54 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 19:54 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 19:54 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 19:54 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 19:54 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 19:54 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 19:54 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 19:39 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 19:39 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 19:39 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 19:39 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 19:39 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 19:39 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 19:38 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 19:38 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 19:38 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 19:38 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 19:38 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 19:38 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 19:38 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 19:38 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 19:38 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 19:38 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 19:38 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 19:38 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 19:38 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 19:38 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 19:35 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-11 12:04 - 2013-08-11 12:04 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-11 09:34 - 2013-08-11 09:34 - 37722096 _____ C:\Users\RA\Desktop\Unbenannt_HDR2.psd
2013-08-11 09:33 - 2013-08-11 09:33 - 120030172 _____ C:\Users\RA\Desktop\Unbenannt_HDR3.psd
2013-08-07 21:40 - 2013-08-07 21:40 - 00000000 ____D C:\Users\RA\Desktop\Flyer
2013-08-03 23:28 - 2013-08-03 23:29 - 00000000 ____D C:\Program Files (x86)\SetEdit8500
2013-08-02 18:51 - 2013-08-02 18:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Google
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\Software
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\NikLicenseFiles
2013-08-02 18:26 - 2013-08-20 13:36 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-02 18:26 - 2013-08-20 13:02 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-02 18:26 - 2013-08-02 18:31 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-02 18:26 - 2013-08-02 18:31 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-02 18:26 - 2013-08-02 18:27 - 00000000 ____D C:\Users\RA\AppData\Local\Google
2013-08-02 18:26 - 2013-08-02 18:27 - 00000000 ____D C:\ProgramData\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 00:26 - 2013-08-02 00:26 - 00000000 ____D C:\Users\RA\Desktop\HAUS
2013-07-29 23:23 - 2013-07-29 23:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\WTablet
2013-07-26 09:45 - 2013-07-26 09:45 - 00133976 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\TabletPlugins
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\Tablet
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-07-26 09:36 - 2013-06-06 19:31 - 01959192 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01952536 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01820952 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01817880 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01614104 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01606936 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01493272 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01489176 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2013-07-26 09:36 - 2013-04-30 19:18 - 00085304 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2013-07-26 09:36 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2013-07-26 09:36 - 2012-12-21 00:20 - 00015344 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2013-07-25 21:29 - 2013-07-25 21:29 - 00000000 ____D C:\Users\RA\Desktop\ProcessExplorer
2013-07-25 21:09 - 2013-07-25 21:38 - 00000000 ____D C:\Windows\pss
2013-07-25 20:55 - 2013-07-25 20:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2013-07-25 12:03 - 2013-08-01 11:12 - 00000000 ____D C:\Users\RA\Desktop\Weierhof
2013-07-22 09:38 - 2013-07-22 09:38 - 00000000 ____D C:\ProgramData\RIBS

==================== One Month Modified Files and Folders =======

2013-08-20 13:38 - 2013-08-20 13:38 - 00000000 ____D C:\FRST
2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____D C:\Users\RA\Desktop\FontDoctor-2-6-1
2013-08-20 13:36 - 2013-08-02 18:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 13:09 - 2012-10-26 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-20 13:09 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 13:09 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 13:08 - 2012-10-26 23:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 13:06 - 2012-10-30 14:50 - 00000000 ____D C:\Users\RA\AppData\Roaming\Dropbox
2013-08-20 13:06 - 2012-10-26 21:53 - 00000000 ____D C:\Users\RA\AppData\Local\Adobe
2013-08-20 13:05 - 2012-10-31 20:12 - 00000000 ___HD C:\jexepackres
2013-08-20 13:02 - 2013-08-02 18:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-20 13:01 - 2013-05-17 17:44 - 00016829 _____ C:\Windows\setupact.log
2013-08-20 13:01 - 2013-05-17 17:43 - 00195946 _____ C:\Windows\PFRO.log
2013-08-20 13:01 - 2012-11-15 19:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-20 13:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 12:59 - 2012-10-26 20:20 - 01642364 _____ C:\Windows\WindowsUpdate.log
2013-08-20 12:52 - 2013-08-20 12:52 - 00000000 ____D C:\Program Files\7-Zip
2013-08-20 12:18 - 2013-08-20 12:18 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-20 12:18 - 2013-08-20 12:18 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-20 12:18 - 2013-08-20 12:18 - 00000000 ____D C:\Program Files\CCleaner
2013-08-20 12:17 - 2013-08-20 12:07 - 00000000 ____D C:\Users\RA\Desktop\Scan
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\rsit
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\Program Files (x86)\trend micro
2013-08-20 11:53 - 2013-08-20 11:53 - 00000217 _____ C:\Users\RA\Desktop\impressum.URL
2013-08-20 11:53 - 2013-08-20 11:53 - 00000198 _____ C:\Users\RA\Desktop\Meschert Elektro-Technik GbR » Hier entsteht die Website der Meschert Elektro-Technik GbR.URL
2013-08-20 11:53 - 2012-11-08 15:31 - 00000000 ____D C:\Users\RA\AppData\Local\CrashDumps
2013-08-20 11:49 - 2013-08-20 11:49 - 00001139 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\Documents\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\AppData\Roaming\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-08-20 09:48 - 2013-08-20 09:48 - 00000242 _____ C:\Users\RA\Desktop\Formular-Management-System der Bundesfinanzverwaltung (Fragebogen zur steuerlichen Erfassung Aufnahme einer gewerblichen, se.URL
2013-08-20 02:00 - 2013-08-20 01:08 - 00000504 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job
2013-08-20 01:45 - 2013-08-20 13:38 - 01576196 _____ (Farbar) C:\Users\RA\Desktop\FRST64.exe
2013-08-20 01:08 - 2013-08-20 01:08 - 00003570 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb
2013-08-20 01:07 - 2013-08-20 01:07 - 00001808 _____ C:\Users\RA\Desktop\SUPERAntiSpyware Professional.lnk
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\RA\AppData\Roaming\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 15:48 - 2013-08-19 15:48 - 00107128 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-08-19 13:54 - 2013-08-19 16:36 - 27088288 _____ (SUPERAntiSpyware) C:\Users\RA\Desktop\SUPERAntiSpywarePro.exe
2013-08-15 22:29 - 2013-06-18 00:41 - 00128440 _____ C:\Users\RA\Documents\500pxPublisher.log
2013-08-15 19:51 - 2012-10-31 12:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 19:48 - 2013-07-11 14:14 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 19:44 - 2012-11-09 20:20 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 01:13 - 2013-04-19 21:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\vlc
2013-08-13 00:19 - 2013-05-04 01:06 - 00000000 ____D C:\Users\RA\Desktop\[[   SORT   ]]
2013-08-13 00:18 - 1970-02-28 23:31 - 00000000 ____D C:\Users\RA\Desktop\CASTLE ___ 2013-07-29.21.39.44-SAT-513
2013-08-11 12:04 - 2013-08-11 12:04 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-11 09:34 - 2013-08-11 09:34 - 37722096 _____ C:\Users\RA\Desktop\Unbenannt_HDR2.psd
2013-08-11 09:33 - 2013-08-11 09:33 - 120030172 _____ C:\Users\RA\Desktop\Unbenannt_HDR3.psd
2013-08-11 09:02 - 2012-10-26 23:09 - 00000000 ____D C:\Users\RA\AppData\Local\Thunderbird
2013-08-07 21:40 - 2013-08-07 21:40 - 00000000 ____D C:\Users\RA\Desktop\Flyer
2013-08-07 20:24 - 2013-06-27 14:04 - 00000000 ____D C:\Users\RA\Desktop\WordPress-
2013-08-07 17:03 - 2012-11-01 02:33 - 00000000 ____D C:\Users\RA\AppData\Roaming\FileZilla
2013-08-03 23:29 - 2013-08-03 23:28 - 00000000 ____D C:\Program Files (x86)\SetEdit8500
2013-08-03 21:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-02 20:13 - 2013-02-07 10:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Mp3tag
2013-08-02 18:51 - 2013-08-02 18:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Google
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\Software
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\NikLicenseFiles
2013-08-02 18:31 - 2013-08-02 18:26 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-02 18:31 - 2013-08-02 18:26 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-02 18:27 - 2013-08-02 18:26 - 00000000 ____D C:\Users\RA\AppData\Local\Google
2013-08-02 18:27 - 2013-08-02 18:26 - 00000000 ____D C:\ProgramData\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 17:25 - 2012-10-26 20:22 - 00000000 ____D C:\Users\RA\AppData\Local\VirtualStore
2013-08-02 11:27 - 2012-11-15 21:55 - 00000000 ____D C:\Users\RA\Documents\theRenamer
2013-08-02 00:26 - 2013-08-02 00:26 - 00000000 ____D C:\Users\RA\Desktop\HAUS
2013-08-01 11:12 - 2013-07-25 12:03 - 00000000 ____D C:\Users\RA\Desktop\Weierhof
2013-07-31 10:58 - 2012-11-09 09:50 - 00000000 ____D C:\Users\RA\AppData\Roaming\iFunbox_UserCache
2013-07-30 14:55 - 2012-10-29 11:03 - 00001456 _____ C:\Users\RA\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-07-30 11:31 - 2013-01-23 11:10 - 00000000 ____D C:\Users\RA\AppData\Roaming\Skype
2013-07-29 23:23 - 2013-07-29 23:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\WTablet
2013-07-29 11:20 - 2013-07-15 14:05 - 00000000 ____D C:\Users\RA\Desktop\[GRÜNDUNG]
2013-07-26 09:45 - 2013-07-26 09:45 - 00133976 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-07-26 09:45 - 2012-10-26 22:52 - 00000000 ____D C:\ProgramData\G DATA
2013-07-26 09:43 - 2012-10-26 22:52 - 00000000 ____D C:\Program Files (x86)\G Data
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\TabletPlugins
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\Tablet
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-26 09:30 - 2012-10-26 20:22 - 00000000 ___RD C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 07:13 - 2013-08-15 19:54 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 19:54 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 19:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 19:54 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 19:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 19:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 19:54 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 19:54 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 19:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 19:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 19:54 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 19:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 21:38 - 2013-07-25 21:09 - 00000000 ____D C:\Windows\pss
2013-07-25 21:29 - 2013-07-25 21:29 - 00000000 ____D C:\Users\RA\Desktop\ProcessExplorer
2013-07-25 20:55 - 2013-07-25 20:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2013-07-25 15:45 - 2013-08-20 09:22 - 23334896 _____ (Simply Super Software                                       ) C:\Users\RA\Desktop\trjsetup_688.exe
2013-07-25 11:58 - 2013-03-27 11:12 - 00000000 ___RD C:\Users\RA\Desktop\facebook
2013-07-25 11:25 - 2013-08-15 19:38 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 19:38 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 22:27 - 2012-10-26 22:21 - 00187400 _____ C:\Users\RA\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-24 22:25 - 2009-07-14 06:45 - 06132088 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-23 16:17 - 2012-10-26 21:57 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 16:02 - 2012-10-26 21:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-23 16:00 - 2012-10-26 21:58 - 00000000 ____D C:\Program Files\Adobe
2013-07-23 14:55 - 2012-10-26 21:53 - 00000000 ____D C:\Users\RA\AppData\Roaming\Adobe
2013-07-23 12:57 - 2012-10-26 21:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 12:31 - 2012-10-26 20:21 - 00000000 ____D C:\Users\RA
2013-07-22 11:45 - 2012-10-26 23:29 - 00000000 ____D C:\Users\RA\AppData\Roaming\Apple Computer
2013-07-22 11:41 - 2012-10-26 23:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-22 11:36 - 2013-08-20 11:51 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.trb
2013-07-22 09:38 - 2013-07-22 09:38 - 00000000 ____D C:\ProgramData\RIBS

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-05 12:47

==================== End Of Log ============================

--- --- ---

--- --- ---

und Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2013 03
Ran by RA at 2013-08-20 13:57:33
Running from C:\Users\RA\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
64 Bit HP CIO Components Installer (Version: 13.2.1)
7-Zip 9.30 (x64 edition) (Version: 9.30.00.0)
Adobe Acrobat XI Pro (x32 Version: 11.0)
Adobe Acrobat XI Pro (x32 Version: 11.0.02)
Adobe After Effects CC (x32 Version: 12)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Bridge CC (64 Bit) (x32 Version: 6.0)
Adobe Connect 9 Add-in (HKCU Version: 11,2,381,0)
Adobe Creative Cloud (x32 Version: 2.1.0.213)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Dreamweaver CC (x32 Version: 13)
Adobe Edge Animate (x32 Version: 1.5)
Adobe Edge Animate CC (x32 Version: 2.0)
Adobe Edge Code CC (x32 Version: 0.94)
Adobe Edge Inspect CC (x32 Version: 1.0.408)
Adobe Edge Reflow CC Preview (x32 Version: 0.23.10993)
Adobe Exchange Panel (x32 Version: 1)
Adobe ExtendScript Toolkit CC (x32 Version: 4.0.0.0)
Adobe Extension Manager CC (x32 Version: 7.1)
Adobe Flash Builder 4.7 (64 Bit) (x32 Version: 4.7)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Flash Professional CC (x32 Version: 13.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CC (x32 Version: 17.0)
Adobe InCopy CC (x32 Version: 9.0)
Adobe InDesign CC (x32 Version: 9.0)
Adobe Media Player (x32 Version: 1.8)
Adobe Muse (x32 Version: 4.1)
Adobe Muse (x32 Version: 4.1.8)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Photoshop Lightroom 4.2 64-bit (Version: 4.2.1)
Adobe Photoshop Lightroom 5 64-bit (Version: 5.0.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Touch App Plugins (x32 Version: 1.0)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Adobe® Content Viewer (x32 Version: 3.2.0)
Air Video Server 2.4.6-beta3 (x32 Version: 2.4.6-beta3)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Attribute Changer 7.10c (x32 Version: 7.10c)
Axialis IconWorkshop 6.33 (x32 Version: 6.33)
Biet-O-Matic v2.14.12 (x32 Version: 2.14.12)
bl (x32 Version: 1.0.0)
BMWi-Businessplaner Gründung (x32 Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
Bonjour-Druckdienste (Version: 2.0.0.36)
Bonjour-Druckdienste (Version: 2.0.2.0)
Camtasia Studio 8 (x32 Version: 8.0.2.964)
Canon Auto Update Service (x32 Version: 1.1.2.18)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.9.0.8)
Canon MOV Encoder (x32 Version: 1.8.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.9.0.6)
Canon MP Navigator EX 1.0 (x32)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10)
Canon Utilities ZoomBrowser EX (x32 Version: 6.9.0.1)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.6.0.15)
CCleaner (Version: 4.04)
CDDRV_Installer (Version: 4.24.15)
Directory Lister Pro v1.49 (x32 Version: 1.49)
DisplayFusion 5.0.1 (x32 Version: 5.0.1.0)
Dropbox (HKCU Version: 1.4.20)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
ExposurePlot 1.1.5a (x32)
Extensis Suitcase Fusion 3 (x32 Version: 14.2.0)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
FreeStyle Auto-Assist (x32)
G Data AntiVirus 2014 (x32 Version: 24.0.1.5)
GeoSetter 3.4.16 (x32)
Google Update Helper (x32 Version: 1.3.21.153)
HandBrake 0.9.8 (x32 Version: 0.9.8)
iFunbox (v2.0.2150.728), iFunbox DevTeam (x32 Version: v2.0.2150.728)
ipswDownloader 1.6 (x32 Version: 1.6)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
KhalInstallWrapper (Version: 4.24.99)
K-Lite Codec Pack 5.2.0 (Full) (x32 Version: 5.2.0)
Lightroom 5.0 (x32 Version: 5.0)
Logitech SetPoint (x32 Version: 4.24)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MetroTwit (HKCU Version: 1.1.0.3076)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
MozBackup 1.5.1 (x32)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
Mp3tag v2.54 (x32 Version: v2.54)
Nik Collection (x32 Version: 1.0.0.7)
Notepad++ (x32 Version: 6.2)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
or Autopano Giga 2.6 (Version: V2.6.4)
PDF Settings CC (x32 Version: 12.0)
ph (x32 Version: 1.0.0)
PxMergeModule (x32 Version: 1.00.0000)
QuickTime (x32 Version: 7.74.80.86)
Recuva (Version: 1.47)
Safari (x32 Version: 5.34.57.2)
SilverFast CanonSDK 6.6.2r5 (x32)
Skype™ 6.1 (x32 Version: 6.1.129)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
StreamTransport version: 1.0.2.2171 (x32)
SUPERAntiSpyware (Version: 5.6.1032)
TeamViewer 7 (x32 Version: 7.0.17271)
theRenamer 7.58 (x32)
Trojan Remover 6.8.8 (x32 Version: 6.8.8)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Wacom Tablett (Version: 6.3.6w3)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.3)
WebTablet FB Plugin 64 bit (Version: 2.1.0.3)
Yahoo! Detect (x32)

==================== Restore Points  =========================

07-08-2013 08:03:17 Windows Update
11-08-2013 06:54:33 Windows Update
15-08-2013 17:40:04 Windows Update
20-08-2013 08:48:31 Windows Update
20-08-2013 10:49:50 Installed 7-Zip 9.30 (x64 edition)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-20 11:51 - 00000975 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05038D52-B7F7-447D-BB6D-BE3C3EE86462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {140FE688-9A46-4AC0-B53E-A7E8A374E5BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16FD5339-9FD9-4F09-8B0D-C6676AE4E3EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {1FD7E82F-D5E8-417E-85EE-76F3AB065A88} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {69F0E039-1FAE-424B-989B-E3188B31AAD9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {6FBA5E25-A5ED-4CCA-8E58-975D0D3B67FB} - System32\Tasks\AdobeAAMUpdater-1.0-RA-PC-RA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {7B1CA893-A231-4797-8D15-CF4F79DD3B59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {97C170EF-50DF-487B-9CF2-642BD30531A0} - System32\Tasks\AdobeAAMUpdater-1.0-RA-PC-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {D512B88E-1481-4F38-B816-DC8334646AD7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {D600E553-C31B-44A2-9D11-FC5232A38A45} - System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 11:53:05 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Rmvtrjan.exe, Version: 6.8.8.2622, Zeitstempel: 0x51e96b81
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba59
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001872e
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xRmvtrjan.exe0
Pfad der fehlerhaften Anwendung: Rmvtrjan.exe1
Pfad des fehlerhaften Moduls: Rmvtrjan.exe2
Berichtskennung: Rmvtrjan.exe3

Error: (08/19/2013 04:02:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mmc.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc808
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b8479b
Ausnahmecode: 0x00000000
Fehleroffset: 0x0000000000009e5d
ID des fehlerhaften Prozesses: 0x91c
Startzeit der fehlerhaften Anwendung: 0xmmc.exe0
Pfad der fehlerhaften Anwendung: mmc.exe1
Pfad des fehlerhaften Moduls: mmc.exe2
Berichtskennung: mmc.exe3

Error: (08/15/2013 09:41:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2bcac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003c010
ID des fehlerhaften Prozesses: 0xf68
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3

Error: (08/13/2013 00:47:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: StreamTransport.exe, Version: 1.0.2.2171, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b83c8a
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1c80
Startzeit der fehlerhaften Anwendung: 0xStreamTransport.exe0
Pfad der fehlerhaften Anwendung: StreamTransport.exe1
Pfad des fehlerhaften Moduls: StreamTransport.exe2
Berichtskennung: StreamTransport.exe3

Error: (08/11/2013 04:59:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MediaCoreIF.DLL, Version: 7.0.0.0, Zeitstempel: 0x51a64846
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000201ac8
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3

Error: (08/11/2013 04:51:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MediaCoreIF.DLL, Version: 7.0.0.0, Zeitstempel: 0x51a64846
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000201ac8
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3

Error: (08/11/2013 04:01:23 PM) (Source: Application Hang) (User: )
Description: Programm lightroom.exe, Version 5.0.0.10 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14d0

Startzeit: 01ce969a7edab799

Endzeit: 79

Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop Lightroom 5\lightroom.exe

Berichts-ID: 7dbd60e1-028e-11e3-8bf0-0007ca045fc4

Error: (08/11/2013 03:53:37 PM) (Source: Application Hang) (User: )
Description: Programm lightroom.exe, Version 5.0.0.10 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17cc

Startzeit: 01ce96791c0d6338

Endzeit: 4120

Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop Lightroom 5\lightroom.exe

Berichts-ID: 556d243a-028d-11e3-8bf0-0007ca045fc4

Error: (08/07/2013 10:02:07 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2013 10:02:07 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=3800} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/20/2013 01:04:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/20/2013 01:04:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/19/2013 03:53:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (08/19/2013 03:48:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/19/2013 03:48:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/16/2013 10:43:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/16/2013 10:43:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/15/2013 07:24:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/15/2013 07:24:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/13/2013 09:31:53 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 63%
Total physical RAM: 4094.49 MB
Available physical RAM: 1499.52 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 4776.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:111.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (MUSIK) (Fixed) (Total:200.2 GB) (Free:95.84 GB) NTFS
Drive e: (ARBEIT) (Fixed) (Total:74.53 GB) (Free:43.7 GB) NTFS
Drive f: (PRIVAT) (Fixed) (Total:100.59 GB) (Free:71.3 GB) NTFS
Drive g: (RAM) (Fixed) (Total:50.29 GB) (Free:50.16 GB) NTFS
Drive h: (FONTS) (Fixed) (Total:114.68 GB) (Free:105.77 GB) NTFS
Drive o: (My Book) (Fixed) (Total:931.28 GB) (Free:349.63 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 8D33E5C1)
Partition 1: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D578C98E)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: B5495A2E)
Partition 1: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================

Ich hoffe das hilft erst mal weiter... :-)

schrauber · 20.08.2013, 13:20

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

asparagus · 20.08.2013, 14:48

Hallo Schrauber,

hat leider ein wenig gedauert, habe nicht gleich deine Nachricht gesehen. Hier also nun der Log von ComboFix

Code:

ATTFilter

ComboFix 13-08-19.02 - RA 20.08.2013  15:12:06.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.1845 [GMT 2:00]
ausgeführt von:: c:\users\RA\Desktop\ComboFix.exe
AV: G Data AntiVirus 2014 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2014 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\is-NH2V0.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-20 bis 2013-08-20  ))))))))))))))))))))))))))))))
.
.
2013-08-20 13:28 . 2013-08-20 13:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-08-20 13:28 . 2013-08-20 13:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-20 13:28 . 2013-08-20 13:28	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-08-20 11:38 . 2013-08-20 11:38	--------	d-----w-	C:\FRST
2013-08-20 10:52 . 2013-08-20 10:52	--------	d-----w-	c:\program files\7-Zip
2013-08-20 10:18 . 2013-08-20 10:18	--------	d-----w-	c:\program files\CCleaner
2013-08-20 10:09 . 2013-08-20 10:09	--------	d-----w-	C:\rsit
2013-08-20 10:09 . 2013-08-20 10:09	--------	d-----w-	c:\program files (x86)\trend micro
2013-08-20 09:49 . 2013-08-20 09:49	--------	d-----w-	c:\users\RA\AppData\Roaming\Simply Super Software
2013-08-20 09:49 . 2013-08-20 09:49	--------	d-----w-	c:\programdata\Simply Super Software
2013-08-20 09:49 . 2013-08-20 09:49	--------	d-----w-	c:\program files (x86)\Trojan Remover
2013-08-20 08:49 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{342C5578-6CE3-4153-B66C-35D51C6DD25F}\mpengine.dll
2013-08-19 23:07 . 2013-08-19 23:07	--------	d-----w-	c:\users\RA\AppData\Roaming\SUPERAntiSpyware.com
2013-08-19 23:07 . 2013-08-19 23:07	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-08-19 23:07 . 2013-08-19 23:07	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-08-19 14:44 . 2013-08-19 14:44	--------	d-----w-	c:\users\RA\AppData\Roaming\Malwarebytes
2013-08-19 14:43 . 2013-08-19 14:43	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-19 14:43 . 2013-08-19 14:43	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-19 14:43 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-08-19 13:48 . 2013-08-19 13:48	107128	----a-w-	c:\windows\system32\drivers\GRD.sys
2013-08-15 17:39 . 2013-07-09 05:51	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-15 17:39 . 2013-07-09 04:52	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-08-15 17:39 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-08-15 17:39 . 2013-07-09 05:46	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-15 17:39 . 2013-07-09 05:46	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-08-15 17:39 . 2013-07-09 05:46	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-15 17:39 . 2013-07-09 04:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-08-15 17:39 . 2013-07-09 04:46	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-15 17:39 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-15 17:39 . 2013-07-09 04:46	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-15 17:39 . 2013-07-19 01:58	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-15 17:39 . 2013-07-19 01:41	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-08-15 17:35 . 2013-07-06 06:03	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-03 21:28 . 2013-08-03 21:29	--------	d-----w-	c:\program files (x86)\SetEdit8500
2013-08-02 16:37 . 2013-08-02 16:37	--------	d-----w-	c:\users\RA\AppData\Local\NikLicenseFiles
2013-08-02 16:37 . 2013-08-02 16:37	--------	d-----w-	c:\users\RA\AppData\Local\Software
2013-08-02 16:26 . 2013-08-02 16:26	--------	d-----w-	c:\program files\Google
2013-08-02 16:26 . 2013-08-02 16:27	--------	d-----w-	c:\users\RA\AppData\Local\Google
2013-08-02 16:26 . 2013-08-02 16:26	--------	d-----w-	c:\program files (x86)\Google
2013-08-02 15:18 . 2013-08-02 15:27	--------	d-----w-	c:\program files\WinFellow
2013-08-02 15:13 . 2013-08-02 15:18	--------	d-----w-	c:\users\RA\AppData\Roaming\WinFellow
2013-07-29 21:23 . 2013-07-29 21:23	--------	d-----w-	c:\users\RA\AppData\Roaming\WTablet
2013-07-26 07:45 . 2013-07-26 07:45	62808	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2013-07-26 07:45 . 2013-07-26 07:45	64856	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2013-07-26 07:45 . 2013-07-26 07:45	64856	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2013-07-26 07:45 . 2013-07-26 07:45	60248	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2013-07-26 07:45 . 2013-07-26 07:45	133976	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2013-07-26 07:43 . 2013-07-26 07:43	--------	d-----w-	c:\program files (x86)\Common Files\G Data
2013-07-26 07:33 . 2013-07-26 07:33	--------	d-----w-	c:\windows\SysWow64\wbem\Logs
2013-07-22 07:38 . 2013-07-22 07:38	--------	d-----w-	c:\programdata\RIBS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 17:44 . 2012-11-09 18:20	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-15 17:38	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-03 13:34 . 2012-11-02 10:59	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-03 13:34 . 2012-11-02 10:59	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 12:05 . 2013-02-28 12:10	16944	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2013-06-24 07:05 . 2013-06-24 07:05	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 07:05 . 2012-10-31 18:15	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 07:05 . 2012-10-31 18:15	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-05 03:34 . 2013-07-10 20:31	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 20:31	624128	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 20:31	509440	----a-w-	c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FMCore.exe"="c:\program files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" [2011-10-27 9211392]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2013-04-26 7283072]
"iFunBoxConnector"="c:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2013-04-23 812544]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2012-07-19 4935112]
"Spotify Web Helper"="c:\users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-26 1104384]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data ASM"="c:\program files (x86)\G Data\AntiVirus\DelayLoader\AutorunDelayLoader.exe" [2013-02-25 472016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-08-08 2236816]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-12-18 3478752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"G Data AntiVirus Tray"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2013-02-25 1444304]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2013-07-19 1655568]
.
c:\users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\RA\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2013-7-23 395104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FreeStyle Auto-Assist.lnk - c:\program files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe [2012-11-16 64336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2013-6-7 1148944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\DRIVERS\PRISMA00.sys;c:\windows\SYSNATIVE\DRIVERS\PRISMA00.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 16:26]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 16:26]
.
2013-08-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-07-31 20:36	3359088	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-07-31 20:36	3359088	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-07-31 20:36	3359088	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 134160]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\
FF - prefs.js: browser.startup.homepage - www.google.de|hxxp://www.creative-nonstop.com/|hxxp://www.existenzgruender.de/selbstaendigkeit/vorbereitung/index.php|hxxp://www.s354533063.website-start.de
FF - ExtSQL: 2013-07-08 11:50; amznUWL2@amazon.com; c:\users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\extensions\amznUWL2@amazon.com.xpi
FF - ExtSQL: 2013-08-20 09:27; {6140bbfd-aa20-11e1-aba7-109add603214}; c:\users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{43B74FAB-FB58-447D-8D3A-5F638AF36FD1} - c:\programdata\{87B61FE8-334F-4066-B7AA-68DC81782D4D}\Netzmanager1.071.0301_120720a.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-20  15:32:07
ComboFix-quarantined-files.txt  2013-08-20 13:32
.
Vor Suchlauf: 12 Verzeichnis(se), 119.676.317.696 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 145.514.139.648 Bytes frei
.
- - End Of File - - 888E85D1FB790B0A22E0E5D045ED1E1D
5C616939100B85E558DA92B899A0FC36

Beim Neustart gab es keinen Fehlerhinweis, falls das irgendwie relevant sein sollte, war alles ganz normal.

Zitat:

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

schrauber · 20.08.2013, 15:09

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

und ein frisches FRST log bitte.

asparagus · 20.08.2013, 15:20

Hallo Schrauber,
noch eine kurze Frage zu Malwarebytes Anti-Malware.
Du schreibst

Zitat:

Wenn das Update beendet wurde, aktiviere -Scan durchführen gemäß Anleitung zu Malwareybytes Anti-Malware

Würde ich jetzt so interpretieren, weil da steht "Grundsätzlich Quick-Scan wählen", dass der Quickscan gefordert ist, oder ein Voll-Scan (der hatte ja rund 8 Stunden gestern gedauert...?

Vielen Dank für deine Rückmeldung schonmal!

schrauber · 20.08.2013, 15:24

Quick Scan ist mehr als ausreichend

asparagus · 20.08.2013, 15:45

So, Malwarebytes Anti-Malware hat keine infizierten Objekte gefunden. Schonmal positiv, denke ich. Log sieht folgendermaßen aus ...

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
RA :: RA-PC [Administrator]

20.08.2013 16:20:24
mbam-log-2013-08-20 (16-20-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 274228
Laufzeit: 6 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Zitat:

Klicke auf Löschen.

>> Finde nichts zum "Löschen", gehe davon aus, dass ich erst Scannen muss. Hab ich jetzt durchgeführt...
Jetzt wurde eine Datei, Registry-Einträge und was unter Firefox gefunden...

Habe dann "Clean" ausgewählt, die Einträge wurden entfernt und der Rechner neu gestartet. Dann wurde der Log hier angezeigt ...

Code:

ATTFilter

# AdwCleaner v3.000 - Report created 20/08/2013 at 16:46:35
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RA - RA-PC
# Running from : C:\Users\RA\Desktop\Scan\8\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\RA\AppData\Local\PackageAware
Folder Deleted : C:\Users\RA\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\RA\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\RA\AppData\Roaming\OCS
Folder Deleted : C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\jetpack
Folder Deleted : C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
Folder Deleted : C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\sparpilot@sparpilot.com
File Deleted : C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1648 octets] - [20/08/2013 16:34:49]
AdwCleaner[S0].txt - [1511 octets] - [20/08/2013 16:46:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1571 octets] ##########

und hier noch der Log von FRST ...
FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 03
Ran by RA (administrator) on 20-08-2013 17:00:33
Running from C:\Users\RA\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
() C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
(Spotify Ltd) C:\Users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Abbott Diabetes Care) C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Dropbox, Inc.) C:\Users\RA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [134160 2007-09-21] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe [9211392 2011-10-27] (Celartem, Inc., doing business as Extensis.)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7283072 2013-04-26] (Binary Fortress Software)
HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2013-04-23] ()
HKCU\...\Run: [AirVideoServer] - C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4935112 2012-07-20] ()
HKCU\...\Run: [Spotify Web Helper] - C:\Users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-26] (Spotify Ltd)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\AntiVirus\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444304 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeStyle Auto-Assist.lnk
ShortcutTarget: FreeStyle Auto-Assist.lnk -> C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe (Abbott Diabetes Care)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\RA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default
FF Homepage: www.google.de|hxxp://www.creative-nonstop.com/|hxxp://www.existenzgruender.de/selbstaendigkeit/vorbereitung/index.php|hxxp://www.s354533063.website-start.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\searchplugins\rapidshare-filefinder.xml
FF Extension: Pocket - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\isreaditlater@ideashower.com
FF Extension: Flash and Video Download - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: Bitdefender QuickScan - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: amznUWL2 - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: artur.dubovoy - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: autofillForms - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\autofillForms@blueimp.net.xpi
FF Extension: checkin - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\checkin@my4squarealibi.com.xpi
FF Extension: duplicate-this-tab - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\duplicate-this-tab@mozilla.org.xpi
FF Extension: exif_viewer - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: firebug - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: fireform - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\fireform@mozilla.org.xpi
FF Extension: firefox - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\firefox@red-cog.com.xpi
FF Extension: HighlightedTextToFile - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi
FF Extension: jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4 - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi
FF Extension: picbrowser - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\picbrowser@iodragon.com.xpi
FF Extension: readability - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\readability@readability.com.xpi
FF Extension: rsDownloader - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\rsDownloader@163.com.xpi
FF Extension: snaplinks - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\snaplinks@snaplinks.mozdev.org.xpi
FF Extension: testpilot - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: tineye - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{62b958b4-9962-4fc2-9983-01a9a42d6f2d}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{B347DFB4-AC21-11DD-9016-B77D55D89593}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1956304 2013-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe [2249944 2013-02-25] (G Data Software AG)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-07-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-07-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-07-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-07-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-08-19] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-08-19] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-07-26] (G Data Software AG)
R3 PRISM_A00; C:\Windows\System32\DRIVERS\PRISMA00.sys [407136 2009-10-27] (Conexant Systems, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 15:32 - 2013-08-20 15:32 - 00018312 _____ C:\ComboFix.txt
2013-08-20 15:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-20 15:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-20 15:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-20 15:04 - 2013-08-20 15:32 - 00000000 ____D C:\Qoobox
2013-08-20 15:03 - 2013-08-20 15:29 - 00000000 ____D C:\Windows\erdnt
2013-08-20 15:01 - 2013-08-19 20:13 - 05106564 ____R (Swearware) C:\Users\RA\Desktop\ComboFix.exe
2013-08-20 13:58 - 2013-08-20 13:58 - 00052647 _____ C:\Users\RA\Desktop\FRST-1.txt
2013-08-20 13:57 - 2013-08-20 13:58 - 00023039 _____ C:\Users\RA\Desktop\Addition-1.txt
2013-08-20 13:38 - 2013-08-20 13:38 - 00000000 ____D C:\FRST
2013-08-20 13:38 - 2013-08-20 01:45 - 01576196 _____ (Farbar) C:\Users\RA\Desktop\FRST64.exe
2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____D C:\Users\RA\Desktop\FontDoctor-2-6-1
2013-08-20 13:36 - 2012-09-19 20:31 - 05278816 _____ C:\Users\RA\Desktop\FontDoctor-2-6-1.zip
2013-08-20 13:08 - 2013-08-20 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 12:52 - 2013-08-20 12:52 - 00000000 ____D C:\Program Files\7-Zip
2013-08-20 12:18 - 2013-08-20 12:18 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-20 12:18 - 2013-08-20 12:18 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-20 12:18 - 2013-08-20 12:18 - 00000000 ____D C:\Program Files\CCleaner
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\rsit
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\Program Files (x86)\trend micro
2013-08-20 12:07 - 2013-08-20 16:29 - 00000000 ____D C:\Users\RA\Desktop\Scan
2013-08-20 11:53 - 2013-08-20 11:53 - 00000217 _____ C:\Users\RA\Desktop\impressum.URL
2013-08-20 11:53 - 2013-08-20 11:53 - 00000198 _____ C:\Users\RA\Desktop\Meschert Elektro-Technik GbR » Hier entsteht die Website der Meschert Elektro-Technik GbR.URL
2013-08-20 11:51 - 2013-07-22 11:36 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.trb
2013-08-20 11:49 - 2013-08-20 11:49 - 00001139 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\Documents\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\AppData\Roaming\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-08-20 09:48 - 2013-08-20 09:48 - 00000242 _____ C:\Users\RA\Desktop\Formular-Management-System der Bundesfinanzverwaltung (Fragebogen zur steuerlichen Erfassung Aufnahme einer gewerblichen, se.URL
2013-08-20 09:22 - 2013-07-25 15:45 - 23334896 _____ (Simply Super Software                                       ) C:\Users\RA\Desktop\trjsetup_688.exe
2013-08-20 01:08 - 2013-08-20 02:00 - 00000504 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job
2013-08-20 01:08 - 2013-08-20 01:08 - 00003570 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb
2013-08-20 01:07 - 2013-08-20 01:07 - 00001808 _____ C:\Users\RA\Desktop\SUPERAntiSpyware Professional.lnk
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\RA\AppData\Roaming\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 16:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-19 16:36 - 2013-08-19 13:54 - 27088288 _____ (SUPERAntiSpyware) C:\Users\RA\Desktop\SUPERAntiSpywarePro.exe
2013-08-19 15:48 - 2013-08-19 15:48 - 00107128 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-08-15 19:54 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 19:54 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 19:54 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 19:54 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 19:54 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 19:54 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 19:54 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 19:54 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 19:54 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 19:54 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 19:54 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 19:54 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 19:39 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 19:39 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 19:39 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 19:39 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 19:39 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 19:39 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 19:38 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 19:38 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 19:38 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 19:38 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 19:38 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 19:38 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 19:38 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 19:38 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 19:38 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 19:38 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 19:38 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 19:38 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 19:38 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 19:38 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 19:35 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-11 12:04 - 2013-08-11 12:04 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-11 09:34 - 2013-08-11 09:34 - 37722096 _____ C:\Users\RA\Desktop\Unbenannt_HDR2.psd
2013-08-11 09:33 - 2013-08-11 09:33 - 120030172 _____ C:\Users\RA\Desktop\Unbenannt_HDR3.psd
2013-08-07 21:40 - 2013-08-07 21:40 - 00000000 ____D C:\Users\RA\Desktop\Flyer
2013-08-03 23:28 - 2013-08-03 23:29 - 00000000 ____D C:\Program Files (x86)\SetEdit8500
2013-08-02 18:51 - 2013-08-02 18:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Google
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\Software
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\NikLicenseFiles
2013-08-02 18:26 - 2013-08-20 16:51 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-02 18:26 - 2013-08-20 16:36 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-02 18:26 - 2013-08-02 18:31 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-02 18:26 - 2013-08-02 18:31 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-02 18:26 - 2013-08-02 18:27 - 00000000 ____D C:\Users\RA\AppData\Local\Google
2013-08-02 18:26 - 2013-08-02 18:27 - 00000000 ____D C:\ProgramData\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 00:26 - 2013-08-02 00:26 - 00000000 ____D C:\Users\RA\Desktop\HAUS
2013-07-29 23:23 - 2013-07-29 23:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\WTablet
2013-07-26 09:45 - 2013-07-26 09:45 - 00133976 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\TabletPlugins
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\Tablet
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-07-26 09:36 - 2013-06-06 19:31 - 01959192 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01952536 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01820952 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01817880 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01614104 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01606936 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01493272 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01489176 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2013-07-26 09:36 - 2013-04-30 19:18 - 00085304 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2013-07-26 09:36 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2013-07-26 09:36 - 2012-12-21 00:20 - 00015344 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2013-07-25 21:29 - 2013-07-25 21:29 - 00000000 ____D C:\Users\RA\Desktop\ProcessExplorer
2013-07-25 21:09 - 2013-07-25 21:38 - 00000000 ____D C:\Windows\pss
2013-07-25 20:55 - 2013-07-25 20:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2013-07-25 12:03 - 2013-08-01 11:12 - 00000000 ____D C:\Users\RA\Desktop\Weierhof
2013-07-22 09:38 - 2013-07-22 09:38 - 00000000 ____D C:\ProgramData\RIBS

==================== One Month Modified Files and Folders =======

2013-08-20 16:59 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 16:59 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 16:56 - 2012-10-27 08:18 - 00000010 _____ C:\Users\RA\AppData\Local\.56C369H5-8CEH-20F1-75G2-452FC2FCCD50
2013-08-20 16:56 - 2012-10-27 08:18 - 00000010 _____ C:\ProgramData\.93067BD7-6BGG-312E-86F3-566EB31BBC4E
2013-08-20 16:54 - 2012-10-26 21:53 - 00000000 ____D C:\Users\RA\AppData\Local\Adobe
2013-08-20 16:53 - 2012-10-30 14:50 - 00000000 ____D C:\Users\RA\AppData\Roaming\Dropbox
2013-08-20 16:51 - 2013-08-02 18:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-20 16:51 - 2012-10-31 20:12 - 00000000 ____D C:\jexepackres
2013-08-20 16:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 16:48 - 2013-05-17 17:44 - 00016941 _____ C:\Windows\setupact.log
2013-08-20 16:48 - 2012-11-15 19:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-20 16:47 - 2012-10-26 20:20 - 01653866 _____ C:\Windows\WindowsUpdate.log
2013-08-20 16:46 - 2013-08-20 16:33 - 00000000 ____D C:\AdwCleaner
2013-08-20 16:36 - 2013-08-02 18:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 16:29 - 2013-08-20 12:07 - 00000000 ____D C:\Users\RA\Desktop\Scan
2013-08-20 15:37 - 2013-05-17 17:43 - 00196498 _____ C:\Windows\PFRO.log
2013-08-20 15:37 - 2012-10-26 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-20 15:34 - 2013-08-20 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 15:32 - 2013-08-20 15:32 - 00018312 _____ C:\ComboFix.txt
2013-08-20 15:32 - 2013-08-20 15:04 - 00000000 ____D C:\Qoobox
2013-08-20 15:32 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-20 15:29 - 2013-08-20 15:03 - 00000000 ____D C:\Windows\erdnt
2013-08-20 15:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-20 13:58 - 2013-08-20 13:58 - 00052647 _____ C:\Users\RA\Desktop\FRST-1.txt
2013-08-20 13:58 - 2013-08-20 13:57 - 00023039 _____ C:\Users\RA\Desktop\Addition-1.txt
2013-08-20 13:38 - 2013-08-20 13:38 - 00000000 ____D C:\FRST
2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____D C:\Users\RA\Desktop\FontDoctor-2-6-1
2013-08-20 13:09 - 2012-10-26 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-20 12:52 - 2013-08-20 12:52 - 00000000 ____D C:\Program Files\7-Zip
2013-08-20 12:18 - 2013-08-20 12:18 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-20 12:18 - 2013-08-20 12:18 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-20 12:18 - 2013-08-20 12:18 - 00000000 ____D C:\Program Files\CCleaner
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\rsit
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\Program Files (x86)\trend micro
2013-08-20 11:53 - 2013-08-20 11:53 - 00000217 _____ C:\Users\RA\Desktop\impressum.URL
2013-08-20 11:53 - 2013-08-20 11:53 - 00000198 _____ C:\Users\RA\Desktop\Meschert Elektro-Technik GbR » Hier entsteht die Website der Meschert Elektro-Technik GbR.URL
2013-08-20 11:53 - 2012-11-08 15:31 - 00000000 ____D C:\Users\RA\AppData\Local\CrashDumps
2013-08-20 11:49 - 2013-08-20 11:49 - 00001139 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\Documents\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\AppData\Roaming\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-08-20 09:48 - 2013-08-20 09:48 - 00000242 _____ C:\Users\RA\Desktop\Formular-Management-System der Bundesfinanzverwaltung (Fragebogen zur steuerlichen Erfassung Aufnahme einer gewerblichen, se.URL
2013-08-20 02:00 - 2013-08-20 01:08 - 00000504 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job
2013-08-20 01:45 - 2013-08-20 13:38 - 01576196 _____ (Farbar) C:\Users\RA\Desktop\FRST64.exe
2013-08-20 01:08 - 2013-08-20 01:08 - 00003570 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb
2013-08-20 01:07 - 2013-08-20 01:07 - 00001808 _____ C:\Users\RA\Desktop\SUPERAntiSpyware Professional.lnk
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-19 20:13 - 2013-08-20 15:01 - 05106564 ____R (Swearware) C:\Users\RA\Desktop\ComboFix.exe
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\RA\AppData\Roaming\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 15:48 - 2013-08-19 15:48 - 00107128 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-08-19 13:54 - 2013-08-19 16:36 - 27088288 _____ (SUPERAntiSpyware) C:\Users\RA\Desktop\SUPERAntiSpywarePro.exe
2013-08-15 22:29 - 2013-06-18 00:41 - 00128440 _____ C:\Users\RA\Documents\500pxPublisher.log
2013-08-15 19:51 - 2012-10-31 12:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 19:48 - 2013-07-11 14:14 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 19:44 - 2012-11-09 20:20 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 01:13 - 2013-04-19 21:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\vlc
2013-08-13 00:19 - 2013-05-04 01:06 - 00000000 ____D C:\Users\RA\Desktop\[[   SORT   ]]
2013-08-13 00:18 - 1970-02-28 23:31 - 00000000 ____D C:\Users\RA\Desktop\CASTLE ___ 2013-07-29.21.39.44-SAT-513
2013-08-11 12:04 - 2013-08-11 12:04 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-11 09:34 - 2013-08-11 09:34 - 37722096 _____ C:\Users\RA\Desktop\Unbenannt_HDR2.psd
2013-08-11 09:33 - 2013-08-11 09:33 - 120030172 _____ C:\Users\RA\Desktop\Unbenannt_HDR3.psd
2013-08-11 09:02 - 2012-10-26 23:09 - 00000000 ____D C:\Users\RA\AppData\Local\Thunderbird
2013-08-07 21:40 - 2013-08-07 21:40 - 00000000 ____D C:\Users\RA\Desktop\Flyer
2013-08-07 20:24 - 2013-06-27 14:04 - 00000000 ____D C:\Users\RA\Desktop\WordPress-
2013-08-07 17:03 - 2012-11-01 02:33 - 00000000 ____D C:\Users\RA\AppData\Roaming\FileZilla
2013-08-03 23:29 - 2013-08-03 23:28 - 00000000 ____D C:\Program Files (x86)\SetEdit8500
2013-08-03 21:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-02 20:13 - 2013-02-07 10:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Mp3tag
2013-08-02 18:51 - 2013-08-02 18:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Google
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\Software
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\NikLicenseFiles
2013-08-02 18:31 - 2013-08-02 18:26 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-02 18:31 - 2013-08-02 18:26 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-02 18:27 - 2013-08-02 18:26 - 00000000 ____D C:\Users\RA\AppData\Local\Google
2013-08-02 18:27 - 2013-08-02 18:26 - 00000000 ____D C:\ProgramData\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 17:25 - 2012-10-26 20:22 - 00000000 ____D C:\Users\RA\AppData\Local\VirtualStore
2013-08-02 11:27 - 2012-11-15 21:55 - 00000000 ____D C:\Users\RA\Documents\theRenamer
2013-08-02 00:26 - 2013-08-02 00:26 - 00000000 ____D C:\Users\RA\Desktop\HAUS
2013-08-01 11:12 - 2013-07-25 12:03 - 00000000 ____D C:\Users\RA\Desktop\Weierhof
2013-07-31 10:58 - 2012-11-09 09:50 - 00000000 ____D C:\Users\RA\AppData\Roaming\iFunbox_UserCache
2013-07-30 14:55 - 2012-10-29 11:03 - 00001456 _____ C:\Users\RA\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-07-30 11:31 - 2013-01-23 11:10 - 00000000 ____D C:\Users\RA\AppData\Roaming\Skype
2013-07-29 23:23 - 2013-07-29 23:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\WTablet
2013-07-29 11:20 - 2013-07-15 14:05 - 00000000 ____D C:\Users\RA\Desktop\[GRÜNDUNG]
2013-07-26 09:45 - 2013-07-26 09:45 - 00133976 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-07-26 09:45 - 2012-10-26 22:52 - 00000000 ____D C:\ProgramData\G DATA
2013-07-26 09:43 - 2012-10-26 22:52 - 00000000 ____D C:\Program Files (x86)\G Data
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\TabletPlugins
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\Tablet
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-26 09:30 - 2012-10-26 20:22 - 00000000 ___RD C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 07:13 - 2013-08-15 19:54 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 19:54 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 19:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 19:54 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 19:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 19:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 19:54 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 19:54 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 19:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 19:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 19:54 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 19:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 21:38 - 2013-07-25 21:09 - 00000000 ____D C:\Windows\pss
2013-07-25 21:29 - 2013-07-25 21:29 - 00000000 ____D C:\Users\RA\Desktop\ProcessExplorer
2013-07-25 20:55 - 2013-07-25 20:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2013-07-25 15:45 - 2013-08-20 09:22 - 23334896 _____ (Simply Super Software                                       ) C:\Users\RA\Desktop\trjsetup_688.exe
2013-07-25 11:58 - 2013-03-27 11:12 - 00000000 ___RD C:\Users\RA\Desktop\facebook
2013-07-25 11:25 - 2013-08-15 19:38 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 19:38 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 22:27 - 2012-10-26 22:21 - 00187400 _____ C:\Users\RA\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-24 22:25 - 2009-07-14 06:45 - 06132088 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-23 16:17 - 2012-10-26 21:57 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 16:02 - 2012-10-26 21:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-23 16:00 - 2012-10-26 21:58 - 00000000 ____D C:\Program Files\Adobe
2013-07-23 14:55 - 2012-10-26 21:53 - 00000000 ____D C:\Users\RA\AppData\Roaming\Adobe
2013-07-23 12:57 - 2012-10-26 21:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 12:31 - 2012-10-26 20:21 - 00000000 ____D C:\Users\RA
2013-07-22 11:45 - 2012-10-26 23:29 - 00000000 ____D C:\Users\RA\AppData\Roaming\Apple Computer
2013-07-22 11:41 - 2012-10-26 23:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-22 11:36 - 2013-08-20 11:51 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.trb
2013-07-22 09:38 - 2013-07-22 09:38 - 00000000 ____D C:\ProgramData\RIBS

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-05 12:47

==================== End Of Log ============================

--- --- ---

--- --- ---

und Addition.txt (war dieses Mal nicht aktiv, habe ich dann aktiviert, oder war das unnötig?

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2013 03
Ran by RA at 2013-08-20 17:01:25
Running from C:\Users\RA\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
64 Bit HP CIO Components Installer (Version: 13.2.1)
7-Zip 9.30 (x64 edition) (Version: 9.30.00.0)
Adobe Acrobat XI Pro (x32 Version: 11.0)
Adobe Acrobat XI Pro (x32 Version: 11.0.02)
Adobe After Effects CC (x32 Version: 12)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Bridge CC (64 Bit) (x32 Version: 6.0)
Adobe Connect 9 Add-in (HKCU Version: 11,2,381,0)
Adobe Creative Cloud (x32 Version: 2.1.0.213)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Dreamweaver CC (x32 Version: 13)
Adobe Edge Animate (x32 Version: 1.5)
Adobe Edge Animate CC (x32 Version: 2.0)
Adobe Edge Code CC (x32 Version: 0.94)
Adobe Edge Inspect CC (x32 Version: 1.0.408)
Adobe Edge Reflow CC Preview (x32 Version: 0.23.10993)
Adobe Exchange Panel (x32 Version: 1)
Adobe ExtendScript Toolkit CC (x32 Version: 4.0.0.0)
Adobe Extension Manager CC (x32 Version: 7.1)
Adobe Flash Builder 4.7 (64 Bit) (x32 Version: 4.7)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Flash Professional CC (x32 Version: 13.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CC (x32 Version: 17.0)
Adobe InCopy CC (x32 Version: 9.0)
Adobe InDesign CC (x32 Version: 9.0)
Adobe Media Player (x32 Version: 1.8)
Adobe Muse (x32 Version: 4.1)
Adobe Muse (x32 Version: 4.1.8)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Photoshop Lightroom 4.2 64-bit (Version: 4.2.1)
Adobe Photoshop Lightroom 5 64-bit (Version: 5.0.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Touch App Plugins (x32 Version: 1.0)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Adobe® Content Viewer (x32 Version: 3.2.0)
Air Video Server 2.4.6-beta3 (x32 Version: 2.4.6-beta3)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Attribute Changer 7.10c (x32 Version: 7.10c)
Axialis IconWorkshop 6.33 (x32 Version: 6.33)
Biet-O-Matic v2.14.12 (x32 Version: 2.14.12)
bl (x32 Version: 1.0.0)
BMWi-Businessplaner Gründung (x32 Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
Bonjour-Druckdienste (Version: 2.0.0.36)
Bonjour-Druckdienste (Version: 2.0.2.0)
Camtasia Studio 8 (x32 Version: 8.0.2.964)
Canon Auto Update Service (x32 Version: 1.1.2.18)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.9.0.8)
Canon MOV Encoder (x32 Version: 1.8.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.9.0.6)
Canon MP Navigator EX 1.0 (x32)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10)
Canon Utilities ZoomBrowser EX (x32 Version: 6.9.0.1)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.6.0.15)
CCleaner (Version: 4.04)
CDDRV_Installer (Version: 4.24.15)
Directory Lister Pro v1.49 (x32 Version: 1.49)
DisplayFusion 5.0.1 (x32 Version: 5.0.1.0)
Dropbox (HKCU Version: 1.4.20)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
ExposurePlot 1.1.5a (x32)
Extensis Suitcase Fusion 3 (x32 Version: 14.2.0)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
FreeStyle Auto-Assist (x32)
G Data AntiVirus 2014 (x32 Version: 24.0.1.5)
GeoSetter 3.4.16 (x32)
Google Update Helper (x32 Version: 1.3.21.153)
HandBrake 0.9.8 (x32 Version: 0.9.8)
iFunbox (v2.0.2150.728), iFunbox DevTeam (x32 Version: v2.0.2150.728)
ipswDownloader 1.6 (x32 Version: 1.6)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
KhalInstallWrapper (Version: 4.24.99)
K-Lite Codec Pack 5.2.0 (Full) (x32 Version: 5.2.0)
Lightroom 5.0 (x32 Version: 5.0)
Logitech SetPoint (x32 Version: 4.24)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MetroTwit (HKCU Version: 1.1.0.3076)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
MozBackup 1.5.1 (x32)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
Mp3tag v2.54 (x32 Version: v2.54)
Nik Collection (x32 Version: 1.0.0.7)
Notepad++ (x32 Version: 6.2)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
or Autopano Giga 2.6 (Version: V2.6.4)
PDF Settings CC (x32 Version: 12.0)
ph (x32 Version: 1.0.0)
PxMergeModule (x32 Version: 1.00.0000)
QuickTime (x32 Version: 7.74.80.86)
Recuva (Version: 1.47)
Safari (x32 Version: 5.34.57.2)
SilverFast CanonSDK 6.6.2r5 (x32)
Skype™ 6.1 (x32 Version: 6.1.129)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
StreamTransport version: 1.0.2.2171 (x32)
SUPERAntiSpyware (Version: 5.6.1032)
TeamViewer 7 (x32 Version: 7.0.17271)
theRenamer 7.58 (x32)
Trojan Remover 6.8.8 (x32 Version: 6.8.8)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Wacom Tablett (Version: 6.3.6w3)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.3)
WebTablet FB Plugin 64 bit (Version: 2.1.0.3)
Yahoo! Detect (x32)

==================== Restore Points  =========================

07-08-2013 08:03:17 Windows Update
11-08-2013 06:54:33 Windows Update
15-08-2013 17:40:04 Windows Update
20-08-2013 08:48:31 Windows Update
20-08-2013 10:49:50 Installed 7-Zip 9.30 (x64 edition)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-20 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05038D52-B7F7-447D-BB6D-BE3C3EE86462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {140FE688-9A46-4AC0-B53E-A7E8A374E5BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16FD5339-9FD9-4F09-8B0D-C6676AE4E3EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {23F1AC01-3095-418F-9C02-582777D023B9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {69F0E039-1FAE-424B-989B-E3188B31AAD9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {6FBA5E25-A5ED-4CCA-8E58-975D0D3B67FB} - System32\Tasks\AdobeAAMUpdater-1.0-RA-PC-RA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {7B1CA893-A231-4797-8D15-CF4F79DD3B59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {97C170EF-50DF-487B-9CF2-642BD30531A0} - System32\Tasks\AdobeAAMUpdater-1.0-RA-PC-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {D512B88E-1481-4F38-B816-DC8334646AD7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {D600E553-C31B-44A2-9D11-FC5232A38A45} - System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 11:53:05 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Rmvtrjan.exe, Version: 6.8.8.2622, Zeitstempel: 0x51e96b81
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba59
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001872e
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xRmvtrjan.exe0
Pfad der fehlerhaften Anwendung: Rmvtrjan.exe1
Pfad des fehlerhaften Moduls: Rmvtrjan.exe2
Berichtskennung: Rmvtrjan.exe3

Error: (08/19/2013 04:02:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mmc.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc808
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b8479b
Ausnahmecode: 0x00000000
Fehleroffset: 0x0000000000009e5d
ID des fehlerhaften Prozesses: 0x91c
Startzeit der fehlerhaften Anwendung: 0xmmc.exe0
Pfad der fehlerhaften Anwendung: mmc.exe1
Pfad des fehlerhaften Moduls: mmc.exe2
Berichtskennung: mmc.exe3

Error: (08/15/2013 09:41:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2bcac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003c010
ID des fehlerhaften Prozesses: 0xf68
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3

Error: (08/13/2013 00:47:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: StreamTransport.exe, Version: 1.0.2.2171, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b83c8a
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1c80
Startzeit der fehlerhaften Anwendung: 0xStreamTransport.exe0
Pfad der fehlerhaften Anwendung: StreamTransport.exe1
Pfad des fehlerhaften Moduls: StreamTransport.exe2
Berichtskennung: StreamTransport.exe3

Error: (08/11/2013 04:59:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MediaCoreIF.DLL, Version: 7.0.0.0, Zeitstempel: 0x51a64846
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000201ac8
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3

Error: (08/11/2013 04:51:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MediaCoreIF.DLL, Version: 7.0.0.0, Zeitstempel: 0x51a64846
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000201ac8
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3

Error: (08/11/2013 04:01:23 PM) (Source: Application Hang) (User: )
Description: Programm lightroom.exe, Version 5.0.0.10 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14d0

Startzeit: 01ce969a7edab799

Endzeit: 79

Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop Lightroom 5\lightroom.exe

Berichts-ID: 7dbd60e1-028e-11e3-8bf0-0007ca045fc4

Error: (08/11/2013 03:53:37 PM) (Source: Application Hang) (User: )
Description: Programm lightroom.exe, Version 5.0.0.10 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17cc

Startzeit: 01ce96791c0d6338

Endzeit: 4120

Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop Lightroom 5\lightroom.exe

Berichts-ID: 556d243a-028d-11e3-8bf0-0007ca045fc4

Error: (08/07/2013 10:02:07 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2013 10:02:07 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=3800} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/20/2013 04:51:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/20/2013 04:51:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/20/2013 03:40:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/20/2013 03:40:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/20/2013 03:28:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/20/2013 03:27:28 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/20/2013 03:23:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/20/2013 01:04:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/20/2013 01:04:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/19/2013 03:53:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-20 15:27:28.559
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-20 15:27:28.434
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 4094.49 MB
Available physical RAM: 1813.04 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 5253.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:136.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (MUSIK) (Fixed) (Total:200.2 GB) (Free:95.84 GB) NTFS
Drive e: (ARBEIT) (Fixed) (Total:74.53 GB) (Free:43.7 GB) NTFS
Drive f: (PRIVAT) (Fixed) (Total:100.59 GB) (Free:71.3 GB) NTFS
Drive g: (RAM) (Fixed) (Total:50.29 GB) (Free:50.16 GB) NTFS
Drive h: (FONTS) (Fixed) (Total:114.68 GB) (Free:105.77 GB) NTFS
Drive o: (My Book) (Fixed) (Total:931.28 GB) (Free:349.63 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 8D33E5C1)
Partition 1: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D578C98E)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: B5495A2E)
Partition 1: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================

Sooo, hoffe der Schritt hat uns weiter gen Ziel geführt...

schrauber · 20.08.2013, 16:37

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

asparagus · 20.08.2013, 22:58

Hallo Schrauber,

so, hier wieder meine nächsten Logs...

Der ESET-Log

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=77c3eb16880d6446a561a7b0870eef69
# engine=14842
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-20 09:36:49
# local_time=2013-08-20 11:36:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 46053 128664459 0 0
# scanned=1010927
# found=0
# cleaned=0
# scan_time=21251

Der Security Check Log:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
G Data AntiVirus 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Trojan Remover 6.8.8   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1) 
 Mozilla Thunderbird (17.0.7) 
````````Process Check: objlist.exe by Laurent````````  
 G Data AntiVirus AVK AVKWCtlx64.exe 
 G Data AntiVirus AVK AVKService.exe 
 G Data AntiVirus AVKTray AVKTray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und nochmal der FRST-Log
FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 05
Ran by RA (administrator) on 20-08-2013 23:54:51
Running from C:\Users\RA\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
(Spotify Ltd) C:\Users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Abbott Diabetes Care) C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
() C:\Users\RA\Desktop\SecurityCheck.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [134160 2007-09-21] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe [9211392 2011-10-27] (Celartem, Inc., doing business as Extensis.)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7283072 2013-04-26] (Binary Fortress Software)
HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2013-04-23] ()
HKCU\...\Run: [AirVideoServer] - C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4935112 2012-07-20] ()
HKCU\...\Run: [Spotify Web Helper] - C:\Users\RA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-26] (Spotify Ltd)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\AntiVirus\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444304 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeStyle Auto-Assist.lnk
ShortcutTarget: FreeStyle Auto-Assist.lnk -> C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe (Abbott Diabetes Care)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\RA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default
FF Homepage: www.google.de|hxxp://www.creative-nonstop.com/|hxxp://www.existenzgruender.de/selbstaendigkeit/vorbereitung/index.php|hxxp://www.s354533063.website-start.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\searchplugins\rapidshare-filefinder.xml
FF Extension: Pocket - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\isreaditlater@ideashower.com
FF Extension: Flash and Video Download - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: Bitdefender QuickScan - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: amznUWL2 - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: artur.dubovoy - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: autofillForms - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\autofillForms@blueimp.net.xpi
FF Extension: checkin - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\checkin@my4squarealibi.com.xpi
FF Extension: duplicate-this-tab - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\duplicate-this-tab@mozilla.org.xpi
FF Extension: exif_viewer - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: firebug - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: fireform - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\fireform@mozilla.org.xpi
FF Extension: firefox - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\firefox@red-cog.com.xpi
FF Extension: HighlightedTextToFile - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi
FF Extension: jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4 - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi
FF Extension: picbrowser - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\picbrowser@iodragon.com.xpi
FF Extension: readability - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\readability@readability.com.xpi
FF Extension: rsDownloader - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\rsDownloader@163.com.xpi
FF Extension: snaplinks - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\snaplinks@snaplinks.mozdev.org.xpi
FF Extension: testpilot - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: tineye - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{62b958b4-9962-4fc2-9983-01a9a42d6f2d}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{B347DFB4-AC21-11DD-9016-B77D55D89593}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\yqgjc3vf.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1956304 2013-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe [2249944 2013-02-25] (G Data Software AG)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-07-26] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-07-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-07-26] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-07-26] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-08-19] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-08-19] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-07-26] (G Data Software AG)
R3 PRISM_A00; C:\Windows\System32\DRIVERS\PRISMA00.sys [407136 2009-10-27] (Conexant Systems, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 23:49 - 2013-08-20 23:49 - 00000903 _____ C:\Users\RA\Desktop\checkup.txt
2013-08-20 23:40 - 2013-08-20 23:40 - 00891115 _____ C:\Users\RA\Desktop\SecurityCheck.exe
2013-08-20 18:14 - 2013-08-20 18:14 - 00000000 ____D C:\Users\RA\Desktop\LRTimelapse3.1_win
2013-08-20 17:41 - 2013-04-04 14:07 - 02347384 _____ (ESET) C:\Users\RA\Desktop\esetsmartinstaller_enu.exe
2013-08-20 17:01 - 2013-08-20 17:01 - 00054290 _____ C:\Users\RA\Desktop\FRST-2.txt
2013-08-20 17:01 - 2013-08-20 17:01 - 00024236 _____ C:\Users\RA\Desktop\Addition-2.txt
2013-08-20 16:33 - 2013-08-20 16:46 - 00000000 ____D C:\AdwCleaner
2013-08-20 15:32 - 2013-08-20 15:32 - 00018312 _____ C:\ComboFix.txt
2013-08-20 15:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-20 15:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-20 15:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-20 15:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-20 15:04 - 2013-08-20 15:32 - 00000000 ____D C:\Qoobox
2013-08-20 15:03 - 2013-08-20 15:29 - 00000000 ____D C:\Windows\erdnt
2013-08-20 15:01 - 2013-08-19 20:13 - 05106564 ____R (Swearware) C:\Users\RA\Desktop\ComboFix.exe
2013-08-20 13:58 - 2013-08-20 13:58 - 00052647 _____ C:\Users\RA\Desktop\FRST-1.txt
2013-08-20 13:57 - 2013-08-20 13:58 - 00023039 _____ C:\Users\RA\Desktop\Addition-1.txt
2013-08-20 13:38 - 2013-08-20 13:38 - 00000000 ____D C:\FRST
2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____D C:\Users\RA\Desktop\FontDoctor-2-6-1
2013-08-20 13:08 - 2013-08-20 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 12:52 - 2013-08-20 12:52 - 00000000 ____D C:\Program Files\7-Zip
2013-08-20 12:18 - 2013-08-20 12:18 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-20 12:18 - 2013-08-20 12:18 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-20 12:18 - 2013-08-20 12:18 - 00000000 ____D C:\Program Files\CCleaner
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\rsit
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\Program Files (x86)\trend micro
2013-08-20 12:07 - 2013-08-20 16:29 - 00000000 ____D C:\Users\RA\Desktop\Scan
2013-08-20 11:53 - 2013-08-20 11:53 - 00000217 _____ C:\Users\RA\Desktop\impressum.URL
2013-08-20 11:53 - 2013-08-20 11:53 - 00000198 _____ C:\Users\RA\Desktop\Meschert Elektro-Technik GbR » Hier entsteht die Website der Meschert Elektro-Technik GbR.URL
2013-08-20 11:51 - 2013-07-22 11:36 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.trb
2013-08-20 11:49 - 2013-08-20 11:49 - 00001139 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\Documents\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\AppData\Roaming\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-08-20 09:22 - 2013-07-25 15:45 - 23334896 _____ (Simply Super Software                                       ) C:\Users\RA\Desktop\trjsetup_688.exe
2013-08-20 01:08 - 2013-08-20 02:00 - 00000504 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job
2013-08-20 01:08 - 2013-08-20 01:08 - 00003570 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb
2013-08-20 01:07 - 2013-08-20 01:07 - 00001808 _____ C:\Users\RA\Desktop\SUPERAntiSpyware Professional.lnk
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\RA\AppData\Roaming\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 16:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-19 16:36 - 2013-08-19 13:54 - 27088288 _____ (SUPERAntiSpyware) C:\Users\RA\Desktop\SUPERAntiSpywarePro.exe
2013-08-19 15:48 - 2013-08-19 15:48 - 00107128 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-08-15 19:54 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 19:54 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 19:54 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 19:54 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 19:54 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 19:54 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 19:54 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 19:54 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 19:54 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 19:54 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 19:54 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 19:54 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 19:54 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 19:54 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 19:39 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 19:39 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 19:39 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 19:39 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 19:39 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 19:39 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 19:39 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 19:39 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 19:38 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 19:38 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 19:38 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 19:38 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 19:38 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 19:38 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 19:38 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 19:38 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 19:38 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 19:38 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 19:38 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 19:38 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 19:38 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 19:38 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 19:35 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-11 12:04 - 2013-08-11 12:04 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-11 09:34 - 2013-08-11 09:34 - 37722096 _____ C:\Users\RA\Desktop\Unbenannt_HDR2.psd
2013-08-11 09:33 - 2013-08-11 09:33 - 120030172 _____ C:\Users\RA\Desktop\Unbenannt_HDR3.psd
2013-08-07 21:40 - 2013-08-07 21:40 - 00000000 ____D C:\Users\RA\Desktop\Flyer
2013-08-03 23:28 - 2013-08-03 23:29 - 00000000 ____D C:\Program Files (x86)\SetEdit8500
2013-08-02 18:51 - 2013-08-02 18:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Google
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\Software
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\NikLicenseFiles
2013-08-02 18:26 - 2013-08-20 23:36 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-02 18:26 - 2013-08-20 18:36 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-02 18:26 - 2013-08-02 18:31 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-02 18:26 - 2013-08-02 18:31 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-02 18:26 - 2013-08-02 18:27 - 00000000 ____D C:\Users\RA\AppData\Local\Google
2013-08-02 18:26 - 2013-08-02 18:27 - 00000000 ____D C:\ProgramData\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 00:26 - 2013-08-02 00:26 - 00000000 ____D C:\Users\RA\Desktop\HAUS
2013-07-29 23:23 - 2013-07-29 23:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\WTablet
2013-07-26 09:45 - 2013-07-26 09:45 - 00133976 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\TabletPlugins
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\Tablet
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-07-26 09:36 - 2013-06-06 19:31 - 01959192 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01952536 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01820952 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01817880 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01614104 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01606936 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01493272 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2013-07-26 09:36 - 2013-06-06 19:31 - 01489176 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2013-07-26 09:36 - 2013-04-30 19:18 - 00085304 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2013-07-26 09:36 - 2013-04-30 19:18 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2013-07-26 09:36 - 2012-12-21 00:20 - 00015344 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2013-07-25 21:29 - 2013-07-25 21:29 - 00000000 ____D C:\Users\RA\Desktop\ProcessExplorer
2013-07-25 21:09 - 2013-07-25 21:38 - 00000000 ____D C:\Windows\pss
2013-07-25 20:55 - 2013-07-25 20:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2013-07-25 12:03 - 2013-08-01 11:12 - 00000000 ____D C:\Users\RA\Desktop\Weierhof
2013-07-22 09:38 - 2013-07-22 09:38 - 00000000 ____D C:\ProgramData\RIBS

==================== One Month Modified Files and Folders =======

2013-08-20 23:49 - 2013-08-20 23:49 - 00000903 _____ C:\Users\RA\Desktop\checkup.txt
2013-08-20 23:40 - 2013-08-20 23:40 - 00891115 _____ C:\Users\RA\Desktop\SecurityCheck.exe
2013-08-20 23:36 - 2013-08-02 18:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 23:01 - 2013-08-20 23:52 - 01576210 _____ (Farbar) C:\Users\RA\Desktop\FRST64.exe
2013-08-20 18:36 - 2013-08-02 18:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-20 18:14 - 2013-08-20 18:14 - 00000000 ____D C:\Users\RA\Desktop\LRTimelapse3.1_win
2013-08-20 17:39 - 2012-10-31 20:12 - 00000000 ____D C:\jexepackres
2013-08-20 17:01 - 2013-08-20 17:01 - 00054290 _____ C:\Users\RA\Desktop\FRST-2.txt
2013-08-20 17:01 - 2013-08-20 17:01 - 00024236 _____ C:\Users\RA\Desktop\Addition-2.txt
2013-08-20 16:59 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 16:59 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 16:56 - 2012-10-27 08:18 - 00000010 _____ C:\Users\RA\AppData\Local\.56C369H5-8CEH-20F1-75G2-452FC2FCCD50
2013-08-20 16:56 - 2012-10-27 08:18 - 00000010 _____ C:\ProgramData\.93067BD7-6BGG-312E-86F3-566EB31BBC4E
2013-08-20 16:55 - 2012-10-26 20:20 - 01653866 _____ C:\Windows\WindowsUpdate.log
2013-08-20 16:54 - 2012-10-26 21:53 - 00000000 ____D C:\Users\RA\AppData\Local\Adobe
2013-08-20 16:53 - 2012-10-30 14:50 - 00000000 ____D C:\Users\RA\AppData\Roaming\Dropbox
2013-08-20 16:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 16:48 - 2013-05-17 17:44 - 00016941 _____ C:\Windows\setupact.log
2013-08-20 16:48 - 2012-11-15 19:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-20 16:46 - 2013-08-20 16:33 - 00000000 ____D C:\AdwCleaner
2013-08-20 16:29 - 2013-08-20 12:07 - 00000000 ____D C:\Users\RA\Desktop\Scan
2013-08-20 15:37 - 2013-05-17 17:43 - 00196498 _____ C:\Windows\PFRO.log
2013-08-20 15:37 - 2012-10-26 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-20 15:34 - 2013-08-20 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 15:32 - 2013-08-20 15:32 - 00018312 _____ C:\ComboFix.txt
2013-08-20 15:32 - 2013-08-20 15:04 - 00000000 ____D C:\Qoobox
2013-08-20 15:32 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-20 15:29 - 2013-08-20 15:03 - 00000000 ____D C:\Windows\erdnt
2013-08-20 15:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-20 13:58 - 2013-08-20 13:58 - 00052647 _____ C:\Users\RA\Desktop\FRST-1.txt
2013-08-20 13:58 - 2013-08-20 13:57 - 00023039 _____ C:\Users\RA\Desktop\Addition-1.txt
2013-08-20 13:38 - 2013-08-20 13:38 - 00000000 ____D C:\FRST
2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____D C:\Users\RA\Desktop\FontDoctor-2-6-1
2013-08-20 13:09 - 2012-10-26 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-20 12:52 - 2013-08-20 12:52 - 00000000 ____D C:\Program Files\7-Zip
2013-08-20 12:18 - 2013-08-20 12:18 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-20 12:18 - 2013-08-20 12:18 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-20 12:18 - 2013-08-20 12:18 - 00000000 ____D C:\Program Files\CCleaner
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\rsit
2013-08-20 12:09 - 2013-08-20 12:09 - 00000000 ____D C:\Program Files (x86)\trend micro
2013-08-20 11:53 - 2013-08-20 11:53 - 00000217 _____ C:\Users\RA\Desktop\impressum.URL
2013-08-20 11:53 - 2013-08-20 11:53 - 00000198 _____ C:\Users\RA\Desktop\Meschert Elektro-Technik GbR » Hier entsteht die Website der Meschert Elektro-Technik GbR.URL
2013-08-20 11:53 - 2012-11-08 15:31 - 00000000 ____D C:\Users\RA\AppData\Local\CrashDumps
2013-08-20 11:49 - 2013-08-20 11:49 - 00001139 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\Documents\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Users\RA\AppData\Roaming\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-20 11:49 - 2013-08-20 11:49 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-08-20 02:00 - 2013-08-20 01:08 - 00000504 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job
2013-08-20 01:08 - 2013-08-20 01:08 - 00003570 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb
2013-08-20 01:07 - 2013-08-20 01:07 - 00001808 _____ C:\Users\RA\Desktop\SUPERAntiSpyware Professional.lnk
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-20 01:07 - 2013-08-20 01:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-19 20:13 - 2013-08-20 15:01 - 05106564 ____R (Swearware) C:\Users\RA\Desktop\ComboFix.exe
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\RA\AppData\Roaming\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 16:43 - 2013-08-19 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 15:48 - 2013-08-19 15:48 - 00107128 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-08-19 13:54 - 2013-08-19 16:36 - 27088288 _____ (SUPERAntiSpyware) C:\Users\RA\Desktop\SUPERAntiSpywarePro.exe
2013-08-15 22:29 - 2013-06-18 00:41 - 00128440 _____ C:\Users\RA\Documents\500pxPublisher.log
2013-08-15 19:51 - 2012-10-31 12:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 19:48 - 2013-07-11 14:14 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 19:44 - 2012-11-09 20:20 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 01:13 - 2013-04-19 21:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\vlc
2013-08-13 00:19 - 2013-05-04 01:06 - 00000000 ____D C:\Users\RA\Desktop\[[   SORT   ]]
2013-08-13 00:18 - 1970-02-28 23:31 - 00000000 ____D C:\Users\RA\Desktop\CASTLE ___ 2013-07-29.21.39.44-SAT-513
2013-08-11 12:04 - 2013-08-11 12:04 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-11 09:34 - 2013-08-11 09:34 - 37722096 _____ C:\Users\RA\Desktop\Unbenannt_HDR2.psd
2013-08-11 09:33 - 2013-08-11 09:33 - 120030172 _____ C:\Users\RA\Desktop\Unbenannt_HDR3.psd
2013-08-11 09:02 - 2012-10-26 23:09 - 00000000 ____D C:\Users\RA\AppData\Local\Thunderbird
2013-08-07 21:40 - 2013-08-07 21:40 - 00000000 ____D C:\Users\RA\Desktop\Flyer
2013-08-07 20:24 - 2013-06-27 14:04 - 00000000 ____D C:\Users\RA\Desktop\WordPress-
2013-08-07 17:03 - 2012-11-01 02:33 - 00000000 ____D C:\Users\RA\AppData\Roaming\FileZilla
2013-08-03 23:29 - 2013-08-03 23:28 - 00000000 ____D C:\Program Files (x86)\SetEdit8500
2013-08-03 21:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-02 20:13 - 2013-02-07 10:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Mp3tag
2013-08-02 18:51 - 2013-08-02 18:51 - 00000000 ____D C:\Users\RA\AppData\Roaming\Google
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\Software
2013-08-02 18:37 - 2013-08-02 18:37 - 00000000 ____D C:\Users\RA\AppData\Local\NikLicenseFiles
2013-08-02 18:31 - 2013-08-02 18:26 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-02 18:31 - 2013-08-02 18:26 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-02 18:27 - 2013-08-02 18:26 - 00000000 ____D C:\Users\RA\AppData\Local\Google
2013-08-02 18:27 - 2013-08-02 18:26 - 00000000 ____D C:\ProgramData\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files\Google
2013-08-02 18:26 - 2013-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 17:25 - 2012-10-26 20:22 - 00000000 ____D C:\Users\RA\AppData\Local\VirtualStore
2013-08-02 11:27 - 2012-11-15 21:55 - 00000000 ____D C:\Users\RA\Documents\theRenamer
2013-08-02 00:26 - 2013-08-02 00:26 - 00000000 ____D C:\Users\RA\Desktop\HAUS
2013-08-01 11:12 - 2013-07-25 12:03 - 00000000 ____D C:\Users\RA\Desktop\Weierhof
2013-07-31 10:58 - 2012-11-09 09:50 - 00000000 ____D C:\Users\RA\AppData\Roaming\iFunbox_UserCache
2013-07-30 14:55 - 2012-10-29 11:03 - 00001456 _____ C:\Users\RA\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-07-30 11:31 - 2013-01-23 11:10 - 00000000 ____D C:\Users\RA\AppData\Roaming\Skype
2013-07-29 23:23 - 2013-07-29 23:23 - 00000000 ____D C:\Users\RA\AppData\Roaming\WTablet
2013-07-29 11:20 - 2013-07-15 14:05 - 00000000 ____D C:\Users\RA\Desktop\[GRÜNDUNG]
2013-07-26 09:45 - 2013-07-26 09:45 - 00133976 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00062808 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-07-26 09:45 - 2013-07-26 09:45 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-07-26 09:45 - 2012-10-26 22:52 - 00000000 ____D C:\ProgramData\G DATA
2013-07-26 09:43 - 2012-10-26 22:52 - 00000000 ____D C:\Program Files (x86)\G Data
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\TabletPlugins
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files\Tablet
2013-07-26 09:36 - 2013-07-26 09:36 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-07-26 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-26 09:30 - 2012-10-26 20:22 - 00000000 ___RD C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 07:13 - 2013-08-15 19:54 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 19:54 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 19:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 19:54 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 19:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 19:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 19:54 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 19:54 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 19:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 19:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 19:54 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 19:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 21:38 - 2013-07-25 21:09 - 00000000 ____D C:\Windows\pss
2013-07-25 21:29 - 2013-07-25 21:29 - 00000000 ____D C:\Users\RA\Desktop\ProcessExplorer
2013-07-25 20:55 - 2013-07-25 20:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2013-07-25 15:45 - 2013-08-20 09:22 - 23334896 _____ (Simply Super Software                                       ) C:\Users\RA\Desktop\trjsetup_688.exe
2013-07-25 11:58 - 2013-03-27 11:12 - 00000000 ___RD C:\Users\RA\Desktop\facebook
2013-07-25 11:25 - 2013-08-15 19:38 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 19:38 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 22:27 - 2012-10-26 22:21 - 00187400 _____ C:\Users\RA\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-24 22:25 - 2009-07-14 06:45 - 06132088 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-23 16:17 - 2012-10-26 21:57 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 16:02 - 2012-10-26 21:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-23 16:00 - 2012-10-26 21:58 - 00000000 ____D C:\Program Files\Adobe
2013-07-23 14:55 - 2012-10-26 21:53 - 00000000 ____D C:\Users\RA\AppData\Roaming\Adobe
2013-07-23 12:57 - 2012-10-26 21:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 12:31 - 2012-10-26 20:21 - 00000000 ____D C:\Users\RA
2013-07-22 11:45 - 2012-10-26 23:29 - 00000000 ____D C:\Users\RA\AppData\Roaming\Apple Computer
2013-07-22 11:41 - 2012-10-26 23:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-22 11:36 - 2013-08-20 11:51 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.trb
2013-07-22 09:38 - 2013-07-22 09:38 - 00000000 ____D C:\ProgramData\RIBS

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-05 12:47

==================== End Of Log ============================

--- --- ---

und der Log Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2013 05
Ran by RA at 2013-08-20 23:55:45
Running from C:\Users\RA\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
64 Bit HP CIO Components Installer (Version: 13.2.1)
7-Zip 9.30 (x64 edition) (Version: 9.30.00.0)
Adobe Acrobat XI Pro (x32 Version: 11.0)
Adobe Acrobat XI Pro (x32 Version: 11.0.02)
Adobe After Effects CC (x32 Version: 12)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Bridge CC (64 Bit) (x32 Version: 6.0)
Adobe Connect 9 Add-in (HKCU Version: 11,2,381,0)
Adobe Creative Cloud (x32 Version: 2.1.0.213)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Dreamweaver CC (x32 Version: 13)
Adobe Edge Animate (x32 Version: 1.5)
Adobe Edge Animate CC (x32 Version: 2.0)
Adobe Edge Code CC (x32 Version: 0.94)
Adobe Edge Inspect CC (x32 Version: 1.0.408)
Adobe Edge Reflow CC Preview (x32 Version: 0.23.10993)
Adobe Exchange Panel (x32 Version: 1)
Adobe ExtendScript Toolkit CC (x32 Version: 4.0.0.0)
Adobe Extension Manager CC (x32 Version: 7.1)
Adobe Flash Builder 4.7 (64 Bit) (x32 Version: 4.7)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Flash Professional CC (x32 Version: 13.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CC (x32 Version: 17.0)
Adobe InCopy CC (x32 Version: 9.0)
Adobe InDesign CC (x32 Version: 9.0)
Adobe Media Player (x32 Version: 1.8)
Adobe Muse (x32 Version: 4.1)
Adobe Muse (x32 Version: 4.1.8)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Photoshop Lightroom 4.2 64-bit (Version: 4.2.1)
Adobe Photoshop Lightroom 5 64-bit (Version: 5.0.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Touch App Plugins (x32 Version: 1.0)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Adobe® Content Viewer (x32 Version: 3.2.0)
Air Video Server 2.4.6-beta3 (x32 Version: 2.4.6-beta3)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Attribute Changer 7.10c (x32 Version: 7.10c)
Axialis IconWorkshop 6.33 (x32 Version: 6.33)
Biet-O-Matic v2.14.12 (x32 Version: 2.14.12)
bl (x32 Version: 1.0.0)
BMWi-Businessplaner Gründung (x32 Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
Bonjour-Druckdienste (Version: 2.0.0.36)
Bonjour-Druckdienste (Version: 2.0.2.0)
Camtasia Studio 8 (x32 Version: 8.0.2.964)
Canon Auto Update Service (x32 Version: 1.1.2.18)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.9.0.8)
Canon MOV Encoder (x32 Version: 1.8.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.9.0.6)
Canon MP Navigator EX 1.0 (x32)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10)
Canon Utilities ZoomBrowser EX (x32 Version: 6.9.0.1)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.6.0.15)
CCleaner (Version: 4.04)
CDDRV_Installer (Version: 4.24.15)
Directory Lister Pro v1.49 (x32 Version: 1.49)
DisplayFusion 5.0.1 (x32 Version: 5.0.1.0)
Dropbox (HKCU Version: 1.4.20)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
ExposurePlot 1.1.5a (x32)
Extensis Suitcase Fusion 3 (x32 Version: 14.2.0)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
FreeStyle Auto-Assist (x32)
G Data AntiVirus 2014 (x32 Version: 24.0.1.5)
GeoSetter 3.4.16 (x32)
Google Update Helper (x32 Version: 1.3.21.153)
HandBrake 0.9.8 (x32 Version: 0.9.8)
iFunbox (v2.0.2150.728), iFunbox DevTeam (x32 Version: v2.0.2150.728)
ipswDownloader 1.6 (x32 Version: 1.6)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
KhalInstallWrapper (Version: 4.24.99)
K-Lite Codec Pack 5.2.0 (Full) (x32 Version: 5.2.0)
Lightroom 5.0 (x32 Version: 5.0)
Logitech SetPoint (x32 Version: 4.24)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MetroTwit (HKCU Version: 1.1.0.3076)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
MozBackup 1.5.1 (x32)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
Mp3tag v2.54 (x32 Version: v2.54)
Nik Collection (x32 Version: 1.0.0.7)
Notepad++ (x32 Version: 6.2)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
or Autopano Giga 2.6 (Version: V2.6.4)
PDF Settings CC (x32 Version: 12.0)
ph (x32 Version: 1.0.0)
PxMergeModule (x32 Version: 1.00.0000)
QuickTime (x32 Version: 7.74.80.86)
Recuva (Version: 1.47)
Safari (x32 Version: 5.34.57.2)
SilverFast CanonSDK 6.6.2r5 (x32)
Skype™ 6.1 (x32 Version: 6.1.129)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
StreamTransport version: 1.0.2.2171 (x32)
SUPERAntiSpyware (Version: 5.6.1032)
TeamViewer 7 (x32 Version: 7.0.17271)
theRenamer 7.58 (x32)
Trojan Remover 6.8.8 (x32 Version: 6.8.8)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Wacom Tablett (Version: 6.3.6w3)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.3)
WebTablet FB Plugin 64 bit (Version: 2.1.0.3)
Yahoo! Detect (x32)

==================== Restore Points  =========================

07-08-2013 08:03:17 Windows Update
11-08-2013 06:54:33 Windows Update
15-08-2013 17:40:04 Windows Update
20-08-2013 08:48:31 Windows Update
20-08-2013 10:49:50 Installed 7-Zip 9.30 (x64 edition)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-20 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05038D52-B7F7-447D-BB6D-BE3C3EE86462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {140FE688-9A46-4AC0-B53E-A7E8A374E5BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16FD5339-9FD9-4F09-8B0D-C6676AE4E3EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {23F1AC01-3095-418F-9C02-582777D023B9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {69F0E039-1FAE-424B-989B-E3188B31AAD9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {6FBA5E25-A5ED-4CCA-8E58-975D0D3B67FB} - System32\Tasks\AdobeAAMUpdater-1.0-RA-PC-RA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {7B1CA893-A231-4797-8D15-CF4F79DD3B59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {97C170EF-50DF-487B-9CF2-642BD30531A0} - System32\Tasks\AdobeAAMUpdater-1.0-RA-PC-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {D512B88E-1481-4F38-B816-DC8334646AD7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {D600E553-C31B-44A2-9D11-FC5232A38A45} - System32\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad271f93-4c21-4f84-9b12-b59263a2a0bb.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 05:42:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/20/2013 05:41:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/20/2013 05:41:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/20/2013 05:41:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/20/2013 11:53:05 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Rmvtrjan.exe, Version: 6.8.8.2622, Zeitstempel: 0x51e96b81
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba59
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001872e
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xRmvtrjan.exe0
Pfad der fehlerhaften Anwendung: Rmvtrjan.exe1
Pfad des fehlerhaften Moduls: Rmvtrjan.exe2
Berichtskennung: Rmvtrjan.exe3

Error: (08/19/2013 04:02:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mmc.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc808
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b8479b
Ausnahmecode: 0x00000000
Fehleroffset: 0x0000000000009e5d
ID des fehlerhaften Prozesses: 0x91c
Startzeit der fehlerhaften Anwendung: 0xmmc.exe0
Pfad der fehlerhaften Anwendung: mmc.exe1
Pfad des fehlerhaften Moduls: mmc.exe2
Berichtskennung: mmc.exe3

Error: (08/15/2013 09:41:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2bcac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003c010
ID des fehlerhaften Prozesses: 0xf68
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3

Error: (08/13/2013 00:47:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: StreamTransport.exe, Version: 1.0.2.2171, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b83c8a
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1c80
Startzeit der fehlerhaften Anwendung: 0xStreamTransport.exe0
Pfad der fehlerhaften Anwendung: StreamTransport.exe1
Pfad des fehlerhaften Moduls: StreamTransport.exe2
Berichtskennung: StreamTransport.exe3

Error: (08/11/2013 04:59:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MediaCoreIF.DLL, Version: 7.0.0.0, Zeitstempel: 0x51a64846
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000201ac8
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3

Error: (08/11/2013 04:51:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.0.0.10, Zeitstempel: 0x51a64dae
Name des fehlerhaften Moduls: MediaCoreIF.DLL, Version: 7.0.0.0, Zeitstempel: 0x51a64846
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000201ac8
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3


System errors:
=============
Error: (08/20/2013 04:51:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/20/2013 04:51:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/20/2013 03:40:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/20/2013 03:40:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/20/2013 03:28:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/20/2013 03:27:28 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/20/2013 03:23:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/20/2013 01:04:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/20/2013 01:04:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/19/2013 03:53:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-20 15:27:28.559
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-20 15:27:28.434
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 4094.49 MB
Available physical RAM: 1528.46 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 5610.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:134.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (MUSIK) (Fixed) (Total:200.2 GB) (Free:95.84 GB) NTFS
Drive e: (ARBEIT) (Fixed) (Total:74.53 GB) (Free:43.7 GB) NTFS
Drive f: (PRIVAT) (Fixed) (Total:100.59 GB) (Free:71.3 GB) NTFS
Drive g: (RAM) (Fixed) (Total:50.29 GB) (Free:50.16 GB) NTFS
Drive h: (FONTS) (Fixed) (Total:114.68 GB) (Free:105.77 GB) NTFS
Drive o: (My Book) (Fixed) (Total:931.28 GB) (Free:349.63 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 8D33E5C1)
Partition 1: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D578C98E)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: B5495A2E)
Partition 1: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================

Probleme? Keine mehr, hoffe das bleibt auch so!

Bedanke mich erst mal ganz herzlich, sofern das Ganze damit abgeschlossen ist und
wünsche viel Erfolg beim Studium!

und

schrauber · 21.08.2013, 09:45

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

asparagus · 21.08.2013, 13:55

Hallo Schrauber!
Hat leider ein wenig mit meiner Antwort gedauert... Habe deine restlichen Hinweise in der oben genannten Reihenfolge durchgeführt und mir auch die anderen Tipps und Hinweise zu Herzen genommen, bzw. die Programme installiert. Ich hoffe das hilft in Zukunft

Möchte dir nochmal ganz, ganz herzlich für deine Hilfe und deine Mühe danken!
Somit dürfte ja jetzt alles gesäubert sein. Also wieder ran ans "Schaffen" und den Zeitverlust aufholen. Hatte befürchtet, dass Vieles jetzt verloren sei. Werde mich nun mal um eine vernünftige Backup-Lösung bemühen...

Nochmals vielen Dank und viel Erfolg beim Studium!

Kannst dann, wenn von deiner Seite alles durch ist, den Thread schliessen...

Ach so, habe ich eben ein wenig verwechselt, dein Abo beenden, Thread wird ja vermutlich nicht geschlossen, bzw. vom Admin, oder?

schrauber · 21.08.2013, 16:17

Thread bleibt offen, Abos behalt ich auch

20.08.2013, 15:24	#8
schrauber /// the machine /// TB-Ausbilder	Massenemails über meinen Account, Trojaner oder Virus auf dem Rechner? Quick Scan ist mehr als ausreichend __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

21.08.2013, 16:17	#14
schrauber /// the machine /// TB-Ausbilder	Massenemails über meinen Account, Trojaner oder Virus auf dem Rechner? Thread bleibt offen, Abos behalt ich auch __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Massenemails über meinen Account, Trojaner oder Virus auf dem Rechner?

Plagegeister aller Art und deren Bekämpfung: Massenemails über meinen Account, Trojaner oder Virus auf dem Rechner?