|
Plagegeister aller Art und deren Bekämpfung: Nicht entfernbarer Virus Name: Win32Evo-gen [Susp]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.09.2013, 15:38 | #1 |
| Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] Hallo hatte mir Heute ein susp virus eingefangen sagt Avast Infection :Win32:evo-gen kann ihn aber nicht entfernen wenn ich irgennd eine Aktion versucht doch es taucht immmer wieder auf hab ihn schon manuell entfernt doch ich will den prozess nicht entfernen da es der explorer ist wie bekomme ich diesen mist Virus raus denn irgenwas passiert mit meinem pc wenn er was kontroliert oder Abhört sagt mir schnell bescheid denn ich hab mich an diesem pc und E-mail eingeloggt Von Timo {Viruspro} bitte sagt mir nicht das ich den virus gar nicht entferenen kann außer CMD format C |
23.09.2013, 15:39 | #2 |
| Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] Bitte Hilft mir
__________________ |
23.09.2013, 15:43 | #3 |
/// the machine /// TB-Ausbilder | Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
24.09.2013, 16:35 | #4 |
| Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] Hi komme mit meinem pc nicht mehr ins Internet rein was soll ich jetzt tun |
24.09.2013, 19:15 | #5 |
/// the machine /// TB-Ausbilder | Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] Programm von nem adneren Rechner laden und rüber schieben.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.09.2013, 14:58 | #6 |
| Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] Wenn ich auf Scan klicke passiert nichts ??? Was jetzt? Aber erst nach 5 Minuten ist das Normal Und ständig hängt das Programm Und manchmal komme ich sogar mit diesem pc ins Netz ! |
29.09.2013, 15:10 | #7 |
| Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] hier die erste FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by TimoWerner (administrator) on WERNER-HP on 29-09-2013 15:55:11 Running from C:\Users\TimoWerner\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe (Apache Software Foundation) c:\xampp\apache\bin\httpd.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe () C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () c:\xampp\mysql\bin\mysqld.exe (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Internet Anonym 2012\VPNService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe () C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\SymErr.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\WerFault.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Samsung Electronics) C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (1&1 Mail & Media GmbH) C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (Akamai Technologies, Inc.) C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Akamai Technologies, Inc.) C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe () C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe (Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Zecter Inc.) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe (Microsoft Corporation) C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (J3S GmbH) C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe (Honest Technology) C:\Program Files (x86)\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe (Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Cleverlearn, Inc.) C:\Program Files (x86)\Clicktionary\Cleverlearn Clicktionary.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe (AVEO) C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\tampmon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD9.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe () C:\Program Files (x86)\Overwolf\Purplizer\Purplizer.exe (Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe (CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\PowerDVDCox.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup (Microsoft Corporation) C:\Windows\system32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company) HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe [407384 2013-05-09] (Samsung Electronics) HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\tampmon.exe [61264 2013-09-12] (Symantec Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKCU\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKCU\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKCU\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKCU\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKCU\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKCU\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKCU\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKCU\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKCU\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKCU\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKCU\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKCU\...\Run: [E365A742319C80E04F1A1C073157E1275BD24649._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.) HKCU\...\Run: [SOS_Agent] - C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe [4493536 2013-05-16] (Steganos Software GmbH) HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov) HKCU\...\Run: [Real Desktop] - C:\Program Files (x86)\Real Desktop\rdesc.exe [4743168 2013-08-27] (Schillergames) HKCU\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.) HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKCU\...\Policies\system: [DisableLockWorkstation] 1 HKCU\...\Policies\system: [DisableChangePassword] 0 MountPoints2: {682df1de-d0cf-11e0-b14e-2c27d7ca8df3} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta MountPoints2: {682df1fa-d0cf-11e0-b14e-2c27d7ca8df3} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.) HKLM-x32\...\Run: [MyPublicWiFi] - C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe [2002432 2011-12-02] () HKLM-x32\...\Run: [AveoSTI.exe] - C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Plugin Install] - C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2012-10-09] () HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-09] (RealNetworks, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [581496 2012-10-17] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bdruninstaller] - C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [747096 2013-05-15] (Bitdefender) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKU\BitBox\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Default\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Default User\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\Gast\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Gast\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\Gast\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\Gast\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\Gast\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\Gast\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\Gast\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\Gast\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Gast\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\Gast\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\Gast\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\Gast\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\Gast\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\Gast\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\Gast\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\Gast\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\Gast\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\Gast\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\Gast\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\Gast\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\Gast\...\Policies\system: [LogonHoursAction] 2 HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0 HKU\Gast\...\Policies\system: [DisableChangePassword] 0 HKU\peer\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\peer\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\peer\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\peer\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\peer\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\peer\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\peer\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\peer\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\peer\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\peer\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\peer\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\peer\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\peer\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\peer\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\peer\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\peer\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\peer\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\peer\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\peer\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\peer\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\peer\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\peer\...\Policies\system: [LogonHoursAction] 2 HKU\peer\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\peer\...\Policies\system: [DisableLockWorkstation] 0 HKU\peer\...\Policies\system: [DisableChangePassword] 0 HKU\php 1255\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\php 1255\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\php 1255\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\php 1255\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\php 1255\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\php 1255\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\php 1255\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\php 1255\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\php 1255\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\php 1255\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\php 1255\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\php 1255\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\php 1255\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\php 1255\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\php 1255\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\php 1255\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\php 1255\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\php 1255\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\php 1255\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\php 1255\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\php 1255\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\php 1255\...\Policies\system: [LogonHoursAction] 2 HKU\php 1255\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\php 1255\...\Policies\system: [DisableLockWorkstation] 0 HKU\php 1255\...\Policies\system: [DisableChangePassword] 0 HKU\v\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\v\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\v\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\v\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\v\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\v\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\v\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\v\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\v\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\v\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\v\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\v\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\v\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\v\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\v\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\v\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\v\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\v\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\v\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\v\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\v\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\v\...\Policies\system: [LogonHoursAction] 2 HKU\v\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\v\...\Policies\system: [DisableLockWorkstation] 0 HKU\v\...\Policies\system: [DisableChangePassword] 0 HKU\Werner\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\Werner\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\Werner\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\Werner\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\Werner\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Werner\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\Werner\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\Werner\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\Werner\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\Werner\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Werner\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\Werner\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\Werner\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\Werner\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\Werner\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\Werner\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\Werner\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\Werner\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\Werner\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\Werner\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\Werner\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\Werner\...\Policies\system: [DisableLockWorkstation] 0 HKU\Werner\...\Policies\system: [DisableChangePassword] 0 HKU\Werner\...\Policies\system: [LogonHoursAction] 2 HKU\Werner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Werner1\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\Werner1\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Werner1\...\Run: [VoipCheapCom] - C:\Program Files (x86)\VoipCheapCom\voipcheapcom.exe [14054712 2012-02-06] (VoipCheapCom) HKU\Werner1\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\Werner1\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\Werner1\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\Werner1\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\Werner1\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\Werner1\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\Werner1\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Werner1\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\Werner1\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\Werner1\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\Werner1\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\Werner1\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\Werner1\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\Werner1\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\Werner1\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\Werner1\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\Werner1\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\Werner1\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\Werner1\...\Policies\system: [LogonHoursAction] 2 HKU\Werner1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Werner1\...\Policies\system: [DisableLockWorkstation] 0 HKU\Werner1\...\Policies\system: [DisableChangePassword] 0 HKU\xx\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) IMEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IMEO\gameconsole-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IMEO\tvdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\TimoWerner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GMX Clicktionary 2.8.lnk ShortcutTarget: GMX Clicktionary 2.8.lnk -> C:\Program Files (x86)\Clicktionary\Cleverlearn Clicktionary.exe (Cleverlearn, Inc.) Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk ShortcutTarget: Real Desktop.lnk -> C:\Program Files (x86)\Real Desktop\rdesc.exe (Schillergames) Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: localhost:8123 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks SearchScopes: HKLM-x32 - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks SearchScopes: HKCU - {0C5A5BF2-683B-4BE6-850E-BB90306D67F0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=5B8CF2D0-C82E-4536-9736-C7F700656C0F&apn_sauid=AC068637-2922-45ED-AEAA-388C22D7EB07& SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=849cd9b6000000000000889ffaa87be1 SearchScopes: HKCU - {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=849cd9b6000000000000889ffaa87be1&tlver=1.4.19.19&affID=16553 SearchScopes: HKCU - {30CB5C4D-2BE0-4C68-B0D4-76B9EA618F6E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {390838FE-C57E-4349-ABE9-BE8744F5DC74} URL = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {714174E0-312F-422B-AFC2-D7AC0CC67532} URL = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKCU - {D5521E70-FE65-41E4-85BC-7C9B535CA119} URL = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TimoWerner\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TimoWerner\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\coIEPlg.dll (Symantec Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\coIEPlg.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default FF user.js: detected! => C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\user.js FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com/firefox FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF NetworkProxy: "type", 0 FF NewTab: hxxp://www.google.com/firefox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.10 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TimoWerner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TimoWerner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\TimoWerner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\1und1-suche.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\aol-suche.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\eBay-de.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-1.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-2.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-3.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-4.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-5.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-6.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-7.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.gif FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.src FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\mailcom-search.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\nestoria-deutschland.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Babylon - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\ffxtlbr@babylon.com FF Extension: Complitly - Speed up your search with your personal search suggestions tool - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{43196362-5378-448b-8944-f097fa65e932} FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: DownloadHelper - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: COMPUTERBILD-Abzockschutz - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} FF Extension: toolbar - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\toolbar@gmx.net.xpi FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 12\spmplugin3 FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\ FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\ FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack] - C:\Program Files (x86)\GutscheinFinder\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack.xpi FF Extension: No Name - C:\Program Files (x86)\GutscheinFinder\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack.xpi FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Thunderbird\Extensions: [{d591241b-9967-418c-9b7d-ee128131d60d}] - C:\Program Files (x86)\GMX\GMX MultiMessenger\ThunderbirdSyncProxy FF Extension: Adressbuchanbindung für GMX MultiMessenger - C:\Program Files (x86)\GMX\GMX MultiMessenger\ThunderbirdSyncProxy Chrome: ======= CHR Extension: (Complitly plugin for chrome) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx CHR HKLM-x32\...\Chrome\Extension: [didlmjkkjfegblmkekbhgpefajgikncm] - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\TimoWerner\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\Extensions\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\Exts\Chrome.crx CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [405896 2013-05-03] (Samsung) R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation) S3 AppBoosterService; C:\Program Files (x86)\Common Files\PCSUITE Common\BoostService.exe [1556360 2011-10-05] (MARKEMENT) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-17] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-17] (BlueStack Systems, Inc.) R2 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.) R2 DokanMounter; C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe [14848 2012-02-15] () S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project) S4 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [597504 2011-12-02] () R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] () S2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9503 2012-09-28] () R2 NCO; C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe [129424 2013-08-15] (Symantec Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3897432 2011-09-18] (INCA Internet Co., Ltd.) R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe [570264 2013-09-12] (Symantec Corporation) R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [303368 2013-05-16] (Steganos Software GmbH) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd) R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2011-09-09] (FS) R2 Steganos Anonym VPN Starter Service; C:\Program Files (x86)\Steganos Internet Anonym 2012\VPNService.exe [267928 2011-08-25] (Steganos Software GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software) S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () ==================== Drivers (Whitelisted) ==================== S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2011-07-02] () R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-31] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-31] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-31] () S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [346496 2012-02-08] (AVEO) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-17] (BlueStack Systems) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-17] (BlueStack Systems) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209000.015\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE05000.043\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2011-06-14] (Abelssoft GmbH) R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2011-06-14] (Abelssoft GmbH) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-23] (DT Soft Ltd) R3 Iviaspi; C:\Windows\System32\drivers\Iviaspi.sys [21792 2007-01-11] (InterVideo, Inc.) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-07-23] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-07-23] (RapidSolution Software AG) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-19] (Duplex Secure Ltd.) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-19] (Symantec Corporation) R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209000.015\SymRdrS.SYS [245848 2013-08-17] (Symantec Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software) R1 uigxrdr; C:\Windows\System32\DRIVERS\uigxrdr.sys [199752 2011-11-16] (1&1 Mail & Media GmbH) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) U3 akbl5igu; C:\Windows\System32\Drivers\akbl5igu.sys [0 ] (Microsoft Corporation) S3 clwvd; system32\DRIVERS\clwvd.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-29 15:41 - 2013-09-29 15:41 - 00000000 ____D C:\FRST 2013-09-29 15:37 - 2013-09-29 15:39 - 01953880 _____ (Farbar) C:\Users\TimoWerner\Downloads\FRST64.exe 2013-09-29 15:22 - 2013-09-29 15:22 - 00003228 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4291137014-3446076692-3718497768-1007 2013-09-26 14:00 - 2013-09-26 14:01 - 00586544 _____ C:\Windows\Minidump\092613-158933-01.dmp 2013-09-23 15:55 - 2013-09-23 15:55 - 00000000 ____D C:\Users\Werner1\Desktop\Neuer Ordner 2013-09-23 13:52 - 2013-09-23 13:52 - 00000000 ____D C:\Users\Werner1\AppData\Local\COMPUTERBILD Vorteil-Center 2013-09-23 09:01 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-23 09:01 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-23 09:01 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-23 09:01 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-23 09:01 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-23 09:01 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-23 09:01 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-23 09:01 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-23 09:01 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-23 09:00 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-23 09:00 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-23 09:00 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-23 09:00 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-23 09:00 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-23 09:00 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-23 09:00 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-23 01:05 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-23 01:05 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-23 01:05 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-23 01:05 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-23 01:05 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-23 01:05 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-23 01:05 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-23 01:05 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-23 01:05 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-23 01:05 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-23 01:05 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-23 01:05 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-23 01:05 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-23 01:05 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-23 01:05 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-23 01:05 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-23 01:05 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-23 01:05 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-23 01:04 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-23 01:04 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-23 01:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-23 00:52 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-23 00:52 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-23 00:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-23 00:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-23 00:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-23 00:42 - 2013-09-23 00:43 - 00675424 _____ C:\Windows\Minidump\092313-151476-01.dmp 2013-09-21 19:34 - 2013-09-29 15:21 - 00003352 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4291137014-3446076692-3718497768-1007 2013-09-21 18:50 - 2013-09-21 18:51 - 00534840 _____ C:\Windows\Minidump\092113-151913-01.dmp 2013-09-20 20:29 - 2013-09-20 20:29 - 00000000 ____D C:\Windows\System32\Tasks\Norton Family 2013-09-20 19:31 - 2013-09-20 19:31 - 00006914 _____ C:\Windows\DPINST.LOG 2013-09-20 19:31 - 2013-09-20 19:31 - 00000000 ____D C:\Program Files\DIFX 2013-09-20 19:30 - 2013-09-20 19:30 - 00000000 ____D C:\Users\TimoWerner\Desktop\CDM 2.08.30 WHQL Certified 2013-09-20 19:30 - 2013-07-12 14:36 - 00257384 _____ (FTDI Ltd.) C:\Windows\system32\ftd2xx.dll 2013-09-20 19:30 - 2013-07-12 14:36 - 00219496 _____ (FTDI Ltd.) C:\Windows\SysWOW64\ftd2xx.dll 2013-09-20 19:30 - 2013-07-12 14:36 - 00215400 _____ (FTDI Ltd.) C:\Windows\system32\FTLang.dll 2013-09-20 19:30 - 2013-07-12 14:36 - 00109928 _____ (FTDI Ltd.) C:\Windows\system32\ftbusui.dll 2013-09-20 19:30 - 2013-07-12 14:29 - 00086376 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftser2k.sys 2013-09-20 19:30 - 2013-07-12 14:29 - 00079592 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys 2013-09-20 19:30 - 2013-07-12 14:29 - 00065896 _____ (FTDI Ltd.) C:\Windows\system32\ftcserco.dll 2013-09-20 19:30 - 2013-07-12 14:28 - 00056168 _____ (FTDI Ltd.) C:\Windows\system32\ftserui2.dll 2013-09-20 12:43 - 2013-09-20 12:49 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\vlc 2013-09-20 12:42 - 2013-09-20 12:42 - 00000000 ____D C:\Users\Werner1\.swt 2013-09-19 20:49 - 2013-09-19 20:49 - 00001017 _____ C:\Users\Public\Desktop\WTT.lnk 2013-09-19 20:49 - 2013-09-19 20:49 - 00000000 ____D C:\Program Files (x86)\Webasto Thermo Test 2013-09-19 20:30 - 2013-09-19 20:31 - 03257976 _____ C:\Users\TimoWerner\Downloads\pc_diag_2_14.exe 2013-09-15 19:38 - 2013-09-26 14:06 - 00003410 _____ C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2013-09-09 19:32 - 2013-09-09 19:36 - 67098877 _____ C:\Users\TimoWerner\Downloads\-TNT- - A Minecraft Parody of Taio Cruz's Dynamite - Crafted Using Note Blocks - 10Youtube.com.mp4 2013-09-09 19:27 - 2013-09-09 19:40 - 247133681 _____ C:\Users\TimoWerner\Downloads\Top Minecraft Songs of All Time - Top Twenty HD (ft. FALLEN KINGDOM, CUBE LAND, AND MORE!) - 10Youtube.com.mp4 2013-09-09 19:07 - 2013-09-09 19:07 - 00335068 _____ C:\Users\TimoWerner\Downloads\your-imagesbook.zip 2013-09-04 13:35 - 2013-09-04 13:35 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{5B4C6A49-9319-433A-BDAA-75AE338E649C} 2013-09-04 13:17 - 2013-09-04 16:17 - 00000000 ____D C:\Users\TimoWerner\Dokumente 2013-09-04 13:16 - 2013-09-04 13:16 - 00000000 ____D C:\Users\TimoWerner\Desktop\Dokumente 2013-09-04 11:43 - 2013-09-04 11:43 - 00000000 __SHD C:\found.004 2013-09-02 15:10 - 2013-09-02 15:10 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{0987EEA7-578A-4793-AFF2-C02F737ACD9A} 2013-08-31 12:45 - 2013-08-31 12:45 - 00000000 ____D C:\Users\TimoWerner\Desktop\Neuer Ordner 2013-08-31 11:09 - 2013-08-31 11:16 - 00000000 ___RD C:\Users\TimoWerner\Desktop\Wichtig für Windows und Sicherheit 2013-08-31 11:06 - 2013-08-31 11:12 - 00000000 ____D C:\Users\TimoWerner\Desktop\Anderes 2013-08-31 11:06 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashRpt 2013-08-31 11:05 - 2013-08-31 11:11 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik Kostenlos Audials One 2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\ProgramData\RapidSolution 2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\Program Files (x86)\Audials 2013-08-31 10:28 - 2013-08-31 17:44 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-31 10:28 - 2013-08-31 17:43 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-31 10:27 - 2013-08-31 17:43 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-30 11:42 - 2013-09-29 15:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-30 11:42 - 2013-08-30 11:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-30 11:39 - 2013-08-30 11:40 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{ADE8146A-3E0D-4DEB-9697-969A781D6420} 2013-08-30 11:25 - 2013-09-29 15:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-30 11:25 - 2013-08-31 17:44 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-30 11:25 - 2013-08-31 17:43 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-30 11:25 - 2013-08-31 17:43 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-30 11:25 - 2013-08-30 11:25 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-30 11:25 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-08-30 11:25 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-08-30 11:25 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-08-30 11:25 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-08-30 11:25 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-08-30 11:25 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-08-30 11:23 - 2013-08-30 11:23 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-30 11:23 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-08-30 11:18 - 2013-08-30 11:23 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-30 11:09 - 2013-08-30 11:15 - 117478104 _____ C:\Users\TimoWerner\Downloads\avast_free_antivirus_setup.exe 2013-08-30 11:04 - 2013-08-30 11:04 - 00000000 ____D C:\Program Files\Common Files\Bitdefender 2013-08-30 11:03 - 2013-08-30 11:04 - 00006180 _____ C:\Users\TimoWerner\Documents\cc_20130830_110356.reg 2013-08-30 11:03 - 2013-08-30 11:03 - 00255176 _____ C:\Users\TimoWerner\Documents\Nach Kasperskey deinstallation.reg 2013-08-30 10:38 - 2013-08-30 10:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group ==================== One Month Modified Files and Folders ======= 2013-09-29 15:56 - 2011-09-21 14:19 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-29 15:55 - 2013-08-30 11:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-09-29 15:54 - 2011-04-08 01:41 - 01258392 _____ C:\Windows\WindowsUpdate.log 2013-09-29 15:52 - 2013-02-19 16:38 - 00000376 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-09-29 15:49 - 2012-11-24 13:55 - 00000029 _____ C:\Windows\SysWOW64\TempWmicBatchFile.bat 2013-09-29 15:49 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-29 15:49 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-29 15:42 - 2012-04-20 14:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\Purplizer 2013-09-29 15:41 - 2013-09-29 15:41 - 00000000 ____D C:\FRST 2013-09-29 15:39 - 2013-09-29 15:37 - 01953880 _____ (Farbar) C:\Users\TimoWerner\Downloads\FRST64.exe 2013-09-29 15:38 - 2012-05-21 12:37 - 00000000 ___RD C:\Users\TimoWerner\SkyDrive 2013-09-29 15:32 - 2012-04-20 13:28 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\Overwolf 2013-09-29 15:32 - 2011-11-30 16:12 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\Skype 2013-09-29 15:31 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-09-29 15:30 - 2013-05-10 15:47 - 00000000 ____D C:\Samsung Link 2013-09-29 15:28 - 2013-06-03 16:13 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\LogMeIn Hamachi 2013-09-29 15:22 - 2013-09-29 15:22 - 00003228 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4291137014-3446076692-3718497768-1007 2013-09-29 15:21 - 2013-09-21 19:34 - 00003352 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4291137014-3446076692-3718497768-1007 2013-09-29 15:21 - 2013-08-30 11:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-29 15:21 - 2011-08-18 11:35 - 00000000 ___RD C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-29 15:21 - 2011-08-18 11:35 - 00000000 ___RD C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-29 15:20 - 2011-09-21 14:19 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-29 15:19 - 2011-11-30 17:40 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007UA.job 2013-09-29 15:19 - 2011-11-30 17:40 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007Core.job 2013-09-26 14:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2013-09-26 14:06 - 2013-09-15 19:38 - 00003410 _____ C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2013-09-26 14:02 - 2011-10-30 10:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-09-26 14:01 - 2013-09-26 14:00 - 00586544 _____ C:\Windows\Minidump\092613-158933-01.dmp 2013-09-26 14:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-26 14:00 - 2013-01-07 18:54 - 392457743 _____ C:\Windows\MEMORY.DMP 2013-09-26 14:00 - 2013-01-07 18:54 - 00000000 ____D C:\Windows\Minidump 2013-09-26 14:00 - 2011-08-22 17:43 - 00071753 _____ C:\Windows\setupact.log 2013-09-25 18:53 - 2012-02-29 19:41 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\Adobe 2013-09-25 18:52 - 2012-06-06 13:14 - 00000000 ____D C:\Users\Werner1\AppData\Local\LogMeIn Hamachi 2013-09-24 13:30 - 2012-03-12 10:08 - 00000000 ____D C:\Users\Werner1\AppData\Local\Adobe 2013-09-24 12:36 - 2013-05-02 13:00 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\ZumoDrive 2013-09-24 10:05 - 2012-02-29 19:34 - 00000000 ____D C:\Users\Werner1\AppData\Local\VirtualStore 2013-09-24 10:02 - 2012-02-29 20:18 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\Skype 2013-09-23 16:52 - 2013-05-02 16:07 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7DB815E-96C6-4A57-9C4A-16B827A6DC3C} 2013-09-23 15:55 - 2013-09-23 15:55 - 00000000 ____D C:\Users\Werner1\Desktop\Neuer Ordner 2013-09-23 13:57 - 2013-05-02 13:01 - 00000000 ____D C:\Users\Werner1\AppData\Local\Overwolf 2013-09-23 13:52 - 2013-09-23 13:52 - 00000000 ____D C:\Users\Werner1\AppData\Local\COMPUTERBILD Vorteil-Center 2013-09-23 13:49 - 2012-02-29 19:34 - 00000000 ___RD C:\Users\Werner1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-23 13:49 - 2012-02-29 19:34 - 00000000 ___RD C:\Users\Werner1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-23 09:23 - 2009-07-14 06:45 - 00482952 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-23 09:00 - 2011-10-28 13:06 - 01538058 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-23 09:00 - 2011-10-28 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-23 09:00 - 2010-10-18 04:29 - 00658830 _____ C:\Windows\system32\perfh007.dat 2013-09-23 09:00 - 2010-10-18 04:29 - 00131622 _____ C:\Windows\system32\perfc007.dat 2013-09-23 08:59 - 2013-08-15 14:24 - 00000000 ____D C:\Windows\system32\MRT 2013-09-23 08:52 - 2011-08-02 20:55 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-23 01:05 - 2013-05-02 13:31 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-23 00:43 - 2013-09-23 00:42 - 00675424 _____ C:\Windows\Minidump\092313-151476-01.dmp 2013-09-21 19:57 - 2009-07-14 07:13 - 01510400 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-21 18:51 - 2013-09-21 18:50 - 00534840 _____ C:\Windows\Minidump\092113-151913-01.dmp 2013-09-20 20:32 - 2012-03-02 15:56 - 00000000 ____D C:\Users\Werner1\AppData\Local\CrashDumps 2013-09-20 20:31 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-20 20:29 - 2013-09-20 20:29 - 00000000 ____D C:\Windows\System32\Tasks\Norton Family 2013-09-20 19:31 - 2013-09-20 19:31 - 00006914 _____ C:\Windows\DPINST.LOG 2013-09-20 19:31 - 2013-09-20 19:31 - 00000000 ____D C:\Program Files\DIFX 2013-09-20 19:30 - 2013-09-20 19:30 - 00000000 ____D C:\Users\TimoWerner\Desktop\CDM 2.08.30 WHQL Certified 2013-09-20 14:18 - 2012-08-17 15:11 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\ZumoDrive 2013-09-20 13:48 - 2011-08-18 13:09 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\Mozilla 2013-09-20 13:37 - 2012-04-20 13:30 - 00000000 ____D C:\Program Files (x86)\Overwolf 2013-09-20 12:49 - 2013-09-20 12:43 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\vlc 2013-09-20 12:42 - 2013-09-20 12:42 - 00000000 ____D C:\Users\Werner1\.swt 2013-09-20 12:42 - 2012-02-29 19:34 - 00000000 ____D C:\Users\Werner1 2013-09-20 12:39 - 2012-02-29 19:38 - 00133760 _____ C:\Users\Werner1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-20 12:35 - 2013-01-02 15:36 - 00000000 ____D C:\Windows\system32\Drivers\NSMx64 2013-09-20 12:31 - 2011-08-26 17:09 - 00611666 _____ C:\Windows\PFRO.log 2013-09-19 20:49 - 2013-09-19 20:49 - 00001017 _____ C:\Users\Public\Desktop\WTT.lnk 2013-09-19 20:49 - 2013-09-19 20:49 - 00000000 ____D C:\Program Files (x86)\Webasto Thermo Test 2013-09-19 20:31 - 2013-09-19 20:30 - 03257976 _____ C:\Users\TimoWerner\Downloads\pc_diag_2_14.exe 2013-09-19 20:23 - 2013-01-02 15:37 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2013-09-19 20:23 - 2013-01-02 15:37 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2013-09-10 15:12 - 2011-08-19 17:00 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashDumps 2013-09-10 15:11 - 2013-03-31 11:08 - 00000000 ____D C:\Users\TimoWerner\Documents\WebCam Capture Media 2013-09-09 19:40 - 2013-09-09 19:27 - 247133681 _____ C:\Users\TimoWerner\Downloads\Top Minecraft Songs of All Time - Top Twenty HD (ft. FALLEN KINGDOM, CUBE LAND, AND MORE!) - 10Youtube.com.mp4 2013-09-09 19:36 - 2013-09-09 19:32 - 67098877 _____ C:\Users\TimoWerner\Downloads\-TNT- - A Minecraft Parody of Taio Cruz's Dynamite - Crafted Using Note Blocks - 10Youtube.com.mp4 2013-09-09 19:22 - 2011-08-18 11:57 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{631F1FCF-A0A7-4D04-BDAF-42267D0DD50D} 2013-09-09 19:07 - 2013-09-09 19:07 - 00335068 _____ C:\Users\TimoWerner\Downloads\your-imagesbook.zip 2013-09-08 19:03 - 2012-05-10 18:50 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\.minecraft 2013-09-04 16:17 - 2013-09-04 13:17 - 00000000 ____D C:\Users\TimoWerner\Dokumente 2013-09-04 13:35 - 2013-09-04 13:35 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{5B4C6A49-9319-433A-BDAA-75AE338E649C} 2013-09-04 13:27 - 2013-04-21 13:46 - 00021504 ___SH C:\Users\TimoWerner\Thumbs.db 2013-09-04 13:17 - 2011-08-18 11:35 - 00000000 ____D C:\Users\TimoWerner 2013-09-04 13:16 - 2013-09-04 13:16 - 00000000 ____D C:\Users\TimoWerner\Desktop\Dokumente 2013-09-04 13:04 - 2011-10-28 13:07 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\SoftGrid Client 2013-09-04 11:43 - 2013-09-04 11:43 - 00000000 __SHD C:\found.004 2013-09-02 15:10 - 2013-09-02 15:10 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{0987EEA7-578A-4793-AFF2-C02F737ACD9A} 2013-08-31 18:14 - 2013-08-12 13:39 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik 2013-08-31 17:44 - 2013-08-31 10:28 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-31 17:44 - 2013-08-30 11:25 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-31 17:43 - 2013-08-31 10:28 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-31 17:43 - 2013-08-31 10:27 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-31 17:43 - 2013-08-30 11:25 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-31 17:43 - 2013-08-30 11:25 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-31 12:45 - 2013-08-31 12:45 - 00000000 ____D C:\Users\TimoWerner\Desktop\Neuer Ordner 2013-08-31 11:16 - 2013-08-31 11:09 - 00000000 ___RD C:\Users\TimoWerner\Desktop\Wichtig für Windows und Sicherheit 2013-08-31 11:12 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\Desktop\Anderes 2013-08-31 11:11 - 2013-08-31 11:05 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik Kostenlos Audials One 2013-08-31 11:06 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashRpt 2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\ProgramData\RapidSolution 2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\Program Files (x86)\Audials 2013-08-30 11:58 - 2013-08-30 11:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-30 11:58 - 2012-04-11 18:02 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-30 11:58 - 2011-07-30 19:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-30 11:40 - 2013-08-30 11:39 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{ADE8146A-3E0D-4DEB-9697-969A781D6420} 2013-08-30 11:25 - 2013-08-30 11:25 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-30 11:23 - 2013-08-30 11:23 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-30 11:23 - 2013-08-30 11:18 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-30 11:15 - 2013-08-30 11:09 - 117478104 _____ C:\Users\TimoWerner\Downloads\avast_free_antivirus_setup.exe 2013-08-30 11:04 - 2013-08-30 11:04 - 00000000 ____D C:\Program Files\Common Files\Bitdefender 2013-08-30 11:04 - 2013-08-30 11:03 - 00006180 _____ C:\Users\TimoWerner\Documents\cc_20130830_110356.reg 2013-08-30 11:03 - 2013-08-30 11:03 - 00255176 _____ C:\Users\TimoWerner\Documents\Nach Kasperskey deinstallation.reg 2013-08-30 11:01 - 2012-06-19 15:57 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\FileZilla 2013-08-30 10:52 - 2009-09-07 03:03 - 00000000 ____D C:\Users\Administrator 2013-08-30 10:38 - 2013-08-30 10:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2013-08-30 10:19 - 2012-05-18 13:36 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\QuickScan Some content of TEMP: ==================== C:\Users\TimoWerner\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe C:\Users\TimoWerner\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\TimoWerner\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\TimoWerner\AppData\Local\Temp\swt-win32-3448.dll C:\Users\v\AppData\Local\Temp\mPlayer.df.dll C:\Users\Werner\AppData\Local\Temp\contentDATs.exe C:\Users\Werner\AppData\Local\Temp\drm_dyndata_7400008.dll C:\Users\Werner\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Werner\AppData\Local\Temp\gmx_mediacenter_uploadmanager.exe C:\Users\Werner\AppData\Local\Temp\mPlayer.df.dll C:\Users\Werner\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Werner\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\Werner\AppData\Local\Temp\swt-win32-3448.dll C:\Users\Werner1\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Werner1\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\Werner1\AppData\Local\Temp\swt-win32-3448.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2012-06-15 18:41 ==================== End Of Log ============================ |
29.09.2013, 15:12 | #8 |
| Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] hier die erste FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by TimoWerner (administrator) on WERNER-HP on 29-09-2013 15:55:11 Running from C:\Users\TimoWerner\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe (Apache Software Foundation) c:\xampp\apache\bin\httpd.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe () C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () c:\xampp\mysql\bin\mysqld.exe (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Internet Anonym 2012\VPNService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe () C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\SymErr.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\WerFault.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Samsung Electronics) C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (1&1 Mail & Media GmbH) C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (Akamai Technologies, Inc.) C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Akamai Technologies, Inc.) C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Overwolf) C:\Program Files (x86)\Overwolf\Overwolf.exe () C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe (Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Zecter Inc.) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe (Microsoft Corporation) C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (J3S GmbH) C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe (Honest Technology) C:\Program Files (x86)\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe (Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Cleverlearn, Inc.) C:\Program Files (x86)\Clicktionary\Cleverlearn Clicktionary.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Google Inc.) C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe (AVEO) C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\tampmon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD9.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe () C:\Program Files (x86)\Overwolf\Purplizer\Purplizer.exe (Microsoft) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe (CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\PowerDVDCox.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Overwolf) C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup (Microsoft Corporation) C:\Windows\system32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company) HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe [407384 2013-05-09] (Samsung Electronics) HKLM-x32\...\RunOnce: [*TampMon] - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\tampmon.exe [61264 2013-09-12] (Symantec Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKCU\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKCU\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKCU\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKCU\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKCU\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKCU\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKCU\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKCU\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKCU\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKCU\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKCU\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKCU\...\Run: [E365A742319C80E04F1A1C073157E1275BD24649._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.) HKCU\...\Run: [SOS_Agent] - C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe [4493536 2013-05-16] (Steganos Software GmbH) HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov) HKCU\...\Run: [Real Desktop] - C:\Program Files (x86)\Real Desktop\rdesc.exe [4743168 2013-08-27] (Schillergames) HKCU\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.) HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" HKCU\...\Runonce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKCU\...\Policies\system: [DisableLockWorkstation] 1 HKCU\...\Policies\system: [DisableChangePassword] 0 MountPoints2: {682df1de-d0cf-11e0-b14e-2c27d7ca8df3} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta MountPoints2: {682df1fa-d0cf-11e0-b14e-2c27d7ca8df3} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.) HKLM-x32\...\Run: [MyPublicWiFi] - C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe [2002432 2011-12-02] () HKLM-x32\...\Run: [AveoSTI.exe] - C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Plugin Install] - C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2012-10-09] () HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-09] (RealNetworks, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [581496 2012-10-17] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bdruninstaller] - C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [747096 2013-05-15] (Bitdefender) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKU\BitBox\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Default\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Default User\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\Gast\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Gast\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\Gast\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\Gast\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\Gast\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\Gast\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\Gast\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\Gast\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Gast\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\Gast\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\Gast\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\Gast\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\Gast\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\Gast\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\Gast\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\Gast\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\Gast\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\Gast\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\Gast\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\Gast\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\Gast\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\Gast\...\Policies\system: [LogonHoursAction] 2 HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Gast\...\Policies\system: [DisableLockWorkstation] 0 HKU\Gast\...\Policies\system: [DisableChangePassword] 0 HKU\peer\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\peer\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\peer\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\peer\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\peer\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\peer\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\peer\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\peer\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\peer\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\peer\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\peer\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\peer\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\peer\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\peer\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\peer\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\peer\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\peer\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\peer\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\peer\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\peer\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\peer\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\peer\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\peer\...\Policies\system: [LogonHoursAction] 2 HKU\peer\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\peer\...\Policies\system: [DisableLockWorkstation] 0 HKU\peer\...\Policies\system: [DisableChangePassword] 0 HKU\php 1255\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\php 1255\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\php 1255\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\php 1255\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\php 1255\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\php 1255\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\php 1255\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\php 1255\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\php 1255\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\php 1255\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\php 1255\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\php 1255\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\php 1255\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\php 1255\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\php 1255\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\php 1255\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\php 1255\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\php 1255\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\php 1255\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\php 1255\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\php 1255\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\php 1255\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\php 1255\...\Policies\system: [LogonHoursAction] 2 HKU\php 1255\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\php 1255\...\Policies\system: [DisableLockWorkstation] 0 HKU\php 1255\...\Policies\system: [DisableChangePassword] 0 HKU\v\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\v\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\v\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\v\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\v\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\v\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\v\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\v\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\v\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\v\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\v\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\v\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\v\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\v\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\v\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\v\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\v\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\v\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\v\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\v\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\v\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\v\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\v\...\Policies\system: [LogonHoursAction] 2 HKU\v\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\v\...\Policies\system: [DisableLockWorkstation] 0 HKU\v\...\Policies\system: [DisableChangePassword] 0 HKU\Werner\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\Werner\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\Werner\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\Werner\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\Werner\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Werner\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\Werner\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\Werner\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\Werner\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\Werner\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Werner\...\Run: [Google Update] - C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.) HKU\Werner\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\Werner\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\Werner\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\Werner\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\Werner\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\Werner\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\Werner\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\Werner\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\Werner\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\Werner\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\Werner\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\Werner\...\Policies\system: [DisableLockWorkstation] 0 HKU\Werner\...\Policies\system: [DisableChangePassword] 0 HKU\Werner\...\Policies\system: [LogonHoursAction] 2 HKU\Werner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Werner1\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\Werner1\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) HKU\Werner1\...\Run: [VoipCheapCom] - C:\Program Files (x86)\VoipCheapCom\voipcheapcom.exe [14054712 2012-02-06] (VoipCheapCom) HKU\Werner1\...\Run: [GMX_GMX MultiMessenger] - C:\Program Files (x86)\GMX\GMX MultiMessenger\MESSENGR.EXE [5031336 2009-10-16] (GMX GmbH) HKU\Werner1\...\Run: [GMX_GMX Upload-Manager] - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE [960608 2011-11-16] (1&1 Mail & Media GmbH) HKU\Werner1\...\Run: [Akamai NetSession Interface] - C:\Users\TimoWerner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\Werner1\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKU\Werner1\...\Run: [AshSnap] - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3249032 2011-12-12] (ashampoo GmbH & Co. KG) HKU\Werner1\...\Run: [Steganos VPN Local Proxy] - C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\polipo.exe [632272 2011-04-18] () HKU\Werner1\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Werner1\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-04-08] () HKU\Werner1\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2012-09-17] (coolspot AG, Düsseldorf) HKU\Werner1\...\Run: [SkyDrive] - C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKU\Werner1\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\Werner1\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11184480 2013-01-24] (SugarSync, Inc.) HKU\Werner1\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\Werner1\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\Werner1\...\Run: [GoogleChromeAutoLaunch_D2F7DF8E6B143CD661F0CD4F13848684] - "C:\Users\TimoWerner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\Werner1\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\Werner1\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) HKU\Werner1\...\Run: [COMPUTERBILD Vorteil-Center] - C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe [1858096 2013-02-12] (J3S GmbH) HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\Werner1\...\RunOnce: [Uninstall C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TimoWerner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\Werner1\...\Policies\system: [LogonHoursAction] 2 HKU\Werner1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Werner1\...\Policies\system: [DisableLockWorkstation] 0 HKU\Werner1\...\Policies\system: [DisableChangePassword] 0 HKU\xx\...\Run: [Duden Korrektor SysTray] - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [336560 2010-10-04] (Expert System S.p.A.) IMEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IMEO\gameconsole-wt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IMEO\tvdtray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\TimoWerner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GMX Clicktionary 2.8.lnk ShortcutTarget: GMX Clicktionary 2.8.lnk -> C:\Program Files (x86)\Clicktionary\Cleverlearn Clicktionary.exe (Cleverlearn, Inc.) Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk ShortcutTarget: Real Desktop.lnk -> C:\Program Files (x86)\Real Desktop\rdesc.exe (Schillergames) Startup: C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: localhost:8123 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks SearchScopes: HKLM-x32 - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks SearchScopes: HKCU - {0C5A5BF2-683B-4BE6-850E-BB90306D67F0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=5B8CF2D0-C82E-4536-9736-C7F700656C0F&apn_sauid=AC068637-2922-45ED-AEAA-388C22D7EB07& SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=849cd9b6000000000000889ffaa87be1 SearchScopes: HKCU - {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=849cd9b6000000000000889ffaa87be1&tlver=1.4.19.19&affID=16553 SearchScopes: HKCU - {30CB5C4D-2BE0-4C68-B0D4-76B9EA618F6E} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {390838FE-C57E-4349-ABE9-BE8744F5DC74} URL = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {714174E0-312F-422B-AFC2-D7AC0CC67532} URL = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKCU - {D5521E70-FE65-41E4-85BC-7C9B535CA119} URL = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TimoWerner\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TimoWerner\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\coIEPlg.dll (Symantec Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\coIEPlg.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default FF user.js: detected! => C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\user.js FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com/firefox FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF NetworkProxy: "type", 0 FF NewTab: hxxp://www.google.com/firefox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.10 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\TimoWerner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TimoWerner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TimoWerner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\TimoWerner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\1und1-suche.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\aol-suche.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\eBay-de.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-1.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-2.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-3.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-4.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-5.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-6.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin-7.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.gif FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.src FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\mailcom-search.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\nestoria-deutschland.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Babylon - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\ffxtlbr@babylon.com FF Extension: Complitly - Speed up your search with your personal search suggestions tool - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{43196362-5378-448b-8944-f097fa65e932} FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: DownloadHelper - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: COMPUTERBILD-Abzockschutz - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} FF Extension: toolbar - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\toolbar@gmx.net.xpi FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi FF Extension: No Name - C:\Users\TimoWerner\AppData\Roaming\Mozilla\Firefox\Profiles\1c4fsa31.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 12\spmplugin3 FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\ FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw\ FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack] - C:\Program Files (x86)\GutscheinFinder\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack.xpi FF Extension: No Name - C:\Program Files (x86)\GutscheinFinder\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack.xpi FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Thunderbird\Extensions: [{d591241b-9967-418c-9b7d-ee128131d60d}] - C:\Program Files (x86)\GMX\GMX MultiMessenger\ThunderbirdSyncProxy FF Extension: Adressbuchanbindung*für*GMX*MultiMessenger - C:\Program Files (x86)\GMX\GMX MultiMessenger\ThunderbirdSyncProxy Chrome: ======= CHR Extension: (Complitly plugin for chrome) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\TIMOWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx CHR HKLM-x32\...\Chrome\Extension: [didlmjkkjfegblmkekbhgpefajgikncm] - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\TimoWerner\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\Extensions\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\Exts\Chrome.crx CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [405896 2013-05-03] (Samsung) R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation) S3 AppBoosterService; C:\Program Files (x86)\Common Files\PCSUITE Common\BoostService.exe [1556360 2011-10-05] (MARKEMENT) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-17] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-17] (BlueStack Systems, Inc.) R2 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.) R2 DokanMounter; C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe [14848 2012-02-15] () S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project) S4 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [597504 2011-12-02] () R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] () S2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9503 2012-09-28] () R2 NCO; C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\NST.exe [129424 2013-08-15] (Symantec Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3897432 2011-09-18] (INCA Internet Co., Ltd.) R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\NF.exe [570264 2013-09-12] (Symantec Corporation) R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [303368 2013-05-16] (Steganos Software GmbH) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd) R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2011-09-09] (FS) R2 Steganos Anonym VPN Starter Service; C:\Program Files (x86)\Steganos Internet Anonym 2012\VPNService.exe [267928 2011-08-25] (Steganos Software GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software) S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () ==================== Drivers (Whitelisted) ==================== S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2011-07-02] () R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-31] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-31] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-31] () S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [346496 2012-02-08] (AVEO) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-17] (BlueStack Systems) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-17] (BlueStack Systems) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0209000.015\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE05000.043\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2011-06-14] (Abelssoft GmbH) R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2011-06-14] (Abelssoft GmbH) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-23] (DT Soft Ltd) R3 Iviaspi; C:\Windows\System32\drivers\Iviaspi.sys [21792 2007-01-11] (InterVideo, Inc.) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-07-23] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-07-23] (RapidSolution Software AG) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-19] (Duplex Secure Ltd.) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-19] (Symantec Corporation) R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0209000.015\SymRdrS.SYS [245848 2013-08-17] (Symantec Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software) R1 uigxrdr; C:\Windows\System32\DRIVERS\uigxrdr.sys [199752 2011-11-16] (1&1 Mail & Media GmbH) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) U3 akbl5igu; C:\Windows\System32\Drivers\akbl5igu.sys [0 ] (Microsoft Corporation) S3 clwvd; system32\DRIVERS\clwvd.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-29 15:41 - 2013-09-29 15:41 - 00000000 ____D C:\FRST 2013-09-29 15:37 - 2013-09-29 15:39 - 01953880 _____ (Farbar) C:\Users\TimoWerner\Downloads\FRST64.exe 2013-09-29 15:22 - 2013-09-29 15:22 - 00003228 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4291137014-3446076692-3718497768-1007 2013-09-26 14:00 - 2013-09-26 14:01 - 00586544 _____ C:\Windows\Minidump\092613-158933-01.dmp 2013-09-23 15:55 - 2013-09-23 15:55 - 00000000 ____D C:\Users\Werner1\Desktop\Neuer Ordner 2013-09-23 13:52 - 2013-09-23 13:52 - 00000000 ____D C:\Users\Werner1\AppData\Local\COMPUTERBILD Vorteil-Center 2013-09-23 09:01 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-23 09:01 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-23 09:01 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-23 09:01 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-23 09:01 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-23 09:01 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-23 09:01 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-23 09:01 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-23 09:01 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-23 09:01 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-23 09:01 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-23 09:00 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-23 09:00 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-23 09:00 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-23 09:00 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-23 09:00 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-23 09:00 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-23 09:00 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-23 01:05 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-23 01:05 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-23 01:05 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-23 01:05 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-23 01:05 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-23 01:05 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-23 01:05 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-23 01:05 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-23 01:05 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-23 01:05 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-23 01:05 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-23 01:05 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-23 01:05 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-23 01:05 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-23 01:05 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-23 01:05 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-23 01:05 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-23 01:05 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-23 01:05 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-23 01:04 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-23 01:04 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-23 01:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-23 01:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-23 00:52 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-23 00:52 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-23 00:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-23 00:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-23 00:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-23 00:42 - 2013-09-23 00:43 - 00675424 _____ C:\Windows\Minidump\092313-151476-01.dmp 2013-09-21 19:34 - 2013-09-29 15:21 - 00003352 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4291137014-3446076692-3718497768-1007 2013-09-21 18:50 - 2013-09-21 18:51 - 00534840 _____ C:\Windows\Minidump\092113-151913-01.dmp 2013-09-20 20:29 - 2013-09-20 20:29 - 00000000 ____D C:\Windows\System32\Tasks\Norton Family 2013-09-20 19:31 - 2013-09-20 19:31 - 00006914 _____ C:\Windows\DPINST.LOG 2013-09-20 19:31 - 2013-09-20 19:31 - 00000000 ____D C:\Program Files\DIFX 2013-09-20 19:30 - 2013-09-20 19:30 - 00000000 ____D C:\Users\TimoWerner\Desktop\CDM 2.08.30 WHQL Certified 2013-09-20 19:30 - 2013-07-12 14:36 - 00257384 _____ (FTDI Ltd.) C:\Windows\system32\ftd2xx.dll 2013-09-20 19:30 - 2013-07-12 14:36 - 00219496 _____ (FTDI Ltd.) C:\Windows\SysWOW64\ftd2xx.dll 2013-09-20 19:30 - 2013-07-12 14:36 - 00215400 _____ (FTDI Ltd.) C:\Windows\system32\FTLang.dll 2013-09-20 19:30 - 2013-07-12 14:36 - 00109928 _____ (FTDI Ltd.) C:\Windows\system32\ftbusui.dll 2013-09-20 19:30 - 2013-07-12 14:29 - 00086376 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftser2k.sys 2013-09-20 19:30 - 2013-07-12 14:29 - 00079592 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys 2013-09-20 19:30 - 2013-07-12 14:29 - 00065896 _____ (FTDI Ltd.) C:\Windows\system32\ftcserco.dll 2013-09-20 19:30 - 2013-07-12 14:28 - 00056168 _____ (FTDI Ltd.) C:\Windows\system32\ftserui2.dll 2013-09-20 12:43 - 2013-09-20 12:49 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\vlc 2013-09-20 12:42 - 2013-09-20 12:42 - 00000000 ____D C:\Users\Werner1\.swt 2013-09-19 20:49 - 2013-09-19 20:49 - 00001017 _____ C:\Users\Public\Desktop\WTT.lnk 2013-09-19 20:49 - 2013-09-19 20:49 - 00000000 ____D C:\Program Files (x86)\Webasto Thermo Test 2013-09-19 20:30 - 2013-09-19 20:31 - 03257976 _____ C:\Users\TimoWerner\Downloads\pc_diag_2_14.exe 2013-09-15 19:38 - 2013-09-26 14:06 - 00003410 _____ C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2013-09-09 19:32 - 2013-09-09 19:36 - 67098877 _____ C:\Users\TimoWerner\Downloads\-TNT- - A Minecraft Parody of Taio Cruz's Dynamite - Crafted Using Note Blocks - 10Youtube.com.mp4 2013-09-09 19:27 - 2013-09-09 19:40 - 247133681 _____ C:\Users\TimoWerner\Downloads\Top Minecraft Songs of All Time - Top Twenty HD (ft. FALLEN KINGDOM, CUBE LAND, AND MORE!) - 10Youtube.com.mp4 2013-09-09 19:07 - 2013-09-09 19:07 - 00335068 _____ C:\Users\TimoWerner\Downloads\your-imagesbook.zip 2013-09-04 13:35 - 2013-09-04 13:35 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{5B4C6A49-9319-433A-BDAA-75AE338E649C} 2013-09-04 13:17 - 2013-09-04 16:17 - 00000000 ____D C:\Users\TimoWerner\Dokumente 2013-09-04 13:16 - 2013-09-04 13:16 - 00000000 ____D C:\Users\TimoWerner\Desktop\Dokumente 2013-09-04 11:43 - 2013-09-04 11:43 - 00000000 __SHD C:\found.004 2013-09-02 15:10 - 2013-09-02 15:10 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{0987EEA7-578A-4793-AFF2-C02F737ACD9A} 2013-08-31 12:45 - 2013-08-31 12:45 - 00000000 ____D C:\Users\TimoWerner\Desktop\Neuer Ordner 2013-08-31 11:09 - 2013-08-31 11:16 - 00000000 ___RD C:\Users\TimoWerner\Desktop\Wichtig für Windows und Sicherheit 2013-08-31 11:06 - 2013-08-31 11:12 - 00000000 ____D C:\Users\TimoWerner\Desktop\Anderes 2013-08-31 11:06 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashRpt 2013-08-31 11:05 - 2013-08-31 11:11 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik Kostenlos Audials One 2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\ProgramData\RapidSolution 2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\Program Files (x86)\Audials 2013-08-31 10:28 - 2013-08-31 17:44 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-31 10:28 - 2013-08-31 17:43 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-31 10:27 - 2013-08-31 17:43 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-30 11:42 - 2013-09-29 15:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-30 11:42 - 2013-08-30 11:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-30 11:39 - 2013-08-30 11:40 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{ADE8146A-3E0D-4DEB-9697-969A781D6420} 2013-08-30 11:25 - 2013-09-29 15:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-30 11:25 - 2013-08-31 17:44 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-30 11:25 - 2013-08-31 17:43 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-30 11:25 - 2013-08-31 17:43 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-30 11:25 - 2013-08-30 11:25 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-30 11:25 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-08-30 11:25 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-08-30 11:25 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-08-30 11:25 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-08-30 11:25 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-08-30 11:25 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-08-30 11:23 - 2013-08-30 11:23 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-30 11:23 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-08-30 11:18 - 2013-08-30 11:23 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-30 11:09 - 2013-08-30 11:15 - 117478104 _____ C:\Users\TimoWerner\Downloads\avast_free_antivirus_setup.exe 2013-08-30 11:04 - 2013-08-30 11:04 - 00000000 ____D C:\Program Files\Common Files\Bitdefender 2013-08-30 11:03 - 2013-08-30 11:04 - 00006180 _____ C:\Users\TimoWerner\Documents\cc_20130830_110356.reg 2013-08-30 11:03 - 2013-08-30 11:03 - 00255176 _____ C:\Users\TimoWerner\Documents\Nach Kasperskey deinstallation.reg 2013-08-30 10:38 - 2013-08-30 10:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group ==================== One Month Modified Files and Folders ======= 2013-09-29 15:56 - 2011-09-21 14:19 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-29 15:55 - 2013-08-30 11:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-09-29 15:54 - 2011-04-08 01:41 - 01258392 _____ C:\Windows\WindowsUpdate.log 2013-09-29 15:52 - 2013-02-19 16:38 - 00000376 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-09-29 15:49 - 2012-11-24 13:55 - 00000029 _____ C:\Windows\SysWOW64\TempWmicBatchFile.bat 2013-09-29 15:49 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-29 15:49 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-29 15:42 - 2012-04-20 14:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\Purplizer 2013-09-29 15:41 - 2013-09-29 15:41 - 00000000 ____D C:\FRST 2013-09-29 15:39 - 2013-09-29 15:37 - 01953880 _____ (Farbar) C:\Users\TimoWerner\Downloads\FRST64.exe 2013-09-29 15:38 - 2012-05-21 12:37 - 00000000 ___RD C:\Users\TimoWerner\SkyDrive 2013-09-29 15:32 - 2012-04-20 13:28 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\Overwolf 2013-09-29 15:32 - 2011-11-30 16:12 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\Skype 2013-09-29 15:31 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-09-29 15:30 - 2013-05-10 15:47 - 00000000 ____D C:\Samsung Link 2013-09-29 15:28 - 2013-06-03 16:13 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\LogMeIn Hamachi 2013-09-29 15:22 - 2013-09-29 15:22 - 00003228 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4291137014-3446076692-3718497768-1007 2013-09-29 15:21 - 2013-09-21 19:34 - 00003352 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4291137014-3446076692-3718497768-1007 2013-09-29 15:21 - 2013-08-30 11:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-29 15:21 - 2011-08-18 11:35 - 00000000 ___RD C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-29 15:21 - 2011-08-18 11:35 - 00000000 ___RD C:\Users\TimoWerner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-29 15:20 - 2011-09-21 14:19 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-29 15:19 - 2011-11-30 17:40 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007UA.job 2013-09-29 15:19 - 2011-11-30 17:40 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007Core.job 2013-09-26 14:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2013-09-26 14:06 - 2013-09-15 19:38 - 00003410 _____ C:\Windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2013-09-26 14:02 - 2011-10-30 10:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-09-26 14:01 - 2013-09-26 14:00 - 00586544 _____ C:\Windows\Minidump\092613-158933-01.dmp 2013-09-26 14:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-26 14:00 - 2013-01-07 18:54 - 392457743 _____ C:\Windows\MEMORY.DMP 2013-09-26 14:00 - 2013-01-07 18:54 - 00000000 ____D C:\Windows\Minidump 2013-09-26 14:00 - 2011-08-22 17:43 - 00071753 _____ C:\Windows\setupact.log 2013-09-25 18:53 - 2012-02-29 19:41 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\Adobe 2013-09-25 18:52 - 2012-06-06 13:14 - 00000000 ____D C:\Users\Werner1\AppData\Local\LogMeIn Hamachi 2013-09-24 13:30 - 2012-03-12 10:08 - 00000000 ____D C:\Users\Werner1\AppData\Local\Adobe 2013-09-24 12:36 - 2013-05-02 13:00 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\ZumoDrive 2013-09-24 10:05 - 2012-02-29 19:34 - 00000000 ____D C:\Users\Werner1\AppData\Local\VirtualStore 2013-09-24 10:02 - 2012-02-29 20:18 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\Skype 2013-09-23 16:52 - 2013-05-02 16:07 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7DB815E-96C6-4A57-9C4A-16B827A6DC3C} 2013-09-23 15:55 - 2013-09-23 15:55 - 00000000 ____D C:\Users\Werner1\Desktop\Neuer Ordner 2013-09-23 13:57 - 2013-05-02 13:01 - 00000000 ____D C:\Users\Werner1\AppData\Local\Overwolf 2013-09-23 13:52 - 2013-09-23 13:52 - 00000000 ____D C:\Users\Werner1\AppData\Local\COMPUTERBILD Vorteil-Center 2013-09-23 13:49 - 2012-02-29 19:34 - 00000000 ___RD C:\Users\Werner1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-23 13:49 - 2012-02-29 19:34 - 00000000 ___RD C:\Users\Werner1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-23 09:23 - 2009-07-14 06:45 - 00482952 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-23 09:00 - 2011-10-28 13:06 - 01538058 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-23 09:00 - 2011-10-28 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-23 09:00 - 2010-10-18 04:29 - 00658830 _____ C:\Windows\system32\perfh007.dat 2013-09-23 09:00 - 2010-10-18 04:29 - 00131622 _____ C:\Windows\system32\perfc007.dat 2013-09-23 08:59 - 2013-08-15 14:24 - 00000000 ____D C:\Windows\system32\MRT 2013-09-23 08:52 - 2011-08-02 20:55 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-23 01:05 - 2013-05-02 13:31 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-23 00:43 - 2013-09-23 00:42 - 00675424 _____ C:\Windows\Minidump\092313-151476-01.dmp 2013-09-21 19:57 - 2009-07-14 07:13 - 01510400 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-21 18:51 - 2013-09-21 18:50 - 00534840 _____ C:\Windows\Minidump\092113-151913-01.dmp 2013-09-20 20:32 - 2012-03-02 15:56 - 00000000 ____D C:\Users\Werner1\AppData\Local\CrashDumps 2013-09-20 20:31 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-20 20:29 - 2013-09-20 20:29 - 00000000 ____D C:\Windows\System32\Tasks\Norton Family 2013-09-20 19:31 - 2013-09-20 19:31 - 00006914 _____ C:\Windows\DPINST.LOG 2013-09-20 19:31 - 2013-09-20 19:31 - 00000000 ____D C:\Program Files\DIFX 2013-09-20 19:30 - 2013-09-20 19:30 - 00000000 ____D C:\Users\TimoWerner\Desktop\CDM 2.08.30 WHQL Certified 2013-09-20 14:18 - 2012-08-17 15:11 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\ZumoDrive 2013-09-20 13:48 - 2011-08-18 13:09 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\Mozilla 2013-09-20 13:37 - 2012-04-20 13:30 - 00000000 ____D C:\Program Files (x86)\Overwolf 2013-09-20 12:49 - 2013-09-20 12:43 - 00000000 ____D C:\Users\Werner1\AppData\Roaming\vlc 2013-09-20 12:42 - 2013-09-20 12:42 - 00000000 ____D C:\Users\Werner1\.swt 2013-09-20 12:42 - 2012-02-29 19:34 - 00000000 ____D C:\Users\Werner1 2013-09-20 12:39 - 2012-02-29 19:38 - 00133760 _____ C:\Users\Werner1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-20 12:35 - 2013-01-02 15:36 - 00000000 ____D C:\Windows\system32\Drivers\NSMx64 2013-09-20 12:31 - 2011-08-26 17:09 - 00611666 _____ C:\Windows\PFRO.log 2013-09-19 20:49 - 2013-09-19 20:49 - 00001017 _____ C:\Users\Public\Desktop\WTT.lnk 2013-09-19 20:49 - 2013-09-19 20:49 - 00000000 ____D C:\Program Files (x86)\Webasto Thermo Test 2013-09-19 20:31 - 2013-09-19 20:30 - 03257976 _____ C:\Users\TimoWerner\Downloads\pc_diag_2_14.exe 2013-09-19 20:23 - 2013-01-02 15:37 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2013-09-19 20:23 - 2013-01-02 15:37 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2013-09-10 15:12 - 2011-08-19 17:00 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashDumps 2013-09-10 15:11 - 2013-03-31 11:08 - 00000000 ____D C:\Users\TimoWerner\Documents\WebCam Capture Media 2013-09-09 19:40 - 2013-09-09 19:27 - 247133681 _____ C:\Users\TimoWerner\Downloads\Top Minecraft Songs of All Time - Top Twenty HD (ft. FALLEN KINGDOM, CUBE LAND, AND MORE!) - 10Youtube.com.mp4 2013-09-09 19:36 - 2013-09-09 19:32 - 67098877 _____ C:\Users\TimoWerner\Downloads\-TNT- - A Minecraft Parody of Taio Cruz's Dynamite - Crafted Using Note Blocks - 10Youtube.com.mp4 2013-09-09 19:22 - 2011-08-18 11:57 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{631F1FCF-A0A7-4D04-BDAF-42267D0DD50D} 2013-09-09 19:07 - 2013-09-09 19:07 - 00335068 _____ C:\Users\TimoWerner\Downloads\your-imagesbook.zip 2013-09-08 19:03 - 2012-05-10 18:50 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\.minecraft 2013-09-04 16:17 - 2013-09-04 13:17 - 00000000 ____D C:\Users\TimoWerner\Dokumente 2013-09-04 13:35 - 2013-09-04 13:35 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{5B4C6A49-9319-433A-BDAA-75AE338E649C} 2013-09-04 13:27 - 2013-04-21 13:46 - 00021504 ___SH C:\Users\TimoWerner\Thumbs.db 2013-09-04 13:17 - 2011-08-18 11:35 - 00000000 ____D C:\Users\TimoWerner 2013-09-04 13:16 - 2013-09-04 13:16 - 00000000 ____D C:\Users\TimoWerner\Desktop\Dokumente 2013-09-04 13:04 - 2011-10-28 13:07 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\SoftGrid Client 2013-09-04 11:43 - 2013-09-04 11:43 - 00000000 __SHD C:\found.004 2013-09-02 15:10 - 2013-09-02 15:10 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{0987EEA7-578A-4793-AFF2-C02F737ACD9A} 2013-08-31 18:14 - 2013-08-12 13:39 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik 2013-08-31 17:44 - 2013-08-31 10:28 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-31 17:44 - 2013-08-30 11:25 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-31 17:43 - 2013-08-31 10:28 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-31 17:43 - 2013-08-31 10:27 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-31 17:43 - 2013-08-30 11:25 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-31 17:43 - 2013-08-30 11:25 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-31 12:45 - 2013-08-31 12:45 - 00000000 ____D C:\Users\TimoWerner\Desktop\Neuer Ordner 2013-08-31 11:16 - 2013-08-31 11:09 - 00000000 ___RD C:\Users\TimoWerner\Desktop\Wichtig für Windows und Sicherheit 2013-08-31 11:12 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\Desktop\Anderes 2013-08-31 11:11 - 2013-08-31 11:05 - 00000000 ____D C:\Users\TimoWerner\Desktop\Musik Kostenlos Audials One 2013-08-31 11:06 - 2013-08-31 11:06 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\CrashRpt 2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\ProgramData\RapidSolution 2013-08-31 11:01 - 2013-08-31 11:01 - 00000000 ____D C:\Program Files (x86)\Audials 2013-08-30 11:58 - 2013-08-30 11:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-30 11:58 - 2012-04-11 18:02 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-30 11:58 - 2011-07-30 19:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-30 11:40 - 2013-08-30 11:39 - 00000000 ____D C:\Users\TimoWerner\AppData\Local\{ADE8146A-3E0D-4DEB-9697-969A781D6420} 2013-08-30 11:25 - 2013-08-30 11:25 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-30 11:23 - 2013-08-30 11:23 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-30 11:23 - 2013-08-30 11:18 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-30 11:15 - 2013-08-30 11:09 - 117478104 _____ C:\Users\TimoWerner\Downloads\avast_free_antivirus_setup.exe 2013-08-30 11:04 - 2013-08-30 11:04 - 00000000 ____D C:\Program Files\Common Files\Bitdefender 2013-08-30 11:04 - 2013-08-30 11:03 - 00006180 _____ C:\Users\TimoWerner\Documents\cc_20130830_110356.reg 2013-08-30 11:03 - 2013-08-30 11:03 - 00255176 _____ C:\Users\TimoWerner\Documents\Nach Kasperskey deinstallation.reg 2013-08-30 11:01 - 2012-06-19 15:57 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\FileZilla 2013-08-30 10:52 - 2009-09-07 03:03 - 00000000 ____D C:\Users\Administrator 2013-08-30 10:38 - 2013-08-30 10:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2013-08-30 10:19 - 2012-05-18 13:36 - 00000000 ____D C:\Users\TimoWerner\AppData\Roaming\QuickScan Some content of TEMP: ==================== C:\Users\TimoWerner\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe C:\Users\TimoWerner\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\TimoWerner\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\TimoWerner\AppData\Local\Temp\swt-win32-3448.dll C:\Users\v\AppData\Local\Temp\mPlayer.df.dll C:\Users\Werner\AppData\Local\Temp\contentDATs.exe C:\Users\Werner\AppData\Local\Temp\drm_dyndata_7400008.dll C:\Users\Werner\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Werner\AppData\Local\Temp\gmx_mediacenter_uploadmanager.exe C:\Users\Werner\AppData\Local\Temp\mPlayer.df.dll C:\Users\Werner\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Werner\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\Werner\AppData\Local\Temp\swt-win32-3448.dll C:\Users\Werner1\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Werner1\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\Werner1\AppData\Local\Temp\swt-win32-3448.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2012-06-15 18:41 ==================== End Of Log ============================ --- --- --- |
29.09.2013, 15:16 | #9 |
| Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] Und jetzt die zweite Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02 Ran by TimoWerner at 2013-09-29 16:02:17 Running from C:\Users\TimoWerner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (x32 Version: 3.1.3) 7-Zip 9.19 beta (x32) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3) Activision(R) (x32 Version: 1.00.0000) Adobe AIR (x32 Version: 3.7.0.2090) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95) Akamai NetSession Interface (HKCU) Akamai NetSession Interface (x32) AllShare Framework DMS (Version: 1.3.09) AMD64Bit (Version: 1.00.0000) AOL Deutschland Toolbar (HKCU) Apple Application Support (x32 Version: 2.1.7) Apple Mobile Device Support (Version: 4.0.0.96) Apple Software Update (x32 Version: 2.1.3.127) ArcSoft MediaImpression 2 (x32 Version: 2.0.15.965) ArcSoft Upload to YouTube (x32 Version: 1.0.15.14) Ashampoo Burning Studio 2013 v.11.0.6 (x32 Version: 11.0.6) Ashampoo Snap 5 v.5.1.2 (x32 Version: 5.1.2) Audacity 2.0.3 (x32 Version: 2.0.3) Audials (x32 Version: 10.2.29500.0) Autobahn Raser (x32) avast! Free Antivirus (x32 Version: 8.0.1489.0) AVEO USB2.0 PC Camera(U2HGCV3P31048) (x32 Version: 2.0.0.5) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95) BlackBerry App World Browser Plugin (x32 Version: 4.0.0.18) Blasterball 3 (x32 Version: 2.2.0.95) BlueStacks App Player (x32 Version: 0.7.6.2802) Bonjour (Version: 3.0.0.10) Bounce Symphony (x32 Version: 2.2.0.95) Bridge Construction Set 1.3.9.1 (x32) Cake Mania (x32 Version: 2.2.0.95) CameraHelperMsi (x32 Version: 13.30.1395.0) CCleaner (Version: 3.10) Celestia 1.6.1 (x32) Chuzzle Deluxe (x32 Version: 2.2.0.95) Clownfish for Skype (x32) Colin McRae Rally 2 (x32) Compaq Setup Manager (x32 Version: 1.0.12844.3519) Complitly (x32) COMPUTER BILD-Film-Finder (x32 Version: 1.0.3) COMPUTERBILD Vorteil-Center (x32 Version: 1.2.1) COMPUTERBILD-Abzockschutz (x32 Version: 1.0.42) COMPUTERBILD-Cloud ConvertHelper 2.2 (x32) CryptBox (x32 Version: 1.2) CyberLink DVD Suite (x32 Version: 7.0.3320) CyberLink PowerDVD 9 (x32 Version: 9.0.1.4604) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.46.1.0327) Demolition Company Gold (x32) Der Planer 4 Version 1.3 (x32) Die Tierischen Kicker (x32) Digital Camera Driver (x32) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95) Direct Show Ogg Vorbis Filter (remove only) (x32) Dropbox (HKCU Version: 1.2.52) Duden Korrektor Standard (x32 Version: 7.00.0000) Dust Racing 2D (x32 Version: 1.00.0000) EAX Unified (x32) Energy Star Digital Logo (x32 Version: 1.0.1) erLT (x32 Version: 1.20.138.34) ESU for Microsoft Windows 7 (x32 Version: 1.0.0) Farm Frenzy (x32 Version: 2.2.0.95) FATE (x32 Version: 2.2.0.95) FFmpeg for Audacity on Windows (x32) FileZilla Client 3.5.3 (HKCU Version: 3.5.3) Formatwandler 4 SE (x32 Version: 4.0.11.615) Free Studio version 2013 (x32 Version: 6.1.1.419) Galileo Family Quiz - Spezial III (x32) Game Booster 3 (x32 Version: 3.4) GMX Clicktionary® 2.8 (x32 Version: 2.8) GMX MultiMessenger (x32 Version: 3.70.2815) GMX OnlineChat (HKCU Version: 0.15.148) GMX Softwareaktualisierung (x32 Version: 2.0.1.5) GMX Toolbar für Mozilla Firefox (x32 Version: 1.6.4.0) GMX Upload-Manager (x32 Version: 2.0.670) Google Chrome (x32 Version: 29.0.1547.76) Google Earth (x32 Version: 6.2.0.5905) Google SketchUp 8 (x32 Version: 3.0.14358) Google Talk (remove only) (x32) Google Talk Plugin (x32 Version: 4.6.3.15268) Google Update Helper (x32 Version: 1.3.21.153) Grand Theft Auto IV (x32 Version: 1.00.0000) GutscheinFinder (x32) High-Definition Video Playback (x32 Version: 7.3.10800.5.0) honestech Audio Recorder 2.0 Deluxe (x32 Version: 2.0) HP Auto (Version: 1.0.12494.3472) HP Client Services (Version: 1.0.12656.3472) HP CloudDrive (x32) HP Customer Experience Enhancements (x32 Version: 6.0.1.7) HP Deskjet 3520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0) HP Deskjet 3520 series Hilfe (x32 Version: 27.0.0) HP Deskjet 3520 series Setup Guide (x32 Version: 27.0.0) HP Documentation (x32 Version: 1.1.2.1) HP FWUpdateEDO2 (x32 Version: 1.2.0.0) HP Games (x32 Version: 1.0.1.5) HP Photo Creations (x32 Version: 1.0.0.7702) HP Power Manager (x32 Version: 1.1.2) HP Quick Launch (x32 Version: 2.2.7) HP Setup (x32 Version: 8.4.4400.3525) HP Software Framework (x32 Version: 4.0.70.1) HP Support Assistant (x32 Version: 5.1.8.12) HP Update (x32 Version: 5.003.003.001) HP Wireless Assistant (Version: 4.0.10.0) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3) HPDiagnosticAlert (x32 Version: 1.00.0000) Ice Age(TM) 4 - Voll Verschoben! Die arktischen Spiele demo (x32 Version: 1.00.0000) iCloud (Version: 1.0.1.29) Insaniquarium Deluxe (x32 Version: 2.2.0.95) Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086) Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001) Internet-TV für Windows Media Center (x32 Version: 4.2.2.0) InterVideo MediaOne Gallery (x32) iSpy (x32 Version: 4.5.3) iTunes (Version: 10.5.0.142) Java 7 Update 9 (x32 Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.0) Java(TM) 6 Update 21 (64-bit) (Version: 6.0.210) Java(TM) 6 Update 31 (x32 Version: 6.0.310) JavaFX 2.1.1 (x32 Version: 2.1.1) Jewel Quest II (x32 Version: 2.2.0.95) Jewel Quest Solitaire (x32 Version: 2.2.0.95) John Deere Drive Green (x32 Version: 2.2.0.95) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kaminfeuer Comprehensive Edition Free (x32) LabelPrint (x32 Version: 2.5.3220) LAME v3.99.3 (for Windows) (x32) Landwirtschafts-Simulator 2009 (x32) LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000) Lernspaß kompakt Mathe 3 (x32 Version: 1.00.0000) LibreOffice 3.4 (x32 Version: 3.4.302) LightScribe System Software (x32 Version: 1.18.22.2) LinCity-NG 1.1.2 (x32) LinuxLive USB Creator (x32 Version: 2.8) Living Marine Aquarium 2 (x32 Version: 1.0.2) Logitech Vid HD (x32 Version: 7.2 (7259)) Logitech Webcam-Software (x32 Version: 2.30) LogMeIn Hamachi (x32 Version: 2.1.0.374) LWS Facebook (x32 Version: 13.30.1346.0) LWS Gallery (x32 Version: 13.30.1379.0) LWS Help_main (x32 Version: 13.30.1396.0) LWS Launcher (x32 Version: 13.30.1379.0) LWS Motion Detection (x32 Version: 13.30.1395.0) LWS Pictures And Video (x32 Version: 13.30.1395.0) LWS Twitter (x32 Version: 13.30.1346.0) LWS Video Mask Maker (x32 Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (x32 Version: 13.30.1379.0) LWS WLM Plugin (x32 Version: 1.30.1201.0) LWS YouTube Plugin (x32 Version: 13.30.1346.0) Machinarium (x32) Mesh Runtime (x32 Version: 15.4.5722.2) Messenger Companion (x32 Version: 15.4.3502.0922) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Default Manager (x32 Version: 2.2.114.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 2.0.672.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6106.5001) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (HKCU Version: 17.0.2015.0811) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft XML Parser (x32 Version: 8.20.8730.4) Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0) Minigolf (x32) Miro (x32 Version: 5.0.4) MoonTools Version 1.6 (x32 Version: 1.6) Mozilla Firefox 17.0.1 (x86 de) (x32 Version: 17.0.1) Mozilla Maintenance Service (x32 Version: 17.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MyPublicWiFi 4.1 (x32) MySQL Connector C 6.0.2 (Version: 6.0.2) MySQL Connector C++ 1.1.0 (Version: 1.1.0) MySQL Connector J (x32 Version: 5.1.20.0) MySQL Connector Net 6.5.4 (x32 Version: 6.5.4) MySQL Connector/ODBC 5.1 (Version: 5.1.11) MySQL Documents 5.5 (x32 Version: 5.5.27) MySQL Examples and Samples 5.5 (x32 Version: 5.5.27) MySQL For Excel 1.0.6 (x32 Version: 1.0.6) MySQL Installer (x32 Version: 1.1.3.0) MySQL Notifier 1.0.3 (x32 Version: 1.0.3) MySQL Server 5.5 (Version: 5.5.27) MySQL Workbench 5.2 CE (x32 Version: 5.2.41) Nero 10 Kwik Themes 4 (x32 Version: 10.4.10400.1.0) Nero 10 Movie ThemePack Basic (x32 Version: 10.4.10400.1.0) Nero Backup Drivers (Version: 1.0.10000.1.0) Nero Core Components 10 (x32 Version: 2.0.19700.9.9) Nero Dolby Files 10 (x32 Version: 2.0.13000.0.10) Nero Kwik Media (x32 Version: 10.6.10100) Nero Update (x32 Version: 1.0.10900.31.0) NeroKwikMedia Help (CHM) (x32 Version: 10.6.10600) No-IP DUC (x32 Version: 4.0.1) Norton Family (x32 Version: 2.9.0.21) Norton Identity Safe (x32 Version: 2014.5.0.67) Notification Center (x32 Version: 0.7.6.2802) OpenAL (x32) Overwolf (x32 Version: 0.44.256) PC-Kids Deutsch 3 (x32) PCSUITE BOOSTER (x32) Penguins! (x32 Version: 2.2.0.95) Personal ID (x32 Version: 1.8.5.202) Pflanzen gegen Zombies (x32) Photomizer (x32 Version: 1.0.10.1236) PhotoNow! (x32 Version: 1.1.7717) Picasa 3 (x32 Version: 3.9) PictureMover (x32 Version: 3.5.0.33) Plants vs. Zombies (x32 Version: 2.2.0.95) Power2Go (x32 Version: 6.1.4419) PowerDirector (x32 Version: 8.0.3320) Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.1.11.0) Rangier-Simulator 1.7.16 (x32) Real Desktop 2.04 Pro (x32) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealPlayer (x32 Version: 15.0.6) Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6206) RealUpgrade 1.1 (x32 Version: 1.1.0) Recovery Manager (x32 Version: 5.5.3223) RetroClassix (x32) Revo Uninstaller 1.95 (x32 Version: 1.95) Roadkil's Unstoppable Copier Version 5.2 (x32) RocketDock 1.3.5 (x32) Rockstar Games Social Club (x32 Version: 1.00.0000) Rome - Total War - Gold Edition (x32 Version: 1.6) RtVOsd (Version: 1.0.6) Samsung AllShare (x32 Version: 2.1.0.12031_10) Samsung Link 1.5.0.1305092012 (Version: 1.5.0.1305092012) Secret City (x32 Version: 1.9.4152) Secret Maryo Chronicles (x32 Version: 1.9) Shock Desktop 3D v0.5 (x32) Skype Click to Call (x32 Version: 5.9.9216) Skype™ 6.5 (x32 Version: 6.5.158) Slingo Deluxe (x32 Version: 2.2.0.95) Software Version Updater (x32 Version: 1.1.3.6) SpyroDriver (x32 Version: 1.06.0000) SpyroPortalDriver (Version: 1.0.0) SSuite Office - PC Video Phone (x32 Version: 3.02.0001) Steganos Internet Anonym 2012 (x32 Version: 2.1) Steganos Online Shield (x32 Version: 1.0.4) Stronghold 2 Demo (x32 Version: 1.00) Studie zur Verbesserung von HP Deskjet 3520 series Produkten (Version: 28.0.1315.0) SugarSync Manager (x32 Version: 1.9.92.107379) Sweet Home 3D version 3.7 (x32) SweetIM for Messenger 3.6 (x32 Version: 3.6.0008) SweetPacks Toolbar for Internet Explorer 4.6 (x32 Version: 4.6.0002) Synaptics Pointing Device Driver (Version: 15.1.6.64) TeamViewer 8 (x32 Version: 8.0.20202) Tomb Raider Chronicles (x32) Tomb Raider: Underworld 1.1 (x32) TubeBox (x32 Version: 1.0.0.0) TubeBox (x32 Version: 4.0.0.0) TubeBox (x32 Version: 4.2.0) TUGZip 3.5 (x32) TuneUp Utilities 2011 (x32 Version: 10.0.4600.4) TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update Installer for WildTangent Games App (x32) Update Manager for SweetPacks 1.0 (x32 Version: 1.0.0005) VIP Helikopter (x32 Version: 1.00.0000) VirtualDJ Home FREE (x32 Version: 7.3) VLC media player 1.1.10 (x32 Version: 1.1.10) VoipCheapCom (x32 Version: 3.02 build 424) watchmi (x32 Version: 3.0.0) Webasto Thermo Test 2.14 (x32 Version: 2.14) Wedding Dash (x32 Version: 2.2.0.95) WildTangent Games App (HP Games) (x32 Version: 4.0.5.25) WildTangent Games App (x32 Version: 4.0.5.31) WildTangent-Spiele (x32 Version: 1.0.2.5) Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0) Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (Version: 07/12/2013 2.08.30) Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (Version: 07/12/2013 2.08.30) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) XAMPP (x32 Version: 1.8.3-0) XBMC (HKCU) Youda Survivor (x32) Zattoo4 4.0.5 (x32 Version: 4.0.5) Zuma Deluxe (x32 Version: 2.2.0.95) ==================== Restore Points ========================= 15-08-2013 12:18:28 Windows Update 21-08-2013 12:38:34 Windows Update 30-08-2013 08:44:49 Revo Uninstaller's restore point - Kaspersky Internet Security 2013 30-08-2013 09:07:42 Windows Update 30-08-2013 09:22:40 avast! Free Antivirus Setup 31-08-2013 09:06:24 Gerätetreiber-Paketinstallation: RapidSolution Software Audio-, Video- und Gamecontroller 31-08-2013 09:10:02 Gerätetreiber-Paketinstallation: RapidSolution Software AG Netzwerkdienst 24-09-2013 08:05:16 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {026B6D5E-3EC5-464B-BD28-681B2FCAB0E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-30] (Adobe Systems Incorporated) Task: {0550F30A-7DB7-421F-8EF1-275FBC45015F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007Core => C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.) Task: {09100924-D854-45BC-A44F-DF4E7FBAC59F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4291137014-3446076692-3718497768-1000 Task: {0DE1D600-8A48-4E81-B6E9-BA4371A7E543} - System32\Tasks\{58C01867-E4E1-4CDB-A125-199F376BCE5D} => C:\Program Files (x86)\Derby Champion\DerbyChampion.exe Task: {0F0133DE-EB4F-4A54-A7C0-E3654C944B36} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2011-06-08] (1&1 Mail & Media GmbH) Task: {12FC5E96-88A2-4F5B-9AB1-CA51A7E5AB2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2010-09-17] (Hewlett-Packard Company) Task: {1819989D-953E-428D-A6B0-3799B13761BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21] (Google Inc.) Task: {1984FFD0-CFAC-4F40-A563-3B5CA9A25EF0} - System32\Tasks\{E792009E-09BE-4553-B2CE-DDC60BA3851C} => C:\Users\Werner\AppData\Roaming\GMX OnlineChat\bin\messenger.exe [2010-05-07] () Task: {19BD104B-A2C2-494E-B5BB-CF529B10F1B6} - System32\Tasks\{8C7DFFED-CD43-4342-A06D-C8FD66B0A06E} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.155.161/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {1CCD7E88-E324-4CC5-BFFF-DF5F9B3D4200} - System32\Tasks\{7C74DD2E-79E5-4157-8AA5-6452F83A2AE6} => C:\DAVILEX\RASER\raser.exe [1998-03-20] () Task: {27DA0255-E703-4403-83DC-4993B5B226D0} - System32\Tasks\{2BA21921-1F8F-4A1B-B595-F8E2C19D420A} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company) Task: {2896644C-6999-4450-B7E8-A9EFF472D9C0} - System32\Tasks\{45E5B821-0FDF-4061-B934-E0FE3DAF0661} => C:\Program Files (x86)\SSuiteVOIPEx\DocHolder.exe Task: {2DD63D57-E2B8-4701-B362-5ABE6C14CD30} - System32\Tasks\{FA76C165-3FB2-49D3-B3A7-BB76CB3C4EAA} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.155.161/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {2E342E9C-A10B-4CB2-9E93-9806019B6C69} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\tampmon.exe [2013-09-12] (Symantec Corporation) Task: {2F0DFF48-DE30-436C-9BAC-D2E8A29F0B31} - System32\Tasks\{849238AA-39CA-41E2-9F51-824171090450} => C:\Users\TimoWerner\Desktop\__MACOSX\._index_de.exe Task: {34BA96C1-8AC8-460D-AA87-C72A26FF359B} - System32\Tasks\{5A32D203-EFC1-4E60-80C5-A6B5BFACB197} => Chrome.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar Task: {3613FE9E-6D94-48CD-BFC6-23666473C934} - System32\Tasks\{538F5BE9-1315-4C30-ABDD-B797464F25E9} => C:\Users\TimoWerner\VIP Helikopter\Celebheli.exe [2011-02-01] () Task: {3DBFAD9D-CA41-4A25-B87B-42EDC1FEAB88} - System32\Tasks\{A809E9EE-6F3B-4426-951A-7065E82FC347} => C:\Program Files (x86)\SSuiteVOIPEx\DocHolder.exe Task: {4246AF8A-0AF1-41AA-9FD1-C7EDBC707824} - System32\Tasks\Google Updater and Installer => C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.) Task: {474F4BFF-9D6F-4D27-B7CD-158F44D0CEA0} - System32\Tasks\{75AE2EC0-82EE-40CA-A6C8-A8A979FB9676} => C:\DAVILEX\RASER\raser.exe [1998-03-20] () Task: {47841436-68C6-4EC6-A51B-1D1FA20C4590} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {48CBB435-F6FA-4DFC-B0DF-E1985335D475} - System32\Tasks\AmiUpdXp => C:\Users\TimoWerner\AppData\Local\SwvUpdater\Updater.exe [2013-07-21] (Amonetize ltd.) Task: {4DD90A23-3253-4DB1-9F25-7CFB22007F8C} - System32\Tasks\{8E2B9ABB-B8B3-47F7-8722-310EB9D5D93F} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.155.161/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {5655247D-6632-43B6-8F04-A82906B9080E} - System32\Tasks\{B3E6BFF5-B798-4FE4-B1E7-9A0F6297270A} => Firefox.exe hxxp://ui.skype.com/ui/0/4.2.0.155.161/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {7D7CDFB4-665C-47C8-874C-6E03AC4B3FE3} - System32\Tasks\{405B0B95-1FA8-4BA0-A5EB-35ABA4269041} => E:\setup.exe Task: {81001724-4011-4BEC-9F96-086E046ECEC1} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {82111F4B-652E-48B4-88AE-2611615A12E5} - System32\Tasks\User_Feed_Synchronization-{631F1FCF-A0A7-4D04-BDAF-42267D0DD50D} => C:\Windows\system32\msfeedssync.exe [2013-05-02] (Microsoft Corporation) Task: {89CFC86E-30A8-4A64-B4A6-E945016021E6} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {8A97B5C9-F4EE-423F-A41E-9F5B303BE734} - System32\Tasks\User_Feed_Synchronization-{A7DB815E-96C6-4A57-9C4A-16B827A6DC3C} => C:\Windows\system32\msfeedssync.exe [2013-05-02] (Microsoft Corporation) Task: {90DF26E4-BF9E-4C52-AC46-A26702FBA6C1} - System32\Tasks\{DFF43F25-E518-4DD4-A040-DB4F4F171A88} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.155.161/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {992018AF-4F7D-4B49-97C5-C63A3A660F0B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Safe Web Lite\Norton Safe Web Lite\Engine\2014.5.0.67\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {99238E16-29CA-49ED-AD8F-BF1C070B6F86} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4291137014-3446076692-3718497768-1007 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {A3750D9D-F086-4B83-94EF-CE6A6486C677} - System32\Tasks\{30934B35-FD0C-492D-9F84-EBA0B8202677} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.155.161/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {AB35A768-18D8-42F2-95B4-7644E2F91587} - System32\Tasks\{B05F97F5-FA00-4127-A16E-6018DC01F8CC} => C:\Users\TimoWerner\Desktop\__MACOSX\._index_de.exe Task: {AB36D3B9-87CF-4A4C-A18D-0762EBD098DF} - System32\Tasks\{BB900206-3FB1-4A95-B054-6BB90EB77DBB} => E:\setup.exe Task: {ADA50FAD-16A0-4F20-896A-EE928B41FCBB} - System32\Tasks\Tomb Raider - Anniversary => C:\Program Files (x86)\Tomb Raider - Anniversary\TRA.exe Task: {AF791CAF-050D-47B3-8BFD-90C7C273A6B6} - System32\Tasks\{ABE60F6E-CB7B-4103-A727-46E76DE7ED64} => E:\setup.exe Task: {B9134DDA-9CD0-420F-86CE-3868209B49C4} - System32\Tasks\Software Updater => C:\Program Files (x86)\Freetec\SystemStore\SoftwareUpdater.Bootstrapper.exe Task: {C1F0D28E-921B-45C4-B9FD-2E5E38382FDB} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-15] () Task: {C2C0E61D-D9F0-415A-B1C8-481583579828} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company) Task: {C3EB32BA-B48B-4A49-980D-ADF054DC0F3A} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {C4CFCAD6-2C3B-466E-AAE0-CB4316BF83F2} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software) Task: {C661D81F-CC08-489E-9644-D25EECBA5E59} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {C7EB6ECD-2EA3-49DF-843C-50C9B2B813A7} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\Freetec\SystemStore\SoftwareUpdater.Ui.exe Task: {C8EF25D9-A030-4DE4-BDD1-184A5F0640D8} - System32\Tasks\{30D71DFF-8926-4C62-ACBF-EA54EAFAF03B} => C:\Users\TimoWerner\Desktop\__MACOSX\._index_de.exe Task: {CD62E4E1-6DE2-4C56-AACE-DEDD6EFBB74D} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {D08FEC9B-DC17-458C-8AD1-D4F7A8B966C9} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\SymErr.exe Task: {D3095F54-FA74-4879-8DA8-EBD0BBC0CB89} - System32\Tasks\{ACBCADF2-1A41-4EF5-A8E2-38B3DCC5F99E} => C:\Users\Werner\AppData\Roaming\GMX OnlineChat\bin\messenger.exe [2010-05-07] () Task: {D3F75ECC-0EC4-488A-A843-C83C9E93DD4F} - System32\Tasks\{6C14B977-A1A0-4418-B674-3C5B4D07261E} => C:\Program Files (x86)\SSuiteVOIPEx\DocHolder.exe Task: {D856C409-E158-42B4-9575-AE9EFD719EE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21] (Google Inc.) Task: {DB1F01C5-EECE-463E-BD77-CC43EF135779} - System32\Tasks\{2A6F749D-3B3D-4B7A-AAD6-07397B2EA2A2} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.155.161/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {E7F1FB78-0C89-41C5-B84B-EAA76D77CF10} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\SymErr.exe Task: {EB64F044-D958-49D0-9FF6-BB67CAAF46A6} - System32\Tasks\{7E7A9165-3C91-4DC5-B38E-7F5326E7586D} => C:\Program Files (x86)\Derby Champion\DerbyChampion.exe Task: {ED5A7E62-C39D-41B8-B783-687C36AEC38B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.) Task: {ED66CF5A-C02C-406F-8FCF-E3F2BD0E31D3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {F08FDF76-1E07-43EE-80C6-EE61E231001D} - System32\Tasks\{E49F3E1D-6005-4A65-A8F9-6ABC59B1999D} => C:\Program Files (x86)\SSuiteVOIPEx\DocHolder.exe Task: {F41A6500-6252-43C6-BB54-7ED04956589E} - System32\Tasks\{75644846-6FC8-455D-878E-C072E5240DD6} => E:\setup.exe Task: {F4B277A5-32E5-42BA-9255-D1E3CBE8A844} - System32\Tasks\{6652C7D0-9151-439D-A34D-C630A05DE2F3} => C:\Users\Werner\AppData\Roaming\GMX OnlineChat\bin-0.15.148\messenger2.exe [2010-05-07] () Task: {F913A903-82F1-4689-9AC0-8F3517C22AB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007UA => C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.) Task: {F9879B05-C90E-4020-B546-0DDC375258E5} - System32\Tasks\{A17A0C5C-0B3B-4FBC-9914-D79F0E58FC95} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.155.161/de/abandoninstall?page=tsOptions&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {FA9C6A02-E142-4163-ABD0-158C6FC94584} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.0.3\MySqlNotifier.exe [2012-07-24] (Oracle) Task: {FB3DE655-D2DF-48CA-B88C-EE31B61F0AC5} - System32\Tasks\{28F15B53-9201-444F-804F-4003475CB78E} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company) Task: {FEFEF4D9-DCA3-4356-9F85-D5E2D632842E} - System32\Tasks\{C51F302D-E0AE-44CC-936F-749B8958A155} => C:\DAVILEX\RASER\raser.exe [1998-03-20] () Task: {FFF5EC74-7809-4AA8-97FD-DA16DE9AE92F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4291137014-3446076692-3718497768-1007 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\TimoWerner\AppData\Local\SwvUpdater\Updater.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007Core.job => C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291137014-3446076692-3718497768-1007UA.job => C:\Users\TimoWerner\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-22 15:37 - 2013-08-22 15:37 - 00031136 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorer-2006.dll 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-05-10 15:45 - 2013-05-09 20:12 - 01226752 _____ () C:\Program Files\Samsung\Samsung Link\SecLibJNI.dll 2013-05-10 15:51 - 2013-05-10 15:51 - 00515584 ____N () C:\Users\TimoWerner\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll 2013-05-10 15:45 - 2013-05-09 20:12 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll 2013-05-03 14:20 - 2013-05-03 14:20 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\64bit\JNIInterface.dll 2013-05-03 14:21 - 2013-05-03 14:21 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\64bit\ASFAPI.dll 2013-05-03 14:22 - 2013-05-03 14:22 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\64bit\MediaDB_Manager.dll 2013-02-14 19:41 - 2013-02-14 19:41 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll 2013-02-14 19:41 - 2013-02-14 19:41 - 00905216 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll 2013-05-03 14:22 - 2013-05-03 14:22 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\64bit\DMS_Manager.dll 2013-04-15 18:52 - 2013-04-15 18:52 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll 2013-04-15 18:52 - 2013-04-15 18:52 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll 2013-04-15 18:52 - 2013-04-15 18:52 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll 2013-04-15 18:52 - 2013-04-15 18:52 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll 2010-07-21 14:33 - 2010-07-21 14:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll 2010-07-21 14:33 - 2010-07-21 14:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll 2010-07-21 14:33 - 2010-07-21 14:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00031648 _____ () C:\Program Files (x86)\Overwolf\x64\OWExplorerLauncher.dll 2013-09-20 13:37 - 2013-09-20 09:19 - 02103296 _____ () C:\Program Files\AVAST Software\Avast\defs\13092001\algo.dll 2013-08-30 11:23 - 2013-05-09 10:58 - 00240448 _____ () C:\Program Files\AVAST Software\Avast\Setup\SetIFace.dll 2013-04-19 17:29 - 2013-04-19 17:29 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DMSManager.dll 2013-04-19 16:37 - 2013-04-19 16:37 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ContentDirectoryPresenter.dll 2013-04-19 16:39 - 2013-04-19 16:39 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DCMCDP.dll 2013-04-19 16:38 - 2013-04-19 16:38 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\FolderCDP.dll 2013-04-19 17:29 - 2013-04-19 17:29 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\MetadataFramework.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\sqlite3.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\MoodExtractor.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DCMImgExtractor.dll 2013-04-12 08:58 - 2013-04-12 08:58 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AutoChaptering.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libexpat.dll 2013-04-12 08:58 - 2013-04-12 08:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoThumb.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avcodec-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avutil-50.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avformat-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\swscale-0.dll 2013-04-19 17:29 - 2013-04-19 17:29 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AudioExtractor.dll 2013-04-19 17:29 - 2013-04-19 17:29 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ID3Driver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\tag.dll 2013-04-12 08:58 - 2013-04-12 08:58 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libThumbnail.dll 2013-04-19 16:58 - 2013-04-19 16:58 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\RichInfoDriver.dll 2013-04-19 16:58 - 2013-04-19 16:58 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoExtractor.dll 2013-04-19 16:58 - 2013-04-19 16:58 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ThumbnailMaker.dll 2013-04-12 08:59 - 2013-04-12 08:59 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ImageMagickWrapper.dll 2013-04-19 16:58 - 2013-04-19 16:58 - 00133632 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoMetadataDriver.dll 2013-04-19 16:58 - 2013-04-19 16:58 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libKeyFrame.dll 2013-04-19 16:58 - 2013-04-19 16:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\SECMetaDriver.dll 2013-04-19 16:58 - 2013-04-19 16:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ImageExtractor.dll 2013-04-12 08:58 - 2013-04-12 08:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\photoDriver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libexif-12.dll.dll 2013-04-19 16:58 - 2013-04-19 16:58 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\TextExtractor.dll 2013-04-19 16:39 - 2013-04-19 16:39 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\Autobackup.dll 2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\RosettaAllShare.dll 2013-04-15 18:52 - 2013-04-15 18:52 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_serialization-vc90-mt-1_47.dll 2013-04-15 18:53 - 2013-04-15 18:53 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_date_time-vc90-mt-1_47.dll 2013-04-15 18:52 - 2013-04-15 18:52 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_system-vc90-mt-1_47.dll 2013-04-15 18:53 - 2013-04-15 18:53 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_thread-vc90-mt-1_47.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\us.dll 2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2013-09-19 20:23 - 2012-05-30 05:21 - 00699280 ____R () C:\Program Files (x86)\Norton Family\Engine\2.9.0.21\wincfi39.dll 2011-08-18 11:44 - 2011-08-18 11:44 - 00142336 _____ () C:\Program Files (x86)\FS\Spyro Portal\SpyroLibrary.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00078240 _____ () C:\Program Files (x86)\Overwolf\OWExplorer-2006.dll 2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 21636024 _____ () C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00065536 _____ () C:\Program Files (x86)\Overwolf\de\OverWolf.Client.Core.resources.dll 2013-01-05 14:03 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00091576 _____ () C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00010240 _____ () C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00124320 _____ () C:\Program Files (x86)\Overwolf\OWService.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00940960 _____ () C:\Program Files (x86)\Overwolf\OWServer.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00037280 _____ () C:\Program Files (x86)\Overwolf\OWLog.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00025600 _____ () C:\Program Files (x86)\Overwolf\CoreAudioApi.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00669088 _____ () C:\Program Files (x86)\Overwolf\OWAgent.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00087552 _____ () C:\Program Files (x86)\Overwolf\BrowserWindow.dll 2007-05-07 20:54 - 2007-05-07 20:54 - 00076800 _____ () C:\Program Files (x86)\Steganos Internet Anonym 2012\polipo\libgnurx-0.dll 2012-12-17 16:30 - 2003-01-23 23:58 - 00032768 _____ () C:\Program Files (x86)\Clicktionary\clxhook.dll 2013-09-29 15:29 - 2013-09-29 15:30 - 00199168 ____N () C:\Users\TimoWerner\AppData\Local\Temp\WindowsAPI.dll7661264869607736229.lib 2013-09-29 15:35 - 2013-09-29 15:35 - 00379904 _____ () C:\Users\TimoWerner\AppData\Local\Temp\libsqlitejdbc-5121498926177692316.lib 2012-07-05 13:32 - 2010-10-25 15:38 - 00049152 _____ () C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AVEOCamSDK.dll 2013-09-23 00:50 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll 2013-09-23 00:50 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll 2013-09-23 00:50 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll 2013-09-23 00:50 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll 2013-09-23 00:50 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll 2010-10-04 10:26 - 2010-10-04 10:26 - 00156968 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\CLVistaAudioMixer.dll 2010-10-04 10:26 - 2010-10-04 10:26 - 00156968 ____N () C:\Program Files (x86)\CyberLink\PowerDVD9\AudioFilter\CLVistaAudioMixer.dll 2010-08-26 16:39 - 2010-08-26 16:39 - 05461288 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\Skins\BlackSatin.dll 2010-10-04 10:26 - 2010-10-04 10:26 - 00693544 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\2cMovie.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 01213633 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libxml2-2.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00055808 _____ () C:\Program Files (x86)\Overwolf\Purplizer\zlib1.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00301681 _____ () C:\Program Files (x86)\Overwolf\Purplizer\plugins\libmsn.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00482872 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libgio-2.0-0.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00219305 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libpng14-14.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00904525 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libcairo-2.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00279059 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libfontconfig-1.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00143096 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libexpat-1.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00535264 _____ () C:\Program Files (x86)\Overwolf\Purplizer\freetype6.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00095189 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libpangocairo-1.0-0.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00016371 _____ () C:\Program Files (x86)\Overwolf\Purplizer\plugins\libxmpp.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00323844 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libjabber.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00016330 _____ () C:\Program Files (x86)\Overwolf\Purplizer\plugins\libyahoo.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00190138 _____ () C:\Program Files (x86)\Overwolf\Purplizer\libymsg.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00018706 _____ () C:\Program Files (x86)\Overwolf\Purplizer\plugins\ssl-nss.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00006526 _____ () C:\Program Files (x86)\Overwolf\Purplizer\plugins\ssl.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00417501 _____ () C:\Program Files (x86)\Overwolf\Purplizer\sqlite3.dll 2013-08-22 15:37 - 2013-08-22 15:37 - 00027040 _____ () C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll 2010-09-15 16:40 - 2010-09-15 16:40 - 00070888 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\koan\zlib.pyd 2010-09-15 16:40 - 2010-09-15 16:40 - 00692224 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\koan\_bsddb.pyd 2010-09-15 16:40 - 2010-09-15 16:40 - 00006656 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\koan\winsound.pyd 2010-09-15 16:40 - 2010-09-15 16:40 - 00135168 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\koan\pyexpat.pyd 2010-09-15 16:40 - 2010-09-15 16:40 - 00049152 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\koan\_socket.pyd 2010-09-15 16:40 - 2010-09-15 16:40 - 00479232 ____N () C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD Cox\koan\_ssl.pyd ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} AlternateDataStreams: C:\ProgramData\Temp:517B507A ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/29/2013 03:18:52 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. Error: (09/26/2013 02:08:46 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Stream product id=0x0066): Streaming Failed Error: (09/26/2013 02:08:14 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. Too many failures while downloading ranges: 2 Error: (09/26/2013 02:03:33 PM) (Source: BstHdAndroidSvc) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (09/26/2013 02:01:47 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcInit started failed with 0 Error: (09/26/2013 02:01:47 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcMain failed with 0 Error: (09/26/2013 01:56:56 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 592195 Error: (09/26/2013 01:56:56 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 592195 Error: (09/26/2013 01:56:56 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/26/2013 01:56:55 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 591103 System errors: ============= Error: (09/29/2013 03:36:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/29/2013 03:36:18 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht. Error: (09/29/2013 03:35:27 PM) (Source: DCOM) (User: ) Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046} Error: (09/29/2013 03:35:27 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/29/2013 03:35:27 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Installer erreicht. Error: (09/29/2013 03:22:35 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (09/29/2013 03:21:07 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TeamViewer8 erreicht. Error: (09/26/2013 02:05:30 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv07 Error: (09/26/2013 02:05:29 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet. Error: (09/26/2013 02:03:33 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Microsoft Office Sessions: ========================= Error: (09/29/2013 03:18:52 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. Error: (09/26/2013 02:08:46 PM) (Source: CVHSVC)(User: ) Description: (Stream product id=0x0066): Streaming Failed Error: (09/26/2013 02:08:14 PM) (Source: CVHSVC)(User: ) Description: Too many failures while downloading ranges: 2 Error: (09/26/2013 02:03:33 PM) (Source: BstHdAndroidSvc)(User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (09/26/2013 02:01:47 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcInit started failed with 0 Error: (09/26/2013 02:01:47 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcMain failed with 0 Error: (09/26/2013 01:56:56 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 592195 Error: (09/26/2013 01:56:56 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 592195 Error: (09/26/2013 01:56:56 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/26/2013 01:56:55 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 591103 CodeIntegrity Errors: =================================== Date: 2013-09-26 13:59:47.722 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-26 13:59:47.144 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-23 09:20:58.773 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-23 09:20:58.274 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-23 09:12:28.263 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-23 09:12:27.764 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-23 00:41:46.319 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-23 00:41:45.836 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-21 18:49:56.522 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-21 18:49:56.038 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 77% Total physical RAM: 1978.91 MB Available physical RAM: 438.71 MB Total Pagefile: 4038.84 MB Available Pagefile: 742.37 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:279.67 GB) (Free:94.12 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:18.13 GB) (Free:2.63 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: B565CE26) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=280 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ |
29.09.2013, 18:35 | #10 | |
/// the machine /// TB-Ausbilder | Nicht entfernbarer Virus Name: Win32Evo-gen [Susp]Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.10.2013, 15:20 | #11 |
| Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] ComboFix lässt sich instillieren aber wenn ich ihn nochmal starte deinsterliert er sich also Lösche Datei : C:.......... was soll ich jetzt machen ? ??????????????????????? |
01.10.2013, 19:14 | #12 |
/// the machine /// TB-Ausbilder | Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] Erstens installiert sich da nix. Combofix startet mit einem blauen CMD Fenster und Text drin, dann beginnt er zu scannen, dann löscht er Malware.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Nicht entfernbarer Virus Name: Win32Evo-gen [Susp] |
aktion, avast, bescheid, cmd, e-mail, eingefangen, entferne, entfernen, entfernt, explorer, format, gefangen, gen, heute, infection, manuell, prozess, schnell, taucht, versuch, versucht, virus, virus eingefangen, win, win32 |