Download Protect in Firefox läßt sich nicht dauerhaft entfernen

draftec · 09.04.2014, 08:58

Hallo zusammen,

dieser Tage habe ich etwas installiert, wo ich anscheinend eine Haken vergessen habe rauszunehmen. Seitdem habe ich nach jedem Neustart in den Addons von Firefox ein Addon Namens "Doanload Protect" stehen, der meine Einstellungen abändert.

Das Programm habe ich zwar mittels IobitInstaller deinstalliert, aber es trägt sich immer wieder unter Windows/Installer neu ein, und anscheinend sogar doppelt. Ich nehme an 1x für Firefox und 1 x für Chrome?

Adwcleaner und Malwarebytes Anti-Malware habe ich ausprobiert, die haben aber nicht geholfen.

Wir sind eine 3Mann-Firma und ich muss mich hier um die PCs kümmern, stecke jetzt aber fest und komme überhaupt nicht weiter. Wenn ihr mir helfen könntet wäre das großartig.

Gruß draftec

Bootsektor · 09.04.2014, 09:13

Hallo draftec und

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [code][/code]
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also [CODE] Logfile [/CODE]
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Bitte schaue nach, ob in den Logs sensible Informationen stehen und mache diese gegebenenfalls unkenntlich
Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

draftec · 09.04.2014, 09:41

Hallo Sandra,

hier die gewünschten Logfiles: FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Ralf Pappers (administrator) on RALFPAPPERS-PC on 09-04-2014 10:37:41
Running from C:\Install\Programme Ralf\Tools\Virenscanner\Farbars Recovery Scan Tool
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Multimedia\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Text\PDF Professional 6\PDFProFiltSrv.exe
() C:\Windows\system32\qcap64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(TeamViewer GmbH) C:\Program Files (x86)\Tools\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Google) C:\Program Files (x86)\Internet\Google Calendar Sync\GoogleCalendarSync.exe
(Bartels Media GmbH) C:\Program Files (x86)\Tools\Textbausteinverwaltung\Textbausteinverwaltung.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Tools\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\Tools\FreeCommander\FreeCommander.exe
(Mozilla Corporation) C:\Program Files (x86)\Internet\Mozilla Firefox\firefox.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\professional\2014\Framework.exe
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Marek Jasinski) C:\Program Files (x86)\Tools\FreeCommander\FcContextMenu64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-16] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Everything] - C:\Program Files (x86)\Tools\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Tools\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Run: [Google Update] - C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-13] (Google Inc.)
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\MountPoints2: {47fdbf3a-34ba-11e3-8053-005056c00008} - J:\AutoRun.exe
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\MountPoints2: {47fdbf50-34ba-11e3-8053-005056c00008} - J:\AutoRun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll" File Not Found
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
URLSearchHook: HKCU - (No Name) - {1d053bb5-c922-44e3-9910-66585f017505} - No File
SearchScopes: HKLM - DefaultScope {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {1D053BB5-C922-44E3-9910-66585F017505} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {AA299E98-6FB5-409F-99D3-D30D749F4864} hxxp://compardt.istmein.de/inc/kaxRemote.dll
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP3-17099/webex/ieatgpc1.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default
FF Homepage: https://www.google.com/calendar/render?gsessionid=OK
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Text\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ralf Pappers\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ralf Pappers\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ralf Pappers\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\searchplugins\duckduckgo.xml
FF Extension: Print pages to PDF - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\printPages2Pdf@reinhold.ripper [2014-04-04]
FF Extension: FEBE - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-04-04]
FF Extension: Empty Cache Button - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-04-04]
FF Extension: DownloadHelper - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-04]
FF Extension: Flash and Video Download - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-04]
FF Extension: Add Bookmark Here ² - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\abhere2@moztw.org.xpi [2014-04-09]
FF Extension: about:addons-memory - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\about-addons-memory@tn123.org.xpi [2014-04-09]
FF Extension: Bookmark Favicon Changer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2014-04-09]
FF Extension: Firebug - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-09]
FF Extension: Go Parent Folder - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\goParentFolder@alice.xpi [2014-04-09]
FF Extension: Print / Print Preview (Update) - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com.xpi [2014-04-09]
FF Extension: Restart - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\Restart@schuzak.jp.xpi [2014-04-09]
FF Extension: Save as PDF - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2014-04-09]
FF Extension: Slim Add-ons Manager - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\slimaddonmanager@opendfki.de.xpi [2014-04-09]
FF Extension: Auto-Sort Bookmarks - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\sortbookmarks@bouanto.xpi [2014-04-09]
FF Extension: Firesizer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi [2014-04-09]
FF Extension: FlashGot - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-09]
FF Extension: Download Status Bar - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-04-09]
FF Extension: CookieCuller - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-04-09]
FF Extension: FireFTP - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-04-09]
FF Extension: Password Exporter - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-04-09]
FF Extension: Web Developer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-04-09]
FF Extension: Adblock Plus - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-09]
FF Extension: Tab Mix Plus - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-04-09]
FF Extension: DownThemAll! - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF HKLM-x32\...\Firefox\Extensions: [{3146650B-2476-4679-B13D-8026A60D9E5E}] - C:\Windows\Installer\{B364E1F3-A328-4674-90D3-96C844AA386C}\{3146650B-2476-4679-B13D-8026A60D9E5E}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{210833DC-ACC3-4D9D-B8D8-FFC75D3851C8}] - C:\Windows\Installer\{C80715B5-85FF-4ACC-B091-CC033A3BF094}\{210833DC-ACC3-4D9D-B8D8-FFC75D3851C8}.xpi
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-30]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Internet\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Google-Suche) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (Download Protect) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehpppaagkhefdddpkodnnnkphajeoiho [2014-04-02]
CHR Extension: (AdBlock) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Google Mail) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [flegfcibpcnhjcfmmpgckdobbiiogkda] - C:\Users\Ralf Pappers\AppData\Local\CRE\flegfcibpcnhjcfmmpgckdobbiiogkda.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-07-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Tools\Ashampoo WinOptimizer 2014\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Multimedia\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-04] (Ellora Assets Corp.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-24] (IObit)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [6258480 2013-09-09] (O&O Software GmbH)
R2 PDFProFiltSrv; C:\Program Files (x86)\Text\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.)
R2 rundlm32; C:\Windows\system32\qcap64.exe [118784 2014-01-23] ()
R2 SDScannerService; C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 TeamViewer8; C:\Program Files (x86)\Tools\TeamViewer\TeamViewer_Service.exe [3574624 2013-04-23] (TeamViewer GmbH)
R2 wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [76400 2013-05-24] (BiniSoft.org)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-11-02] (AnchorFree Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116936 2013-09-09] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41160 2013-09-09] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255688 2013-09-09] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44744 2013-09-09] (O&O Software GmbH)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-19] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 UacCtl2; C:\Windows\System32\DRIVERS\uacctl2.sys [17408 2006-12-19] (Micronas GmbH)
S3 UacFlt2; C:\Windows\System32\DRIVERS\uacflt2.sys [18304 2006-12-19] (Micronas GmbH)
U5 UnlockerDriver5; C:\Program Files\Tools\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 cleanhlp; \??\C:\EEK\Run\cleanhlp64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-09 10:37 - 2014-04-09 10:37 - 00000000 ____D () C:\FRST
2014-04-09 09:18 - 2014-04-09 09:18 - 00001562 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-04-09 08:46 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 08:46 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 08:46 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 08:46 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 08:46 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 08:46 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 08:46 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 08:46 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 08:46 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 08:46 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 08:46 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 08:46 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 08:46 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 08:46 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 08:46 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 08:46 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 08:46 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 08:46 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 08:46 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 08:46 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 08:46 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 08:46 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 08:46 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 08:46 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 08:46 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 08:46 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 08:46 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 08:46 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 08:46 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 08:46 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 08:46 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 08:46 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 08:46 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 08:46 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 08:46 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 08:46 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 08:46 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 08:46 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 08:46 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 08:46 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 08:46 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 08:46 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 08:46 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 08:46 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 08:46 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 08:46 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 08:46 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 08:46 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 08:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 08:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 08:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 08:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 08:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 08:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 08:42 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:42 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:42 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:42 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:42 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 08:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 15:43 - 2014-04-08 15:18 - 08946728 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll
2014-04-08 15:43 - 2014-04-08 15:18 - 07181352 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll
2014-04-08 15:12 - 2014-04-09 08:49 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Package Cache
2014-04-08 13:48 - 2014-03-26 19:01 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-04-08 13:48 - 2014-03-26 19:00 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-04-08 13:02 - 2014-04-08 13:02 - 00006304 _____ () C:\Users\Ralf Pappers\AppData\Local\recently-used.xbel
2014-04-08 11:01 - 2014-04-09 10:27 - 00000168 _____ () C:\Windows\setupact.log
2014-04-08 11:01 - 2014-04-08 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Public\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\ProgramData\ABBYY
2014-04-04 13:06 - 2014-04-04 13:07 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Wondershare
2014-04-04 13:06 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Wondershare
2014-04-04 10:57 - 2014-04-07 11:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 10:56 - 2014-04-04 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 10:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 10:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 10:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 11:30 - 2014-04-03 11:30 - 00000000 ____D () C:\HP-Drucker
2014-04-03 09:13 - 2014-04-08 13:41 - 00000024 _____ () C:\Users\Ralf Pappers\AppData\Local\pdfshaper.ini
2014-04-03 09:04 - 2014-04-03 09:04 - 00000134 _____ () C:\Users\Ralf Pappers\AppData\Roaming\PDFShaper.ini
2014-04-03 09:03 - 2014-04-03 09:03 - 00001091 _____ () C:\Users\Public\Desktop\PDF Shaper.lnk
2014-04-03 09:02 - 2014-04-03 09:02 - 00000025 _____ () C:\Users\Ralf Pappers\AppData\Local\trueburner.ini
2014-04-02 15:37 - 2014-04-02 15:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-02 15:34 - 2014-04-02 15:34 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 15:33 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-02 15:33 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-02 15:33 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-02 14:38 - 2014-04-02 15:11 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Mozilla
2014-04-02 14:38 - 2014-04-02 14:57 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Mozilla
2014-04-02 14:17 - 2014-04-07 10:29 - 00000000 ____D () C:\AdwCleaner
2014-04-02 12:05 - 2014-04-02 12:05 - 00001103 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-04-01 15:53 - 2014-04-01 15:53 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Ashampoo Burning Studio FREE
2014-04-01 15:51 - 2014-04-01 15:51 - 00001283 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2014-04-01 15:30 - 2014-04-01 15:30 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-04-01 13:43 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Microsoft Games
2014-03-31 14:59 - 2014-03-31 14:59 - 00002653 _____ () C:\Users\Public\Desktop\dodMover.lnk
2014-03-31 14:58 - 2014-03-31 14:59 - 00000000 ____D () C:\Program Files (x86)\DictaTeam
2014-03-31 14:58 - 2014-03-31 14:58 - 00002661 _____ () C:\Users\Public\Desktop\dodConverter.lnk
2014-03-31 14:57 - 2011-08-29 10:00 - 00074752 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-03-31 14:57 - 2011-08-29 10:00 - 00000038 _____ () C:\Windows\avisplitter.ini
2014-03-31 14:57 - 2011-07-16 16:17 - 00151552 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2014-03-31 14:57 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-03-31 14:57 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-03-31 14:57 - 2011-03-02 12:43 - 00175616 _____ () C:\Windows\SysWOW64\unrar.dll
2014-03-31 14:57 - 2008-10-03 14:30 - 00000414 _____ () C:\Windows\SysWOW64\lame_acm.xml
2014-03-31 14:57 - 2008-09-24 20:41 - 00839680 _____ (hxxp://www.mp3dev.org/) C:\Windows\SysWOW64\lameACM.acm
2014-03-31 14:55 - 2014-03-31 14:56 - 00003016 _____ () C:\Windows\unins000.dat
2014-03-31 14:55 - 2014-03-31 14:55 - 00719243 _____ () C:\Windows\unins000.exe
2014-03-31 14:55 - 2014-03-31 14:55 - 00000000 ____D () C:\dod
2014-03-31 12:49 - 2014-04-03 11:25 - 00000000 ___RD () C:\Users\Ralf Pappers\Documents\Spaces
2014-03-31 12:44 - 2014-03-31 12:44 - 00001123 _____ () C:\Users\Public\Desktop\TeamDrive 3.lnk
2014-03-28 16:54 - 2014-04-01 12:24 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\XnViewMP
2014-03-28 12:42 - 2014-03-28 12:42 - 00038434 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Program Files (x86)\Steganos Online-Banking Free
2014-03-26 14:52 - 2014-03-26 14:52 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\wPlayer
2014-03-26 14:48 - 2014-03-26 14:56 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\JS-Tools
2014-03-24 13:50 - 2014-03-24 13:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Kalender1
2014-03-24 12:37 - 2014-03-24 12:37 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\SysWOW64\FKStampPainter20.dll
2014-03-21 13:20 - 2014-03-21 13:20 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\OneNote-Notizbücher
2014-03-18 17:03 - 2014-03-18 17:03 - 00003178 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-03-18 14:51 - 2014-04-03 13:10 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Download Manager
2014-03-18 12:36 - 2014-03-18 12:36 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Apps\Evernote
2014-03-17 10:51 - 2014-03-17 10:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\DropboxMaster
2014-03-14 15:59 - 2014-03-14 15:59 - 00002799 _____ () C:\Users\Public\Desktop\Dragon Medical Practice Edition.lnk
2014-03-14 15:58 - 2014-03-14 15:58 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-03-14 14:03 - 2014-03-14 14:03 - 00001190 _____ () C:\Users\UpdatusUser\Desktop\CdCoverCreator.lnk
2014-03-14 14:03 - 2014-03-14 14:03 - 00001190 _____ () C:\Users\Administrator\Desktop\CdCoverCreator.lnk
2014-03-14 10:07 - 2014-03-14 10:07 - 00002092 _____ () C:\Users\Public\Desktop\Easy-Mailing Testversion.lnk
2014-03-13 14:03 - 2014-04-01 15:30 - 00000360 _____ () C:\Users\Ralf Pappers\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-03-13 13:14 - 2014-04-07 11:21 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Free Download Manager
2014-03-13 13:05 - 2014-03-13 13:05 - 00001164 _____ () C:\Users\Ralf Pappers\Desktop\Free Download Manager.lnk
2014-03-12 13:54 - 2014-04-09 10:28 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 13:54 - 2014-04-09 09:04 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 13:54 - 2014-03-28 14:59 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-12 13:54 - 2014-03-28 14:59 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-12 09:49 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 09:49 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 09:49 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 09:49 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 09:49 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 09:49 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 09:49 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 09:49 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

==================== One Month Modified Files and Folders =======

2014-04-09 10:37 - 2014-04-09 10:37 - 00000000 ____D () C:\FRST
2014-04-09 10:36 - 2013-08-08 14:51 - 00024022 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Notepad2.ini
2014-04-09 10:35 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:35 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:33 - 2010-11-21 08:50 - 00716782 _____ () C:\Windows\system32\perfh007.dat
2014-04-09 10:33 - 2010-11-21 08:50 - 00155436 _____ () C:\Windows\system32\perfc007.dat
2014-04-09 10:33 - 2009-07-14 07:13 - 01667546 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 10:31 - 2012-12-06 10:01 - 01090616 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 10:28 - 2014-03-12 13:54 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-09 10:28 - 2012-12-20 17:11 - 00000000 ____D () C:\ProgramData\VMware
2014-04-09 10:28 - 2012-12-06 11:38 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-09 10:28 - 2012-12-06 11:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-09 10:28 - 2012-12-06 11:26 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-09 10:27 - 2014-04-08 11:01 - 00000168 _____ () C:\Windows\setupact.log
2014-04-09 10:27 - 2012-12-06 10:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-09 10:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 10:27 - 2009-07-14 06:45 - 00671592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 10:01 - 2013-02-06 11:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 09:45 - 2013-02-13 13:46 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA.job
2014-04-09 09:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-09 09:26 - 2012-12-11 14:17 - 00204656 _____ () C:\Users\Ralf Pappers\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 09:18 - 2014-04-09 09:18 - 00001562 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-04-09 09:17 - 2012-12-12 13:06 - 00000000 ____D () C:\Program Files (x86)\Text
2014-04-09 09:04 - 2014-03-12 13:54 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 08:59 - 2012-12-13 16:51 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-09 08:51 - 2012-12-13 13:41 - 00000970 __RSH () C:\ProgramData\ntuser.pol
2014-04-09 08:49 - 2014-04-08 15:12 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Package Cache
2014-04-09 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 08:47 - 2012-12-13 14:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 08:45 - 2013-07-30 13:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 08:44 - 2013-02-06 11:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-09 08:44 - 2013-02-06 11:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-09 08:44 - 2013-02-06 11:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-09 08:44 - 2012-12-11 14:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 08:43 - 2012-12-11 14:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Adobe
2014-04-08 15:45 - 2013-01-02 12:35 - 00000000 ____D () C:\Program Files (x86)\SQL Anywhere 12
2014-04-08 15:45 - 2012-12-13 16:52 - 00000141 _____ () C:\Windows\ODBC.INI
2014-04-08 15:45 - 2012-12-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-08 15:43 - 2014-01-22 10:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-08 15:18 - 2014-04-08 15:43 - 08946728 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll
2014-04-08 15:18 - 2014-04-08 15:43 - 07181352 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll
2014-04-08 14:26 - 2012-12-13 12:13 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\CrashDumps
2014-04-08 13:49 - 2014-01-02 15:52 - 00000000 ____D () C:\Users\Ralf Pappers\.VirtualBox
2014-04-08 13:48 - 2014-01-02 15:52 - 00001082 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-04-08 13:45 - 2013-02-13 13:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core.job
2014-04-08 13:41 - 2014-04-03 09:13 - 00000024 _____ () C:\Users\Ralf Pappers\AppData\Local\pdfshaper.ini
2014-04-08 13:40 - 2012-12-12 12:46 - 00000000 ____D () C:\Program Files (x86)\Zeichnen
2014-04-08 13:37 - 2013-01-10 11:22 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\inkscape
2014-04-08 13:17 - 2013-04-05 16:13 - 00000000 ____D () C:\speechmedia
2014-04-08 13:07 - 2012-12-20 12:24 - 00000000 ____D () C:\Users\Ralf Pappers\.gimp-2.8
2014-04-08 13:02 - 2014-04-08 13:02 - 00006304 _____ () C:\Users\Ralf Pappers\AppData\Local\recently-used.xbel
2014-04-08 11:01 - 2014-04-08 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-08 10:57 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\Virtual Machines
2014-04-08 10:52 - 2012-12-06 11:18 - 00000000 ____D () C:\Program Files\Windows XP Mode
2014-04-08 10:48 - 2012-12-20 17:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\VMware
2014-04-08 10:31 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-08 09:25 - 2012-12-20 17:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\VMware
2014-04-07 14:09 - 2012-12-11 14:50 - 00000000 ____D () C:\!_Test
2014-04-07 12:10 - 2012-12-13 11:43 - 00000000 ____D () C:\iFuB
2014-04-07 11:30 - 2011-02-11 19:36 - 00000000 ____D () C:\Windows\panther
2014-04-07 11:21 - 2014-03-13 13:14 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Free Download Manager
2014-04-07 11:14 - 2014-04-04 10:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 10:29 - 2014-04-02 14:17 - 00000000 ____D () C:\AdwCleaner
2014-04-07 09:07 - 2013-11-26 11:40 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Public\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\ProgramData\ABBYY
2014-04-04 13:59 - 2012-12-11 14:31 - 00000000 ____D () C:\Arbeitsordner Ralf
2014-04-04 13:07 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Wondershare
2014-04-04 13:06 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Wondershare
2014-04-04 11:33 - 2012-12-12 17:03 - 00001429 _____ () C:\Users\Ralf Pappers\Desktop\o2.box.lnk
2014-04-04 10:56 - 2014-04-04 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 10:56 - 2012-12-11 14:56 - 00000000 ____D () C:\Program Files (x86)\Tools
2014-04-04 10:48 - 2012-12-13 12:21 - 00000000 ___RD () C:\Users\Ralf Pappers\Dropbox
2014-04-04 10:47 - 2012-12-13 12:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Dropbox
2014-04-04 10:44 - 2012-12-12 13:04 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Paint.NET
2014-04-03 14:16 - 2012-12-13 12:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\FileZilla
2014-04-03 13:10 - 2014-03-18 14:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Download Manager
2014-04-03 11:48 - 2013-02-27 12:47 - 00013318 _____ () C:\ProgramData\hpzinstall.log
2014-04-03 11:34 - 2009-07-14 04:34 - 00000786 _____ () C:\Windows\win.ini
2014-04-03 11:31 - 2013-07-30 12:40 - 00266610 _____ () C:\Windows\hpwins22.dat
2014-04-03 11:30 - 2014-04-03 11:30 - 00000000 ____D () C:\HP-Drucker
2014-04-03 11:26 - 2013-04-26 09:18 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\TeamDrive3
2014-04-03 11:25 - 2014-03-31 12:49 - 00000000 ___RD () C:\Users\Ralf Pappers\Documents\Spaces
2014-04-03 09:51 - 2014-04-04 10:56 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-04 10:56 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-04 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 09:16 - 2013-02-11 10:27 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-03 09:04 - 2014-04-03 09:04 - 00000134 _____ () C:\Users\Ralf Pappers\AppData\Roaming\PDFShaper.ini
2014-04-03 09:03 - 2014-04-03 09:03 - 00001091 _____ () C:\Users\Public\Desktop\PDF Shaper.lnk
2014-04-03 09:03 - 2012-12-13 12:33 - 00000000 ____D () C:\Program Files (x86)\Multimedia
2014-04-03 09:02 - 2014-04-03 09:02 - 00000025 _____ () C:\Users\Ralf Pappers\AppData\Local\trueburner.ini
2014-04-02 15:37 - 2014-04-02 15:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-02 15:34 - 2014-04-02 15:34 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 15:31 - 2012-12-11 15:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-02 15:11 - 2014-04-02 14:38 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Mozilla
2014-04-02 14:57 - 2014-04-02 14:38 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Mozilla
2014-04-02 14:57 - 2012-12-12 10:11 - 00000000 ____D () C:\Program Files (x86)\Internet
2014-04-02 13:40 - 2013-02-13 13:46 - 00004136 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA
2014-04-02 13:40 - 2013-02-13 13:46 - 00003740 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core
2014-04-02 12:12 - 2012-12-14 12:45 - 00002834 _____ () C:\Users\Ralf Pappers\AppData\Roaming\SAS7_000.DAT
2014-04-02 12:05 - 2014-04-02 12:05 - 00001103 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-04-01 15:53 - 2014-04-01 15:53 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Ashampoo Burning Studio FREE
2014-04-01 15:52 - 2012-12-13 10:26 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Ashampoo
2014-04-01 15:51 - 2014-04-01 15:51 - 00001283 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2014-04-01 15:51 - 2012-12-13 10:26 - 00000000 ____D () C:\ProgramData\ashampoo
2014-04-01 15:30 - 2014-04-01 15:30 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-04-01 15:30 - 2014-03-13 14:03 - 00000360 _____ () C:\Users\Ralf Pappers\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-04-01 15:30 - 2012-12-18 14:14 - 00000887 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk
2014-04-01 13:44 - 2014-04-01 13:43 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Microsoft Games
2014-04-01 12:24 - 2014-03-28 16:54 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\XnViewMP
2014-04-01 12:14 - 2013-02-07 11:15 - 00346112 _____ () C:\Users\Ralf Pappers\Documents\Ralf Pappers.stb
2014-04-01 09:11 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 15:13 - 2013-06-24 14:05 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Winamp
2014-03-31 14:59 - 2014-03-31 14:59 - 00002653 _____ () C:\Users\Public\Desktop\dodMover.lnk
2014-03-31 14:59 - 2014-03-31 14:58 - 00000000 ____D () C:\Program Files (x86)\DictaTeam
2014-03-31 14:59 - 2013-11-15 11:04 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\DictaTeam
2014-03-31 14:58 - 2014-03-31 14:58 - 00002661 _____ () C:\Users\Public\Desktop\dodConverter.lnk
2014-03-31 14:56 - 2014-03-31 14:55 - 00003016 _____ () C:\Windows\unins000.dat
2014-03-31 14:55 - 2014-03-31 14:55 - 00719243 _____ () C:\Windows\unins000.exe
2014-03-31 14:55 - 2014-03-31 14:55 - 00000000 ____D () C:\dod
2014-03-31 12:44 - 2014-03-31 12:44 - 00001123 _____ () C:\Users\Public\Desktop\TeamDrive 3.lnk
2014-03-28 16:54 - 2012-12-12 13:04 - 00000000 ____D () C:\Program Files\Zeichnen
2014-03-28 14:59 - 2014-03-12 13:54 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 14:59 - 2014-03-12 13:54 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 13:17 - 2013-01-28 13:05 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\vlc
2014-03-28 12:42 - 2014-03-28 12:42 - 00038434 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-03-28 12:38 - 2013-06-10 12:41 - 00038450 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2014-03-28 12:37 - 2013-05-29 11:30 - 00038441 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-03-27 14:23 - 2013-10-31 10:05 - 00000031 _____ () C:\Windows\DESKCALC.INI
2014-03-27 14:14 - 2012-12-14 14:51 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Textbausteinverwaltung
2014-03-27 13:52 - 2013-01-03 13:12 - 00000000 ____D () C:\Users\Ralf Pappers\.freemind
2014-03-27 12:44 - 2012-12-14 12:23 - 00000000 ____D () C:\Dragon-Cache
2014-03-26 19:01 - 2014-04-08 13:48 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-03-26 19:00 - 2014-04-08 13:48 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Program Files (x86)\Steganos Online-Banking Free
2014-03-26 14:56 - 2014-03-26 14:48 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\JS-Tools
2014-03-26 14:52 - 2014-03-26 14:52 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\wPlayer
2014-03-26 14:08 - 2014-01-02 15:53 - 00000000 ____D () C:\VMBox
2014-03-26 13:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2014-03-26 12:41 - 2012-12-13 16:49 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Lexware
2014-03-26 12:21 - 2012-12-13 10:24 - 00001430 _____ () C:\Users\Ralf Pappers\AppData\Roaming\burnaware.ini
2014-03-25 15:36 - 2012-12-14 11:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-03-25 14:24 - 2012-12-13 12:08 - 00000000 ____D () C:\Program Files (x86)\Datenbanken
2014-03-25 10:13 - 2013-07-30 11:54 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Lexware
2014-03-25 10:13 - 2012-12-13 16:53 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Lexware
2014-03-24 14:15 - 2013-10-22 13:12 - 00000000 ___HD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by Starter)
2014-03-24 13:58 - 2014-01-23 16:57 - 00002900 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-03-24 13:58 - 2014-01-23 16:57 - 00001218 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-24 13:58 - 2013-11-26 11:40 - 00001194 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-24 13:51 - 2014-03-24 13:50 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Kalender1
2014-03-24 13:50 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 13:49 - 2013-01-04 10:25 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Downloaded Installations
2014-03-24 12:37 - 2014-03-24 12:37 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\SysWOW64\FKStampPainter20.dll
2014-03-24 10:16 - 2013-01-03 12:30 - 00000000 ____D () C:\Users\Ralf Pappers\.mediathek3
2014-03-21 13:20 - 2014-03-21 13:20 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\OneNote-Notizbücher
2014-03-21 13:18 - 2012-12-12 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Text
2014-03-21 12:09 - 2013-02-18 12:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Notepad++
2014-03-19 16:26 - 2012-12-17 11:58 - 00000000 ____D () C:\VMmaschinen
2014-03-19 15:39 - 2012-12-12 10:38 - 00000000 ____D () C:\Install
2014-03-18 17:03 - 2014-03-18 17:03 - 00003178 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-03-18 12:36 - 2014-03-18 12:36 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Apps\Evernote
2014-03-17 10:51 - 2014-03-17 10:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\DropboxMaster
2014-03-17 10:51 - 2012-12-12 17:03 - 00001006 _____ () C:\Users\Ralf Pappers\Desktop\Dropbox.lnk
2014-03-14 16:01 - 2012-12-13 13:41 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Nuance
2014-03-14 15:59 - 2014-03-14 15:59 - 00002799 _____ () C:\Users\Public\Desktop\Dragon Medical Practice Edition.lnk
2014-03-14 15:58 - 2014-03-14 15:58 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-03-14 15:58 - 2012-12-13 13:40 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-14 15:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-03-14 14:59 - 2013-11-28 16:22 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\gtk-2.0
2014-03-14 14:14 - 2013-11-12 15:13 - 00000294 _____ () C:\Windows\SysWOW64\lamedropXPd.ini
2014-03-14 14:03 - 2014-03-14 14:03 - 00001190 _____ () C:\Users\UpdatusUser\Desktop\CdCoverCreator.lnk
2014-03-14 14:03 - 2014-03-14 14:03 - 00001190 _____ () C:\Users\Administrator\Desktop\CdCoverCreator.lnk
2014-03-14 14:03 - 2012-12-13 13:42 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multimedia
2014-03-14 13:11 - 2012-12-14 11:15 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\SuperMailer
2014-03-14 10:08 - 2013-05-10 11:16 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Tools&More
2014-03-14 10:07 - 2014-03-14 10:07 - 00002092 _____ () C:\Users\Public\Desktop\Easy-Mailing Testversion.lnk
2014-03-14 10:07 - 2013-05-10 11:07 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-13 17:12 - 2014-02-28 13:20 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\MyPhoneExplorer
2014-03-13 17:10 - 2014-02-28 13:20 - 00002129 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-03-13 13:05 - 2014-03-13 13:05 - 00001164 _____ () C:\Users\Ralf Pappers\Desktop\Free Download Manager.lnk
2014-03-12 13:55 - 2013-01-29 10:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-12 09:54 - 2013-01-11 11:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 09:54 - 2013-01-11 11:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 11:37 - 2013-03-26 11:39 - 00001165 _____ () C:\Users\Public\Desktop\BurnAware Free.lnk
2014-03-10 19:17 - 2014-01-15 14:02 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll

Some content of TEMP:
====================
C:\Users\Ralf Pappers\AppData\Local\Temp\avgnt.exe
C:\Users\Ralf Pappers\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-02 09:11

==================== End Of Log ============================

--- --- ---

--- --- ---

Danke für Deine Hilfe.

Gruß draftec

draftec · 09.04.2014, 09:42

Und hier die Aditional.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ralf Pappers at 2014-04-09 10:37:55
Running from C:\Install\Programme Ralf\Tools\Virenscanner\Farbars Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909g (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.2 - Atomi Systems, Inc.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Aiseesoft Total Video Converter Platinum 7.1.10 (HKLM-x32\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version: 7.1.10 - Aiseesoft Studio)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Ashampoo Home Designer Pro v.1.0.1 (HKLM-x32\...\{4D1A0101-17A2-4fca-9119-4734EDBDA12D}_is1) (Version: 1.0.1 - Creative Amadeo GmbH)
Ashampoo Movie Studio 2013 v.1.0.6 (HKLM-x32\...\{91B33C97-EB09-F0A4-36AC-3895F9F93DD1}_is1) (Version: 1.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo MyAutoplay Menu 1.0.5 (HKLM-x32\...\Ashampoo MyAutoplay Menu_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.2.1 (HKLM-x32\...\{C92AB6F1-4B66-808A-D77C-25EF81C0176A}_is1) (Version: 10.2.1 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio 2013 v.1.0.2 (HKLM-x32\...\{91B33C97-34D2-9841-084D-BE4849F6A38F}_is1) (Version: 1.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 6 v.6.0.10 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM-x32\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother P-touch Editor 4.2 (HKLM-x32\...\InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}) (Version: 4.2 - Brother Industries, Ltd.)
Brother P-touch Editor 4.2 (x32 Version: 4.2 - Brother Industries, Ltd.) Hidden
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version:  - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BurnAware Free 6.9.3 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
calibre 64bit (HKLM\...\{13AD5E97-F15C-46C7-92D9-6CE42AB6E73E}) (Version: 1.26.0 - Kovid Goyal)
Camtasia Studio 5 (HKLM-x32\...\{9B7802FF-2E35-4361-8A82-D207C7E9F99B}) (Version: 5.1.0 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
CodeStuff Starter (HKLM-x32\...\CodeStuff Starter) (Version: 5.6.2.9 - CodeStuff)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5425 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.5425 - CyberLink Corp.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dexpot (HKCU\...\Dexpot) (Version: 1.6.11 - Dexpot GbR)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
dictate on demand converter (HKLM-x32\...\{AEF15737-F6D9-4335-936B-10900E20D156}) (Version: 3.1.1 - DictaTeam)
dictate on demand mover (HKLM-x32\...\{E6318DFB-01EF-4EFA-9EA2-647A17690535}) (Version: 3.1.1 - DictaTeam)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
dra.mover Vollinstallation Version beta8 (HKLM-x32\...\{4B67A79E-91AD-4D57-857A-ACBDF7A876E0}_is1) (Version: beta8 - EGS Computer Vertrieb GmbH)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.350 - Nuance Communications Inc.)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
DVDStyler v2.7 (HKLM-x32\...\DVDStyler_is1) (Version:  - )
Easy-Mailing (HKLM-x32\...\{CB2C65F0-A8F3-4FE7-A8F9-0EF73E184BCF}) (Version: 4.00.0200 - Wirth IT Design)
Edraw Mind Map 6.6.2 (HKLM-x32\...\Edraw Mind Map Freeware_is1) (Version:  - EdrawSoft)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Eumex RNDIS64 Treiber V1.02 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.02.0000 - Deutsche Telekom)
Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Feiertage BR-Deutschland xp2v (HKLM-x32\...\{A18DE4D5-2219-4952-B56A-3C7CF98A6B46}) (Version: 1.0.3.1 - Jürgen A. Neuber (JAN))
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - stfx, Ath)
FileZilla Client 3.8.0 (HKCU\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreeFileSync 6.2 (HKLM-x32\...\FreeFileSync) (Version: 6.2 - Zenju)
Freemake Audio Converter Version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.3 - Ellora Assets Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
funkwerk Eumex 401 WIN-Tools V1.00 (HKLM-x32\...\InstallShield_{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}) (Version: 1.00.0000 - Funkwerk Enterprise Communications GmbH)
funkwerk Eumex 401 WIN-Tools V1.00 (x32 Version: 1.00.0000 - Funkwerk Enterprise Communications GmbH) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Grundig Digta Configurator (HKLM-x32\...\{FBCD82BA-DE70-49BC-9453-1F468F23D69A}) (Version: 7.2.22 - Grundig Business Systems GmbH)
Grundig DigtaSoft Pro (HKLM-x32\...\{3E556D86-D772-40CE-A249-7A54A8EA30B8}) (Version: 5.1.21 - Grundig Business Systems GmbH)
Grundig DssMover (HKLM-x32\...\{B9DD58FE-FD1B-4C8D-8B13-03E60A976983}) (Version: 5.1.21 - Grundig Business Systems GmbH)
Grundig NetAdministration (HKLM-x32\...\{60D030F7-ABCA-4665-BED9-F83ED7EA2827}) (Version: 5.1.21 - Grundig Business Systems GmbH)
Hamster Free EbookConverter (HKLM-x32\...\{441AC599-200D-4E04-B274-C6B7B50C281D}_is1) (Version: 1.0.0.13 - HamsterSoft)
Hornil StylePix (HKCU\...\Hornil StylePix) (Version: 1.14.1.0 - Hornil Co.)
Hornil StylePix Pro (HKCU\...\Hornil StylePix Pro) (Version: 1.14.2.2 - Hornil Co.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8500 A909 Series (HKLM\...\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Huey (HKLM-x32\...\Huey) (Version:  - )
Icons from File 5.02 (HKLM-x32\...\Icons from File_is1) (Version: 5.02 - Vitaliy Levchenko)
Index Your Files 5.0.2.6 (HKLM-x32\...\{8158B832-5225-40AB-8082-54349388B323}_is1) (Version:  - Rafael Castro)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 7.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LamedropXPd3 3.0.2 (HKLM-x32\...\LamedropXPd_0) (Version: 3.0.2 - Strange World Productions)
lexiCan 4 (HKLM-x32\...\{4A79D043-17F4-41A7-B0C7-6E464AD29429}) (Version: 4.7.1 - vetafab Software GmbH)
Lexware Info Service (x32 Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware warenwirtschaft pro 2014 (x32 Version: 14.04.00.0022 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware warenwirtschaft pro 2014 Client (HKLM-x32\...\{d0e8466a-620d-4b9c-b85b-df1785630f03}) (Version: 14.3.0.175 - Haufe-Lexware GmbH & Co.KG)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{7801C501-F2B8-41FF-9792-D48C809A9CFB}) (Version: 4.2.2.1 - The Document Foundation)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
MAGIX Screenshare (HKLM-x32\...\{AEDB01F3-380C-4BF8-BC8A-AB04AB9EB7D9}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{A9DCBD16-308D-454E-A563-191673A51D52}) (Version: 7.0.2.6 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
meinHausplaner (HKLM-x32\...\meinHausplaner) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Setup Center 13.05 (HKLM-x32\...\Microsoft Setup Center 13.05_is1) (Version:  - com! - Das Computer Magazin)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
my DESIGN 13.9.1 (HKLM-x32\...\my DESIGN) (Version: 13.9.1 - myFlyeralarm GmbH)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MySQL-Front (HKLM-x32\...\MySQL-Front_is1) (Version: 5.3 - )
Namo WebEditor 9 (HKLM-x32\...\{E4F6C5BD-023B-4352-9C1C-7851F5A3AE82}) (Version: 8.00.000 - Namo Interactive, Inc.)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NewFreeScreensaver nfsClockClouds01HD (HKLM-x32\...\nfsClockClouds01HD New Free Screensaver_is1) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25  - Florian Balmer)
Nuance PDF Professional 6 (HKLM\...\{17123D2C-667C-4F3C-B3C0-5F80931A989E}) (Version: 6.00.6434 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
O&O DiskImage Professional (HKLM\...\{56F8EF3C-D9A0-4728-95D5-DC05A72931F5}) (Version: 7.81.6 - O&O Software GmbH)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Outlook4Gmail 2.6 (HKLM-x32\...\{6A53C42D-DCCD-46B7-9143-51071726A6F6}_is1) (Version:  - Scand Ltd.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Shaper 2.5 (HKLM-x32\...\PDF Shaper_is1) (Version:  - Glorylogic)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Philips Device Control Center (HKLM-x32\...\{E684F384-1C66-4BFE-86D3-80C4C777538E}) (Version: 3.2.320.40 - Speech Processing Solutions GmbH)
Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.3.12.723 - Engelmann Media GmbH)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Samplitude Music Studio 17 (HKLM-x32\...\MAGIX_MSI_ms17dlx) (Version: 17.0.0.0 - MAGIX AG)
Samplitude Music Studio 17 (x32 Version: 17.0.0.0 - MAGIX AG) Hidden
SARDU 2.0.6.5 (HKLM-x32\...\SARDU) (Version: 2.0.6.5 - Davide Costa)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Sigil 0.7.2 (HKLM-x32\...\Sigil_is1) (Version:  - John Schember)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SpeechExec Pro Dictate (HKLM-x32\...\{441C6C10-0ED0-47A8-8FA5-ED09C89CD66D}) (Version: 7.5.750.2 - Speech Processing Solutions GmbH)
SpeechExec Pro Transcribe (HKLM-x32\...\{D1B08525-6ADC-4637-BE25-E40CE39F4F0F}) (Version: 7.5.750.2 - Speech Processing Solutions GmbH)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steganos Online-Banking 2012 (HKLM-x32\...\{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}) (Version: 2.0.4 - Steganos Software GmbH)
Steganos Safe 2012 (HKLM-x32\...\{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}) (Version: 13.0.5 - Steganos Software GmbH)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SuperMailer 7.03 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 7.03 - Mirko Boeer Softwareentwicklungen)
Sweet Home 3D version 4.0 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
TeamDrive 3 (HKLM-x32\...\TeamDrive 3) (Version: 3.2.0.721 - TeamDrive Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Textbausteinverwaltung v2.6.4 (HKLM-x32\...\Textbausteinverwaltung_is1) (Version: 2.6.4 - Bartels Media GmbH)
TheColourClock (HKLM-x32\...\TheColourClock_is1) (Version:  - )
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
tools-freebsd (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
TopStyle Lite (Version 3) (HKLM-x32\...\TopStyle Lite (Version 3.0)) (Version:  - )
TopStyle Lite (Version 3) (HKLM-x32\...\TSLite3_is1) (Version:  - )
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Typograf 5.1f (HKLM-x32\...\Typograf) (Version: 5.1f - Neuber Software)
Ultimate Windows Customizer (HKLM-x32\...\{C1AE8796-BE88-4630-9301-2F6D56F7A579}) (Version: 1.0.1.0 - The Windows Club)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer) (Version: 1.5 - Deutsche Post AG)
Versandhelfer (x32 Version: 1.5 - Deutsche Post AG) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 10.20.200 - Nuance Communications Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VisualBee for Microsoft PowerPoint (HKCU\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
WAVCardFilter (HKCU\...\5c1a3aa26e5ab4cf) (Version: 1.0.0.0 - Organisation)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.0.0.2 - BiniSoft.org)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Grundig Business Systems GmbH (UacCtl2) USB  (12/19/2006 2.0.3.3) (HKLM\...\CC5DAECF4951DEA284D78F429720CB8E8C2E057D) (Version: 12/19/2006 2.0.3.3 - Grundig Business Systems GmbH)
Windows-Treiberpaket - T-Home Net  (06/30/2010 6.0.6000.16384) (HKLM\...\7B73EBFEF26F2C40D3AA9D389F5CF2C77121106C) (Version: 06/30/2010 6.0.6000.16384 - T-Home)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wondershare Vivideo(Build 2.0.0.12) (HKLM-x32\...\Wondershare Vivideo_is1) (Version:  - Wondershare Software)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami)
XnView 2.20 (HKLM-x32\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)
XnViewMP 0.64 (HKLM\...\XnViewMP_is1) (Version: 0.64 - Gougelet Pierre-e)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

04-04-2014 09:11:00 RegClean Pro Fr, Apr 04, 14  11:10
08-04-2014 08:52:05 Windows XP Mode wird entfernt
08-04-2014 08:56:45 Windows Modules Installer
08-04-2014 11:47:50 Installed Oracle VM VirtualBox 4.3.10
08-04-2014 13:42:32 Lexware warenwirtschaft pro 2014 Client
09-04-2014 06:43:33 Windows Update
09-04-2014 07:17:41 Installed LibreOffice 4.2.2.1
09-04-2014 07:18:41 Installed LibreOffice 4.2 Help Pack (German)
09-04-2014 07:39:43 Installed Lexware online banking.

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02F1D9ED-5166-48BE-BEAF-847550DC4075} - System32\Tasks\Eigene Aufgaben\Zweite Erinnerung
Task: {16A953D4-D17D-4907-9633-EC196471CAF3} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-24] (IObit)
Task: {1F82893E-895E-4A78-9918-8F4165B1D9EB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {2DCE7B2F-FDBE-4A5E-A317-0AEF3A75C709} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)
Task: {35D64538-0C5F-476B-AA3D-B127C0CF5F66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13] (Google Inc.)
Task: {528ED0C8-C2E2-49BC-A05D-A28EE39C2559} - System32\Tasks\Eigene Aufgaben\Backup Lexware
Task: {6DA6A8AF-17FF-4E97-A92F-D46F45F50741} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\Tools\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {7074A164-3E0C-428B-909B-394AF0EB865A} - System32\Tasks\Eigene Aufgaben\Feierabend Vorbereitung
Task: {77342821-9335-4706-BE9E-7A4DFFBA3FD9} - System32\Tasks\Eigene Aufgaben\Backup Ralf => C:\Program Files\Tools\FreeFileSync\FreeFileSync.exe [2014-02-01] (freefilesync.sourceforge.net)
Task: {9BD2741B-1F12-40BF-BCFA-B0C934DA1DB3} - \CreateChoiceProcessTask No Task File
Task: {AA455224-03EF-43F9-AE09-0B6D25121E5D} - System32\Tasks\VisualBeeRecovery => C:\Users\Ralf
Task: {BA815CCB-0E2D-4F64-BAE3-BACA9F43C8A1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {BC7E4439-6E9F-407B-8131-2828B9195B5B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13] (Google Inc.)
Task: {D62B914F-7E6F-41EA-8168-1DC29A74CBF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\Tools\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {DB003477-59D5-4A5F-9171-ACCEA2D4D32C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09] (Adobe Systems Incorporated)
Task: {E0D5E448-B6CB-4C49-AC54-8B5A533BF1AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)
Task: {F269D1C3-C631-4352-9C3F-834D9CB87AEB} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {FFF717FC-2D02-42D2-9E05-9B87FE694AA9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core.job => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA.job => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-06 10:00 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-23 15:37 - 2014-01-23 15:37 - 00118784 _____ () C:\Windows\system32\qcap64.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00326448 _____ () C:\Program Files\OO Software\DiskImage\oodiagrs.dll
2013-09-09 17:35 - 2013-09-09 17:35 - 00344880 _____ () C:\Program Files\OO Software\DiskImage\oodishrs.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\Internet\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Tools\Unlocker\UnlockerCOM.dll
2012-10-29 17:45 - 2012-10-29 17:45 - 00220672 _____ () C:\Program Files (x86)\Tools\Steganos Safe 2012\ShellExtension.dll
2012-12-11 15:42 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\Tools\TeraCopy\TeraCopyExt64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Text\Notepad++\NppShell_05.dll
2012-12-06 11:26 - 2012-01-26 23:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-04-02 15:33 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-02 16:48 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-02 16:48 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-02 16:48 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-02 16:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-02 16:48 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Tools\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2012-12-14 14:51 - 2012-12-13 17:28 - 00439016 _____ () C:\Program Files (x86)\Tools\Textbausteinverwaltung\tbvlang.dll
2014-04-04 13:06 - 2014-04-01 14:37 - 00371712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-04-04 13:06 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files (x86)\Internet\FileZilla FTP Client\fzshellext.dll
2014-04-02 14:57 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Internet\Mozilla Firefox\mozjs.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2009-07-27 02:45 - 2009-07-27 02:45 - 00432128 _____ () C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF6\OutlookAddin.dll
2013-12-18 20:42 - 2013-12-18 20:42 - 02897280 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-12-18 20:43 - 2013-12-18 20:43 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-05 12:35 - 2014-03-05 12:35 - 00534056 _____ () C:\Program Files (x86)\Lexware\professional\2014\lxuser.dll
2014-03-05 12:35 - 2014-03-05 12:35 - 00151080 _____ () C:\Program Files (x86)\Lexware\professional\2014\lxcompany.dll
2014-03-24 18:23 - 2014-03-24 18:23 - 00873000 _____ () C:\Program Files (x86)\Lexware\professional\2014\FkManagedTools.dll
2014-03-24 12:37 - 2014-03-24 12:37 - 00297512 _____ () C:\Program Files (x86)\Lexware\professional\2014\FkCommonManagedTools.dll
2014-03-24 18:23 - 2014-03-24 18:23 - 00244776 _____ () C:\Program Files (x86)\Lexware\professional\2014\FkManagedKernel.dll
2014-01-15 12:24 - 2014-01-15 12:24 - 00086568 _____ () C:\Program Files (x86)\Lexware\professional\2014\LexCheckView.dll
2014-01-15 12:24 - 2014-01-15 12:24 - 00091176 _____ () C:\Program Files (x86)\Lexware\professional\2014\LexCheckMini.dll
2014-01-15 12:24 - 2014-01-15 12:24 - 00069672 _____ () C:\Program Files (x86)\Lexware\professional\2014\LexCheckDataProviderPro.dll
2013-11-12 11:04 - 2013-11-12 11:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-02-13 14:17 - 2014-02-13 14:17 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-12-06 11:18 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-12-06 11:21 - 2012-01-21 13:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:01C66DD9
AlternateDataStreams: C:\ProgramData\Temp:264CA462
AlternateDataStreams: C:\ProgramData\Temp:58A5270D
AlternateDataStreams: C:\ProgramData\Temp:7FFED16F
AlternateDataStreams: C:\ProgramData\Temp:9B013599
AlternateDataStreams: C:\ProgramData\Temp:FBBC6045

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2014 10:28:08 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/09/2014 08:50:02 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/08/2014 02:25:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 13.51.0.181, Zeitstempel: 0x51c2b76a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc015000f
Fehleroffset: 0x00084671
ID des fehlerhaften Prozesses: 0x1bc4
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3

Error: (04/08/2014 02:25:42 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c015000f, Ausnahmeadresse 77794671
Stapel:

Error: (04/08/2014 11:01:35 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/08/2014 10:52:18 AM) (Source: MsiInstaller) (User: RalfPappers-PC)
Description: Produkt: Windows XP Mode -- Durch diesen Vorgang werden alle Windows XP Mode zugeordneten Dateien entfernt. Die in den virtuellen Festplattendateien von Windows XP Mode gespeicherten Daten werden ebenfalls gelöscht.

Möchten Sie Windows XP Mode deinstallieren?

Error: (04/08/2014 08:52:29 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/08/2014 08:51:02 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 13.51.0.181, Zeitstempel: 0x51c2b76a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc015000f
Fehleroffset: 0x00084671
ID des fehlerhaften Prozesses: 0x1df0
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3

Error: (04/08/2014 08:51:01 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c015000f, Ausnahmeadresse 77064671
Stapel:

Error: (04/07/2014 11:30:50 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/09/2014 10:30:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/09/2014 10:30:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/09/2014 10:28:09 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (04/09/2014 10:27:48 AM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/09/2014 09:38:05 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (04/09/2014 09:38:03 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (04/09/2014 09:32:12 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (04/09/2014 08:52:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/09/2014 08:52:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/09/2014 08:50:03 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004


Microsoft Office Sessions:
=========================
Error: (10/29/2013 04:17:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22529 seconds with 2100 seconds of active time.  This session ended with a crash.

Error: (10/02/2013 08:39:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/30/2013 01:55:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 129 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/05/2013 04:21:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/18/2013 10:18:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-05-27 10:34:55.501
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:34:55.460
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:34:14.459
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:34:14.419
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:33:34.417
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:33:34.373
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-23 14:13:59.282
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-23 14:13:59.244
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-23 08:55:57.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-23 08:55:57.718
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 4056.92 MB
Available physical RAM: 1745.01 MB
Total Pagefile: 8112.02 MB
Available Pagefile: 5144.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Disk-C) (Fixed) (Total:915.83 GB) (Free:82.4 GB) NTFS
Drive n: (Corona) (Network) (Total:923.76 GB) (Free:647.83 GB) NTFS
Drive o: (iFuB) (Network) (Total:923.76 GB) (Free:647.83 GB) NTFS
Drive p: (Public) (Network) (Total:923.76 GB) (Free:647.83 GB) NTFS
Drive r: (Buchhaltung) (Network) (Total:923.76 GB) (Free:647.83 GB) NTFS
Drive s: (speechmedia) (Network) (Total:923.76 GB) (Free:647.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 410D9CD0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bootsektor · 09.04.2014, 20:35

Hallo,

falls du das ATTENTION bezüglich des Rootkits in den Logs gesehen haben solltest, das ist ein Fehlalarm

Wie sieht es nach dem Fix mit Download Protect aus?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:01C66DD9
AlternateDataStreams: C:\ProgramData\Temp:264CA462
AlternateDataStreams: C:\ProgramData\Temp:58A5270D
AlternateDataStreams: C:\ProgramData\Temp:7FFED16F
AlternateDataStreams: C:\ProgramData\Temp:9B013599
AlternateDataStreams: C:\ProgramData\Temp:FBBC6045
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
FF HKLM-x32\...\Firefox\Extensions: [{3146650B-2476-4679-B13D-8026A60D9E5E}] - C:\Windows\Installer\{B364E1F3-A328-4674-90D3-96C844AA386C}\{3146650B-2476-4679-B13D-8026A60D9E5E}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{210833DC-ACC3-4D9D-B8D8-FFC75D3851C8}] - C:\Windows\Installer\{C80715B5-85FF-4ACC-B091-CC033A3BF094}\{210833DC-ACC3-4D9D-B8D8-FFC75D3851C8}.xpi
CHR Extension: (Download Protect) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehpppaagkhefdddpkodnnnkphajeoiho [2014-04-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2 (falls kein Log von Malwarebytes existiert, ansonsten bitte dieses posten)

Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Windows Vista und höher: mit Rechtsklick "als Administrator starten"
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language German aus.
Klicke auf Armaturenbrett und auf Jetzt aktualisieren, um die Datenbank zu updaten.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

draftec · 10.04.2014, 08:48

Hallo,

hier schon mal das Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ralf Pappers at 2014-04-10 09:27:53 Run:1
Running from C:\Install\Programme Ralf\Tools\Virenscanner\Farbars Recovery Scan Tool
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:01C66DD9
AlternateDataStreams: C:\ProgramData\Temp:264CA462
AlternateDataStreams: C:\ProgramData\Temp:58A5270D
AlternateDataStreams: C:\ProgramData\Temp:7FFED16F
AlternateDataStreams: C:\ProgramData\Temp:9B013599
AlternateDataStreams: C:\ProgramData\Temp:FBBC6045
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
FF HKLM-x32\...\Firefox\Extensions: [{3146650B-2476-4679-B13D-8026A60D9E5E}] - C:\Windows\Installer\{B364E1F3-A328-4674-90D3-96C844AA386C}\{3146650B-2476-4679-B13D-8026A60D9E5E}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{210833DC-ACC3-4D9D-B8D8-FFC75D3851C8}] - C:\Windows\Installer\{C80715B5-85FF-4ACC-B091-CC033A3BF094}\{210833DC-ACC3-4D9D-B8D8-FFC75D3851C8}.xpi
CHR Extension: (Download Protect) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehpppaagkhefdddpkodnnnkphajeoiho [2014-04-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\ProgramData\Temp => ":01C66DD9" ADS removed successfully.
C:\ProgramData\Temp => ":264CA462" ADS removed successfully.
C:\ProgramData\Temp => ":58A5270D" ADS removed successfully.
C:\ProgramData\Temp => ":7FFED16F" ADS removed successfully.
C:\ProgramData\Temp => ":9B013599" ADS removed successfully.
C:\ProgramData\Temp => ":FBBC6045" ADS removed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967} => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{3146650B-2476-4679-B13D-8026A60D9E5E} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{210833DC-ACC3-4D9D-B8D8-FFC75D3851C8} => Value deleted successfully.
C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehpppaagkhefdddpkodnnnkphajeoiho => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.


The system needed a reboot. 

==== End of Fixlog ====

Den Schritt 3 lasse ich heute Abend über Nacht mal laufen und poste es dann.

Nach zwei Neustarts ist Download Protect bisher nicht erneut aufgetaucht. Beobachte das auf jeden Fall weiter.

Bootsektor · 10.04.2014, 09:43

Hallo draftec,

Zitat:

Den Schritt 3 lasse ich heute Abend über Nacht mal laufen und poste es dann.

Ok, dann einfach hier posten, ich seh es mir dann an.

Zitat:

Nach zwei Neustarts ist Download Protect bisher nicht erneut aufgetaucht. Beobachte das auf jeden Fall weiter.

draftec · 11.04.2014, 10:54

Sorry, wir hatten Gestern einigen Streß mit unserer Telefonanlage, deswegen habe ich vergessen den Test zu starten. Mache ich dann am Montag Abend.

Bootsektor · 11.04.2014, 13:20

Alles klar, danke fürs Bescheidgeben.

draftec · 15.04.2014, 07:41

Hallo Sandra,

heute Abend will ich ja den Scannlauf durchführen. Vorab schon mal die Info, daß die beiden verdächtigen vxi-Dateien wieder im Windows/Installer Ordner lagen.

Diese habe ich wieder gelöscht. Allerdings waren die Einstellungen meines Firefox wieder zerstört, so daß ich meine Sicherung zurückspielen mußte.

Hier das Logfile von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d9991c15023366478daac20dc4bfd6ce
# engine=17874
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-14 06:31:45
# local_time=2014-04-14 08:31:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 21328 4182641 14108 0
# compatibility_mode=5893 16776574 100 94 1143752 149130155 0 0
# scanned=439506
# found=1
# cleaned=0
# scan_time=15373
sh=02DB8C0132596F0E2B2CBED4A81D6DCDFE050D50 ft=1 fh=40c9877dbec53ba0 vn="Win32/AdWare.Linkular.AH application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ralf Pappers\AppData\Local\DownloadGuide\Offers\Lollipop.exe.vir"

Und dann die Logfiles von FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by Ralf Pappers (administrator) on RALFPAPPERS-PC on 15-04-2014 08:38:27
Running from C:\Install\Programme Ralf\Tools\Virenscanner\Farbars Recovery Scan Tool
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Multimedia\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Text\PDF Professional 6\PDFProFiltSrv.exe
() C:\Windows\system32\qcap64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(TeamViewer GmbH) C:\Program Files (x86)\Tools\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Google) C:\Program Files (x86)\Internet\Google Calendar Sync\GoogleCalendarSync.exe
(Bartels Media GmbH) C:\Program Files (x86)\Tools\Textbausteinverwaltung\Textbausteinverwaltung.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Tools\Everything\Everything.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Tools\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\Tools\FreeCommander\FreeCommander.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\professional\2014\Framework.exe
(Mozilla Corporation) C:\Program Files (x86)\Internet\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-16] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Tools\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Tools\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\Text\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Run: [Google Update] => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-13] (Google Inc.)
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\MountPoints2: {47fdbf3a-34ba-11e3-8053-005056c00008} - J:\AutoRun.exe
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\MountPoints2: {47fdbf50-34ba-11e3-8053-005056c00008} - J:\AutoRun.exe
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\MountPoints2: {5cdc6672-4461-11e2-9b50-a4173198d3b6} - E:\setup.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll" File Not Found
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
URLSearchHook: HKCU - (No Name) - {1d053bb5-c922-44e3-9910-66585f017505} - No File
SearchScopes: HKLM - DefaultScope {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS
SearchScopes: HKCU - DefaultScope {F51B30DC-C5D1-46E6-AEBC-0F95C81A71AA} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {F51B30DC-C5D1-46E6-AEBC-0F95C81A71AA} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {1D053BB5-C922-44E3-9910-66585F017505} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {AA299E98-6FB5-409F-99D3-D30D749F4864} hxxp://compardt.istmein.de/inc/kaxRemote.dll
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP3-17099/webex/ieatgpc1.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default
FF Homepage: https://www.google.com/calendar/render?gsessionid=OK
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Text\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ralf Pappers\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ralf Pappers\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ralf Pappers\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\searchplugins\duckduckgo.xml
FF Extension: Print pages to PDF - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\printPages2Pdf@reinhold.ripper [2014-04-04]
FF Extension: FEBE - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-04-04]
FF Extension: Empty Cache Button - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-04-04]
FF Extension: DownloadHelper - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-04]
FF Extension: Flash and Video Download - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-14]
FF Extension: Add Bookmark Here ² - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\abhere2@moztw.org.xpi [2014-04-15]
FF Extension: about:addons-memory - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\about-addons-memory@tn123.org.xpi [2014-04-15]
FF Extension: Bookmark Favicon Changer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2014-04-15]
FF Extension: Firebug - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-15]
FF Extension: Go Parent Folder - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\goParentFolder@alice.xpi [2014-04-15]
FF Extension: Print / Print Preview (Update) - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com.xpi [2014-04-15]
FF Extension: Restart - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\Restart@schuzak.jp.xpi [2014-04-15]
FF Extension: Save as PDF - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2014-04-15]
FF Extension: Slim Add-ons Manager - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\slimaddonmanager@opendfki.de.xpi [2014-04-15]
FF Extension: Auto-Sort Bookmarks - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\sortbookmarks@bouanto.xpi [2014-04-15]
FF Extension: Firesizer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi [2014-04-15]
FF Extension: FlashGot - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-15]
FF Extension: Download Status Bar - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-04-15]
FF Extension: CookieCuller - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-04-15]
FF Extension: FireFTP - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-04-15]
FF Extension: Password Exporter - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-04-15]
FF Extension: Web Developer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-04-15]
FF Extension: Adblock Plus - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-15]
FF Extension: Tab Mix Plus - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-04-15]
FF Extension: DownThemAll! - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF HKLM-x32\...\Firefox\Extensions: [{A16F2E48-309E-4005-AFE5-00F5D4A5B337}] - C:\Windows\Installer\{3B7ED942-D019-4E01-8C53-0277D1222227}\{A16F2E48-309E-4005-AFE5-00F5D4A5B337}.xpi
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-30]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Internet\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Google-Suche) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (AdBlock) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Google Mail) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [flegfcibpcnhjcfmmpgckdobbiiogkda] - C:\Users\Ralf Pappers\AppData\Local\CRE\flegfcibpcnhjcfmmpgckdobbiiogkda.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-07-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Tools\Ashampoo WinOptimizer 2014\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Multimedia\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-04] (Ellora Assets Corp.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-24] (IObit)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [6258480 2013-09-09] (O&O Software GmbH)
R2 PDFProFiltSrv; C:\Program Files (x86)\Text\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.)
R2 rundlm32; C:\Windows\system32\qcap64.exe [118784 2014-01-23] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 TeamViewer8; C:\Program Files (x86)\Tools\TeamViewer\TeamViewer_Service.exe [3574624 2013-04-23] (TeamViewer GmbH)
R2 wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [76400 2013-05-24] (BiniSoft.org)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-11-02] (AnchorFree Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116936 2013-09-09] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41160 2013-09-09] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255688 2013-09-09] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44744 2013-09-09] (O&O Software GmbH)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-19] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 UacCtl2; C:\Windows\System32\DRIVERS\uacctl2.sys [17408 2006-12-19] (Micronas GmbH)
S3 UacFlt2; C:\Windows\System32\DRIVERS\uacflt2.sys [18304 2006-12-19] (Micronas GmbH)
U5 UnlockerDriver5; C:\Program Files\Tools\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 cleanhlp; \??\C:\EEK\Run\cleanhlp64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 08:27 - 2014-04-15 08:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-14 16:13 - 2014-04-14 16:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-11 16:07 - 2014-04-11 16:07 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\PDF24
2014-04-11 14:59 - 2014-04-15 08:28 - 00002500 _____ () C:\Windows\PFRO.log
2014-04-09 15:28 - 2014-04-09 15:28 - 00000000 __SHD () C:\Users\Ralf Pappers\AppData\Local\EmieUserList
2014-04-09 15:28 - 2014-04-09 15:28 - 00000000 __SHD () C:\Users\Ralf Pappers\AppData\Local\EmieSiteList
2014-04-09 12:39 - 2014-04-09 12:39 - 00000000 ____D () C:\Users\Ralf Pappers\Downloads\Mac OS X Leopard
2014-04-09 10:37 - 2014-04-15 08:38 - 00000000 ____D () C:\FRST
2014-04-09 09:18 - 2014-04-09 09:18 - 00001562 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-04-09 08:46 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 08:46 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 08:46 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 08:46 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 08:46 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 08:46 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 08:46 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 08:46 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 08:46 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 08:46 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 08:46 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 08:46 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 08:46 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 08:46 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 08:46 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 08:46 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 08:46 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 08:46 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 08:46 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 08:46 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 08:46 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 08:46 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 08:46 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 08:46 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 08:46 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 08:46 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 08:46 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 08:46 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 08:46 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 08:46 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 08:46 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 08:46 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 08:46 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 08:46 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 08:46 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 08:46 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 08:46 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 08:46 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 08:46 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 08:46 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 08:46 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 08:46 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 08:46 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 08:46 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 08:46 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 08:46 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 08:46 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 08:46 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 08:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 08:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 08:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 08:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 08:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 08:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 08:42 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:42 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:42 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:42 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:42 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 08:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 15:43 - 2014-04-08 15:18 - 08946728 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll
2014-04-08 15:43 - 2014-04-08 15:18 - 07181352 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll
2014-04-08 15:12 - 2014-04-09 08:49 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Package Cache
2014-04-08 13:48 - 2014-03-26 19:01 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-04-08 13:48 - 2014-03-26 19:00 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-04-08 13:02 - 2014-04-08 13:02 - 00006304 _____ () C:\Users\Ralf Pappers\AppData\Local\recently-used.xbel
2014-04-08 11:01 - 2014-04-15 08:29 - 00001299 _____ () C:\Windows\setupact.log
2014-04-08 11:01 - 2014-04-08 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Public\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\ProgramData\ABBYY
2014-04-04 13:06 - 2014-04-04 13:07 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Wondershare
2014-04-04 13:06 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Wondershare
2014-04-04 10:57 - 2014-04-07 11:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 10:56 - 2014-04-04 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 10:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 10:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 10:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 11:30 - 2014-04-03 11:30 - 00000000 ____D () C:\HP-Drucker
2014-04-03 09:13 - 2014-04-10 15:59 - 00000024 _____ () C:\Users\Ralf Pappers\AppData\Local\pdfshaper.ini
2014-04-03 09:04 - 2014-04-10 15:59 - 00000134 _____ () C:\Users\Ralf Pappers\AppData\Roaming\PDFShaper.ini
2014-04-03 09:03 - 2014-04-03 09:03 - 00001091 _____ () C:\Users\Public\Desktop\PDF Shaper.lnk
2014-04-03 09:02 - 2014-04-03 09:02 - 00000025 _____ () C:\Users\Ralf Pappers\AppData\Local\trueburner.ini
2014-04-02 15:37 - 2014-04-02 15:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-02 15:34 - 2014-04-02 15:34 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 15:33 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-02 15:33 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-02 15:33 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-02 14:38 - 2014-04-02 15:11 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Mozilla
2014-04-02 14:38 - 2014-04-02 14:57 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Mozilla
2014-04-02 14:17 - 2014-04-07 10:29 - 00000000 ____D () C:\AdwCleaner
2014-04-02 12:05 - 2014-04-02 12:05 - 00001103 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-04-01 15:53 - 2014-04-01 15:53 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Ashampoo Burning Studio FREE
2014-04-01 15:51 - 2014-04-01 15:51 - 00001283 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2014-04-01 15:30 - 2014-04-01 15:30 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-04-01 13:43 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Microsoft Games
2014-03-31 14:59 - 2014-03-31 14:59 - 00002653 _____ () C:\Users\Public\Desktop\dodMover.lnk
2014-03-31 14:58 - 2014-03-31 14:59 - 00000000 ____D () C:\Program Files (x86)\DictaTeam
2014-03-31 14:58 - 2014-03-31 14:58 - 00002661 _____ () C:\Users\Public\Desktop\dodConverter.lnk
2014-03-31 14:57 - 2011-08-29 10:00 - 00074752 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-03-31 14:57 - 2011-08-29 10:00 - 00000038 _____ () C:\Windows\avisplitter.ini
2014-03-31 14:57 - 2011-07-16 16:17 - 00151552 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2014-03-31 14:57 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-03-31 14:57 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-03-31 14:57 - 2011-03-02 12:43 - 00175616 _____ () C:\Windows\SysWOW64\unrar.dll
2014-03-31 14:57 - 2008-10-03 14:30 - 00000414 _____ () C:\Windows\SysWOW64\lame_acm.xml
2014-03-31 14:57 - 2008-09-24 20:41 - 00839680 _____ (hxxp://www.mp3dev.org/) C:\Windows\SysWOW64\lameACM.acm
2014-03-31 14:55 - 2014-03-31 14:56 - 00003016 _____ () C:\Windows\unins000.dat
2014-03-31 14:55 - 2014-03-31 14:55 - 00719243 _____ () C:\Windows\unins000.exe
2014-03-31 14:55 - 2014-03-31 14:55 - 00000000 ____D () C:\dod
2014-03-31 12:49 - 2014-04-11 08:51 - 00000000 ___RD () C:\Users\Ralf Pappers\Documents\Spaces
2014-03-31 12:44 - 2014-03-31 12:44 - 00001123 _____ () C:\Users\Public\Desktop\TeamDrive 3.lnk
2014-03-28 16:54 - 2014-04-11 15:16 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\XnViewMP
2014-03-28 12:42 - 2014-03-28 12:42 - 00038434 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Program Files (x86)\Steganos Online-Banking Free
2014-03-26 14:52 - 2014-03-26 14:52 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\wPlayer
2014-03-26 14:48 - 2014-03-26 14:56 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\JS-Tools
2014-03-24 13:50 - 2014-03-24 13:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Kalender1
2014-03-24 12:37 - 2014-03-24 12:37 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\SysWOW64\FKStampPainter20.dll
2014-03-21 13:20 - 2014-03-21 13:20 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\OneNote-Notizbücher
2014-03-18 17:03 - 2014-03-18 17:03 - 00003178 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-03-18 14:51 - 2014-04-10 10:33 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Download Manager
2014-03-18 12:36 - 2014-03-18 12:36 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Apps\Evernote
2014-03-17 10:51 - 2014-03-17 10:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-04-15 08:38 - 2014-04-09 10:37 - 00000000 ____D () C:\FRST
2014-04-15 08:36 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 08:36 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-15 08:34 - 2014-03-12 13:54 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 08:34 - 2012-12-06 11:38 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-15 08:34 - 2012-12-06 11:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-15 08:34 - 2012-12-06 11:26 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-15 08:34 - 2012-12-06 10:01 - 01167833 _____ () C:\Windows\WindowsUpdate.log
2014-04-15 08:33 - 2010-11-21 08:50 - 00716782 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 08:33 - 2010-11-21 08:50 - 00155436 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 08:33 - 2009-07-14 07:13 - 01667546 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 08:30 - 2013-11-26 11:40 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-15 08:30 - 2012-12-13 13:41 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-04-15 08:29 - 2014-04-08 11:01 - 00001299 _____ () C:\Windows\setupact.log
2014-04-15 08:29 - 2012-12-20 17:11 - 00000000 ____D () C:\ProgramData\VMware
2014-04-15 08:29 - 2012-12-06 10:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-15 08:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 08:28 - 2014-04-11 14:59 - 00002500 _____ () C:\Windows\PFRO.log
2014-04-15 08:28 - 2013-01-02 16:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-15 08:28 - 2012-12-11 14:56 - 00000000 ____D () C:\Program Files (x86)\Tools
2014-04-15 08:27 - 2014-04-15 08:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-15 08:25 - 2009-07-14 04:34 - 00000786 _____ () C:\Windows\win.ini
2014-04-15 08:05 - 2014-03-12 13:54 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-15 08:01 - 2013-02-06 11:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 07:46 - 2013-02-13 13:46 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA.job
2014-04-14 16:13 - 2014-04-14 16:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-14 16:03 - 2012-12-20 17:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\VMware
2014-04-14 16:01 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-14 15:59 - 2012-12-20 17:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\VMware
2014-04-14 14:56 - 2012-12-13 10:24 - 00001443 _____ () C:\Users\Ralf Pappers\AppData\Roaming\burnaware.ini
2014-04-14 14:51 - 2013-03-26 11:39 - 00001165 _____ () C:\Users\Public\Desktop\BurnAware Free.lnk
2014-04-14 13:45 - 2013-02-13 13:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core.job
2014-04-14 12:37 - 2012-12-14 12:45 - 00002874 _____ () C:\Users\Ralf Pappers\AppData\Roaming\SAS7_000.DAT
2014-04-14 11:36 - 2013-08-08 14:51 - 00024022 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Notepad2.ini
2014-04-14 10:56 - 2013-01-03 13:12 - 00000000 ____D () C:\Users\Ralf Pappers\.freemind
2014-04-14 10:56 - 2012-12-11 14:50 - 00000000 ____D () C:\!_Test
2014-04-14 10:54 - 2013-02-18 15:45 - 00001206 _____ () C:\Users\Ralf Pappers\Desktop\FreeMind.lnk
2014-04-14 08:41 - 2012-12-13 16:51 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-14 08:32 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-11 16:07 - 2014-04-11 16:07 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\PDF24
2014-04-11 16:06 - 2012-12-12 13:06 - 00000000 ____D () C:\Program Files (x86)\Text
2014-04-11 15:16 - 2014-03-28 16:54 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\XnViewMP
2014-04-11 14:47 - 2012-12-13 12:13 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\CrashDumps
2014-04-11 14:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2014-04-11 13:39 - 2012-12-12 10:38 - 00000000 ____D () C:\Install
2014-04-11 12:31 - 2010-11-21 09:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-11 12:27 - 2013-02-07 13:20 - 00000000 ____D () C:\Users\Public\Documents\gcmail
2014-04-11 12:27 - 2012-12-12 10:11 - 00000000 ____D () C:\Program Files (x86)\Internet
2014-04-11 09:23 - 2013-04-26 09:18 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\TeamDrive3
2014-04-11 08:51 - 2014-03-31 12:49 - 00000000 ___RD () C:\Users\Ralf Pappers\Documents\Spaces
2014-04-11 08:51 - 2012-12-13 12:21 - 00000000 ___RD () C:\Users\Ralf Pappers\Dropbox
2014-04-11 08:51 - 2012-12-13 12:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Dropbox
2014-04-10 16:15 - 2014-01-02 15:52 - 00000000 ____D () C:\Users\Ralf Pappers\.VirtualBox
2014-04-10 15:59 - 2014-04-03 09:13 - 00000024 _____ () C:\Users\Ralf Pappers\AppData\Local\pdfshaper.ini
2014-04-10 15:59 - 2014-04-03 09:04 - 00000134 _____ () C:\Users\Ralf Pappers\AppData\Roaming\PDFShaper.ini
2014-04-10 10:33 - 2014-03-18 14:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Download Manager
2014-04-10 09:21 - 2012-12-11 14:31 - 00000000 ____D () C:\Arbeitsordner Ralf
2014-04-09 16:15 - 2013-01-22 12:22 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\ActivePresenter
2014-04-09 16:14 - 2014-02-21 11:31 - 00001382 _____ () C:\Users\Ralf Pappers\Desktop\Active Presenter.lnk
2014-04-09 15:28 - 2014-04-09 15:28 - 00000000 __SHD () C:\Users\Ralf Pappers\AppData\Local\EmieUserList
2014-04-09 15:28 - 2014-04-09 15:28 - 00000000 __SHD () C:\Users\Ralf Pappers\AppData\Local\EmieSiteList
2014-04-09 12:39 - 2014-04-09 12:39 - 00000000 ____D () C:\Users\Ralf Pappers\Downloads\Mac OS X Leopard
2014-04-09 12:39 - 2014-03-13 13:14 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Free Download Manager
2014-04-09 10:27 - 2009-07-14 06:45 - 00671592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 09:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-09 09:26 - 2012-12-11 14:17 - 00204656 _____ () C:\Users\Ralf Pappers\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 09:18 - 2014-04-09 09:18 - 00001562 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-04-09 08:49 - 2014-04-08 15:12 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Package Cache
2014-04-09 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 08:47 - 2012-12-13 14:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 08:45 - 2013-07-30 13:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 08:44 - 2013-02-06 11:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-09 08:44 - 2013-02-06 11:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-09 08:44 - 2013-02-06 11:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-09 08:44 - 2012-12-11 14:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 08:43 - 2012-12-11 14:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Adobe
2014-04-08 15:45 - 2013-01-02 12:35 - 00000000 ____D () C:\Program Files (x86)\SQL Anywhere 12
2014-04-08 15:45 - 2012-12-13 16:52 - 00000141 _____ () C:\Windows\ODBC.INI
2014-04-08 15:45 - 2012-12-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-08 15:43 - 2014-01-22 10:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-08 15:18 - 2014-04-08 15:43 - 08946728 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll
2014-04-08 15:18 - 2014-04-08 15:43 - 07181352 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll
2014-04-08 13:48 - 2014-01-02 15:52 - 00001082 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-04-08 13:40 - 2012-12-12 12:46 - 00000000 ____D () C:\Program Files (x86)\Zeichnen
2014-04-08 13:37 - 2013-01-10 11:22 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\inkscape
2014-04-08 13:17 - 2013-04-05 16:13 - 00000000 ____D () C:\speechmedia
2014-04-08 13:07 - 2012-12-20 12:24 - 00000000 ____D () C:\Users\Ralf Pappers\.gimp-2.8
2014-04-08 13:02 - 2014-04-08 13:02 - 00006304 _____ () C:\Users\Ralf Pappers\AppData\Local\recently-used.xbel
2014-04-08 11:01 - 2014-04-08 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-08 10:57 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\Virtual Machines
2014-04-08 10:52 - 2012-12-06 11:18 - 00000000 ____D () C:\Program Files\Windows XP Mode
2014-04-07 12:10 - 2012-12-13 11:43 - 00000000 ____D () C:\iFuB
2014-04-07 11:30 - 2011-02-11 19:36 - 00000000 ____D () C:\Windows\panther
2014-04-07 11:14 - 2014-04-04 10:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 10:29 - 2014-04-02 14:17 - 00000000 ____D () C:\AdwCleaner
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Public\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\ProgramData\ABBYY
2014-04-04 13:07 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Wondershare
2014-04-04 13:06 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Wondershare
2014-04-04 11:33 - 2012-12-12 17:03 - 00001429 _____ () C:\Users\Ralf Pappers\Desktop\o2.box.lnk
2014-04-04 10:56 - 2014-04-04 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 10:44 - 2012-12-12 13:04 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Paint.NET
2014-04-03 14:16 - 2012-12-13 12:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\FileZilla
2014-04-03 11:48 - 2013-02-27 12:47 - 00013318 _____ () C:\ProgramData\hpzinstall.log
2014-04-03 11:31 - 2013-07-30 12:40 - 00266610 _____ () C:\Windows\hpwins22.dat
2014-04-03 11:30 - 2014-04-03 11:30 - 00000000 ____D () C:\HP-Drucker
2014-04-03 09:51 - 2014-04-04 10:56 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-04 10:56 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-04 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 09:16 - 2013-02-11 10:27 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-03 09:03 - 2014-04-03 09:03 - 00001091 _____ () C:\Users\Public\Desktop\PDF Shaper.lnk
2014-04-03 09:03 - 2012-12-13 12:33 - 00000000 ____D () C:\Program Files (x86)\Multimedia
2014-04-03 09:02 - 2014-04-03 09:02 - 00000025 _____ () C:\Users\Ralf Pappers\AppData\Local\trueburner.ini
2014-04-02 15:37 - 2014-04-02 15:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-02 15:34 - 2014-04-02 15:34 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 15:31 - 2012-12-11 15:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-02 15:11 - 2014-04-02 14:38 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Mozilla
2014-04-02 14:57 - 2014-04-02 14:38 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Mozilla
2014-04-02 13:40 - 2013-02-13 13:46 - 00004136 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA
2014-04-02 13:40 - 2013-02-13 13:46 - 00003740 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core
2014-04-02 12:05 - 2014-04-02 12:05 - 00001103 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-04-01 15:53 - 2014-04-01 15:53 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Ashampoo Burning Studio FREE
2014-04-01 15:52 - 2012-12-13 10:26 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Ashampoo
2014-04-01 15:51 - 2014-04-01 15:51 - 00001283 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2014-04-01 15:51 - 2012-12-13 10:26 - 00000000 ____D () C:\ProgramData\ashampoo
2014-04-01 15:30 - 2014-04-01 15:30 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-04-01 15:30 - 2014-03-13 14:03 - 00000360 _____ () C:\Users\Ralf Pappers\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-04-01 15:30 - 2012-12-18 14:14 - 00000887 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk
2014-04-01 13:44 - 2014-04-01 13:43 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Microsoft Games
2014-04-01 12:14 - 2013-02-07 11:15 - 00346112 _____ () C:\Users\Ralf Pappers\Documents\Ralf Pappers.stb
2014-04-01 09:11 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 15:13 - 2013-06-24 14:05 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Winamp
2014-03-31 14:59 - 2014-03-31 14:59 - 00002653 _____ () C:\Users\Public\Desktop\dodMover.lnk
2014-03-31 14:59 - 2014-03-31 14:58 - 00000000 ____D () C:\Program Files (x86)\DictaTeam
2014-03-31 14:59 - 2013-11-15 11:04 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\DictaTeam
2014-03-31 14:58 - 2014-03-31 14:58 - 00002661 _____ () C:\Users\Public\Desktop\dodConverter.lnk
2014-03-31 14:56 - 2014-03-31 14:55 - 00003016 _____ () C:\Windows\unins000.dat
2014-03-31 14:55 - 2014-03-31 14:55 - 00719243 _____ () C:\Windows\unins000.exe
2014-03-31 14:55 - 2014-03-31 14:55 - 00000000 ____D () C:\dod
2014-03-31 12:44 - 2014-03-31 12:44 - 00001123 _____ () C:\Users\Public\Desktop\TeamDrive 3.lnk
2014-03-28 16:54 - 2012-12-12 13:04 - 00000000 ____D () C:\Program Files\Zeichnen
2014-03-28 14:59 - 2014-03-12 13:54 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 14:59 - 2014-03-12 13:54 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 13:17 - 2013-01-28 13:05 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\vlc
2014-03-28 12:42 - 2014-03-28 12:42 - 00038434 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-03-28 12:38 - 2013-06-10 12:41 - 00038450 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2014-03-28 12:37 - 2013-05-29 11:30 - 00038441 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-03-27 14:23 - 2013-10-31 10:05 - 00000031 _____ () C:\Windows\DESKCALC.INI
2014-03-27 14:14 - 2012-12-14 14:51 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Textbausteinverwaltung
2014-03-27 12:44 - 2012-12-14 12:23 - 00000000 ____D () C:\Dragon-Cache
2014-03-26 19:01 - 2014-04-08 13:48 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-03-26 19:00 - 2014-04-08 13:48 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Program Files (x86)\Steganos Online-Banking Free
2014-03-26 14:56 - 2014-03-26 14:48 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\JS-Tools
2014-03-26 14:52 - 2014-03-26 14:52 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\wPlayer
2014-03-26 14:08 - 2014-01-02 15:53 - 00000000 ____D () C:\VMBox
2014-03-26 12:41 - 2012-12-13 16:49 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Lexware
2014-03-25 15:36 - 2012-12-14 11:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-03-25 14:24 - 2012-12-13 12:08 - 00000000 ____D () C:\Program Files (x86)\Datenbanken
2014-03-25 10:13 - 2013-07-30 11:54 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Lexware
2014-03-25 10:13 - 2012-12-13 16:53 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Lexware
2014-03-24 14:15 - 2013-10-22 13:12 - 00000000 ___HD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by Starter)
2014-03-24 13:58 - 2014-01-23 16:57 - 00002900 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-03-24 13:58 - 2014-01-23 16:57 - 00001218 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-24 13:58 - 2013-11-26 11:40 - 00001194 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-24 13:51 - 2014-03-24 13:50 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Kalender1
2014-03-24 13:50 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 13:49 - 2013-01-04 10:25 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Downloaded Installations
2014-03-24 12:37 - 2014-03-24 12:37 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\SysWOW64\FKStampPainter20.dll
2014-03-24 10:16 - 2013-01-03 12:30 - 00000000 ____D () C:\Users\Ralf Pappers\.mediathek3
2014-03-21 13:20 - 2014-03-21 13:20 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\OneNote-Notizbücher
2014-03-21 13:18 - 2012-12-12 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Text
2014-03-21 12:09 - 2013-02-18 12:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Notepad++
2014-03-19 16:26 - 2012-12-17 11:58 - 00000000 ____D () C:\VMmaschinen
2014-03-18 17:03 - 2014-03-18 17:03 - 00003178 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-03-18 12:36 - 2014-03-18 12:36 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Apps\Evernote
2014-03-17 10:51 - 2014-03-17 10:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\DropboxMaster
2014-03-17 10:51 - 2012-12-12 17:03 - 00001006 _____ () C:\Users\Ralf Pappers\Desktop\Dropbox.lnk

Some content of TEMP:
====================
C:\Users\Ralf Pappers\AppData\Local\Temp\avgnt.exe
C:\Users\Ralf Pappers\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwd_r_x.dll
C:\Users\Ralf Pappers\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-14 13:34

==================== End Of Log ============================

--- --- ---

--- --- ---

draftec · 15.04.2014, 07:42

Und Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by Ralf Pappers at 2014-04-15 08:38:54
Running from C:\Install\Programme Ralf\Tools\Virenscanner\Farbars Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909g (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.5 - Atomi Systems, Inc.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Aiseesoft Total Video Converter Platinum 7.1.10 (HKLM-x32\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version: 7.1.10 - Aiseesoft Studio)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Ashampoo Home Designer Pro v.1.0.1 (HKLM-x32\...\{4D1A0101-17A2-4fca-9119-4734EDBDA12D}_is1) (Version: 1.0.1 - Creative Amadeo GmbH)
Ashampoo Movie Studio 2013 v.1.0.6 (HKLM-x32\...\{91B33C97-EB09-F0A4-36AC-3895F9F93DD1}_is1) (Version: 1.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo MyAutoplay Menu 1.0.5 (HKLM-x32\...\Ashampoo MyAutoplay Menu_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.2.1 (HKLM-x32\...\{C92AB6F1-4B66-808A-D77C-25EF81C0176A}_is1) (Version: 10.2.1 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio 2013 v.1.0.2 (HKLM-x32\...\{91B33C97-34D2-9841-084D-BE4849F6A38F}_is1) (Version: 1.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 6 v.6.0.10 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM-x32\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother P-touch Editor 4.2 (HKLM-x32\...\InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}) (Version: 4.2 - Brother Industries, Ltd.)
Brother P-touch Editor 4.2 (x32 Version: 4.2 - Brother Industries, Ltd.) Hidden
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version:  - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BurnAware Free 6.9.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
calibre 64bit (HKLM\...\{13AD5E97-F15C-46C7-92D9-6CE42AB6E73E}) (Version: 1.26.0 - Kovid Goyal)
Camtasia Studio 5 (HKLM-x32\...\{9B7802FF-2E35-4361-8A82-D207C7E9F99B}) (Version: 5.1.0 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
CodeStuff Starter (HKLM-x32\...\CodeStuff Starter) (Version: 5.6.2.9 - CodeStuff)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5425 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.5425 - CyberLink Corp.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dexpot (HKCU\...\Dexpot) (Version: 1.6.11 - Dexpot GbR)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
dictate on demand converter (HKLM-x32\...\{AEF15737-F6D9-4335-936B-10900E20D156}) (Version: 3.1.1 - DictaTeam)
dictate on demand mover (HKLM-x32\...\{E6318DFB-01EF-4EFA-9EA2-647A17690535}) (Version: 3.1.1 - DictaTeam)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
dra.mover Vollinstallation Version beta8 (HKLM-x32\...\{4B67A79E-91AD-4D57-857A-ACBDF7A876E0}_is1) (Version: beta8 - EGS Computer Vertrieb GmbH)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.350 - Nuance Communications Inc.)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
DVDStyler v2.7 (HKLM-x32\...\DVDStyler_is1) (Version:  - )
Easy-Mailing (HKLM-x32\...\{CB2C65F0-A8F3-4FE7-A8F9-0EF73E184BCF}) (Version: 4.00.0200 - Wirth IT Design)
Edraw Mind Map 6.6.2 (HKLM-x32\...\Edraw Mind Map Freeware_is1) (Version:  - EdrawSoft)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eumex RNDIS64 Treiber V1.02 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.02.0000 - Deutsche Telekom)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Feiertage BR-Deutschland xp2v (HKLM-x32\...\{A18DE4D5-2219-4952-B56A-3C7CF98A6B46}) (Version: 1.0.3.1 - Jürgen A. Neuber (JAN))
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - stfx, Ath)
FileZilla Client 3.8.0 (HKCU\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreeFileSync 6.2 (HKLM-x32\...\FreeFileSync) (Version: 6.2 - Zenju)
Freemake Audio Converter Version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.3 - Ellora Assets Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
funkwerk Eumex 401 WIN-Tools V1.00 (HKLM-x32\...\InstallShield_{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}) (Version: 1.00.0000 - Funkwerk Enterprise Communications GmbH)
funkwerk Eumex 401 WIN-Tools V1.00 (x32 Version: 1.00.0000 - Funkwerk Enterprise Communications GmbH) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Grundig Digta Configurator (HKLM-x32\...\{FBCD82BA-DE70-49BC-9453-1F468F23D69A}) (Version: 7.2.22 - Grundig Business Systems GmbH)
Grundig DigtaSoft Pro (HKLM-x32\...\{3E556D86-D772-40CE-A249-7A54A8EA30B8}) (Version: 5.1.21 - Grundig Business Systems GmbH)
Grundig DssMover (HKLM-x32\...\{B9DD58FE-FD1B-4C8D-8B13-03E60A976983}) (Version: 5.1.21 - Grundig Business Systems GmbH)
Grundig NetAdministration (HKLM-x32\...\{60D030F7-ABCA-4665-BED9-F83ED7EA2827}) (Version: 5.1.21 - Grundig Business Systems GmbH)
Hamster Free EbookConverter (HKLM-x32\...\{441AC599-200D-4E04-B274-C6B7B50C281D}_is1) (Version: 1.0.0.13 - HamsterSoft)
Hornil StylePix (HKCU\...\Hornil StylePix) (Version: 1.14.1.0 - Hornil Co.)
Hornil StylePix Pro (HKCU\...\Hornil StylePix Pro) (Version: 1.14.2.2 - Hornil Co.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8500 A909 Series (HKLM\...\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Huey (HKLM-x32\...\Huey) (Version:  - )
Icons from File 5.02 (HKLM-x32\...\Icons from File_is1) (Version: 5.02 - Vitaliy Levchenko)
Index Your Files 5.0.2.6 (HKLM-x32\...\{8158B832-5225-40AB-8082-54349388B323}_is1) (Version:  - Rafael Castro)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 7.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LamedropXPd3 3.0.2 (HKLM-x32\...\LamedropXPd_0) (Version: 3.0.2 - Strange World Productions)
lexiCan 4 (HKLM-x32\...\{4A79D043-17F4-41A7-B0C7-6E464AD29429}) (Version: 4.7.1 - vetafab Software GmbH)
Lexware Info Service (x32 Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware warenwirtschaft pro 2014 (x32 Version: 14.04.00.0022 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware warenwirtschaft pro 2014 Client (HKLM-x32\...\{d0e8466a-620d-4b9c-b85b-df1785630f03}) (Version: 14.3.0.175 - Haufe-Lexware GmbH & Co.KG)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{7801C501-F2B8-41FF-9792-D48C809A9CFB}) (Version: 4.2.2.1 - The Document Foundation)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
MAGIX Screenshare (HKLM-x32\...\{AEDB01F3-380C-4BF8-BC8A-AB04AB9EB7D9}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{A9DCBD16-308D-454E-A563-191673A51D52}) (Version: 7.0.2.6 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
meinHausplaner (HKLM-x32\...\meinHausplaner) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Setup Center 13.05 (HKLM-x32\...\Microsoft Setup Center 13.05_is1) (Version:  - com! - Das Computer Magazin)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
my DESIGN 13.9.1 (HKLM-x32\...\my DESIGN) (Version: 13.9.1 - myFlyeralarm GmbH)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MySQL-Front (HKLM-x32\...\MySQL-Front_is1) (Version: 5.3 - )
Namo WebEditor 9 (HKLM-x32\...\{E4F6C5BD-023B-4352-9C1C-7851F5A3AE82}) (Version: 8.00.000 - Namo Interactive, Inc.)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NewFreeScreensaver nfsClockClouds01HD (HKLM-x32\...\nfsClockClouds01HD New Free Screensaver_is1) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25  - Florian Balmer)
Nuance PDF Professional 6 (HKLM\...\{17123D2C-667C-4F3C-B3C0-5F80931A989E}) (Version: 6.00.6434 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
O&O DiskImage Professional (HKLM\...\{56F8EF3C-D9A0-4728-95D5-DC05A72931F5}) (Version: 7.81.6 - O&O Software GmbH)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Outlook4Gmail 2.6 (HKLM-x32\...\{6A53C42D-DCCD-46B7-9143-51071726A6F6}_is1) (Version:  - Scand Ltd.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Shaper 2.5 (HKLM-x32\...\PDF Shaper_is1) (Version:  - Glorylogic)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Philips Device Control Center (HKLM-x32\...\{E684F384-1C66-4BFE-86D3-80C4C777538E}) (Version: 3.2.320.40 - Speech Processing Solutions GmbH)
Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.3.12.723 - Engelmann Media GmbH)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Samplitude Music Studio 17 (HKLM-x32\...\MAGIX_MSI_ms17dlx) (Version: 17.0.0.0 - MAGIX AG)
Samplitude Music Studio 17 (x32 Version: 17.0.0.0 - MAGIX AG) Hidden
SARDU 2.0.6.5 (HKLM-x32\...\SARDU) (Version: 2.0.6.5 - Davide Costa)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Sigil 0.7.2 (HKLM-x32\...\Sigil_is1) (Version:  - John Schember)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SpeechExec Pro Dictate (HKLM-x32\...\{441C6C10-0ED0-47A8-8FA5-ED09C89CD66D}) (Version: 7.5.750.2 - Speech Processing Solutions GmbH)
SpeechExec Pro Transcribe (HKLM-x32\...\{D1B08525-6ADC-4637-BE25-E40CE39F4F0F}) (Version: 7.5.750.2 - Speech Processing Solutions GmbH)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steganos Online-Banking 2012 (HKLM-x32\...\{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}) (Version: 2.0.4 - Steganos Software GmbH)
Steganos Safe 2012 (HKLM-x32\...\{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}) (Version: 13.0.5 - Steganos Software GmbH)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SuperMailer 7.03 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 7.03 - Mirko Boeer Softwareentwicklungen)
Sweet Home 3D version 4.0 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
TeamDrive 3 (HKLM-x32\...\TeamDrive 3) (Version: 3.2.0.721 - TeamDrive Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Textbausteinverwaltung v2.6.4 (HKLM-x32\...\Textbausteinverwaltung_is1) (Version: 2.6.4 - Bartels Media GmbH)
TheColourClock (HKLM-x32\...\TheColourClock_is1) (Version:  - )
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
tools-freebsd (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
TopStyle Lite (Version 3) (HKLM-x32\...\TopStyle Lite (Version 3.0)) (Version:  - )
TopStyle Lite (Version 3) (HKLM-x32\...\TSLite3_is1) (Version:  - )
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Typograf 5.1f (HKLM-x32\...\Typograf) (Version: 5.1f - Neuber Software)
Ultimate Windows Customizer (HKLM-x32\...\{C1AE8796-BE88-4630-9301-2F6D56F7A579}) (Version: 1.0.1.0 - The Windows Club)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer) (Version: 1.5 - Deutsche Post AG)
Versandhelfer (x32 Version: 1.5 - Deutsche Post AG) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 10.20.200 - Nuance Communications Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VisualBee for Microsoft PowerPoint (HKCU\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
WAVCardFilter (HKCU\...\5c1a3aa26e5ab4cf) (Version: 1.0.0.0 - Organisation)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.0.0.2 - BiniSoft.org)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Grundig Business Systems GmbH (UacCtl2) USB  (12/19/2006 2.0.3.3) (HKLM\...\CC5DAECF4951DEA284D78F429720CB8E8C2E057D) (Version: 12/19/2006 2.0.3.3 - Grundig Business Systems GmbH)
Windows-Treiberpaket - T-Home Net  (06/30/2010 6.0.6000.16384) (HKLM\...\7B73EBFEF26F2C40D3AA9D389F5CF2C77121106C) (Version: 06/30/2010 6.0.6000.16384 - T-Home)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wondershare Vivideo(Build 2.0.0.12) (HKLM-x32\...\Wondershare Vivideo_is1) (Version:  - Wondershare Software)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami)
XnView 2.20 (HKLM-x32\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)
XnViewMP 0.64 (HKLM\...\XnViewMP_is1) (Version: 0.64 - Gougelet Pierre-e)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

08-04-2014 08:52:05 Windows XP Mode wird entfernt
08-04-2014 08:56:45 Windows Modules Installer
08-04-2014 11:47:50 Installed Oracle VM VirtualBox 4.3.10
08-04-2014 13:42:32 Lexware warenwirtschaft pro 2014 Client
09-04-2014 06:43:33 Windows Update
09-04-2014 07:17:41 Installed LibreOffice 4.2.2.1
09-04-2014 07:18:41 Installed LibreOffice 4.2 Help Pack (German)
09-04-2014 07:39:43 Installed Lexware online banking.
09-04-2014 11:56:51 Installed Evernote v. 5.3

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02F1D9ED-5166-48BE-BEAF-847550DC4075} - System32\Tasks\Eigene Aufgaben\Zweite Erinnerung
Task: {16A953D4-D17D-4907-9633-EC196471CAF3} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-24] (IObit)
Task: {1F82893E-895E-4A78-9918-8F4165B1D9EB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {2DCE7B2F-FDBE-4A5E-A317-0AEF3A75C709} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)
Task: {35D64538-0C5F-476B-AA3D-B127C0CF5F66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13] (Google Inc.)
Task: {528ED0C8-C2E2-49BC-A05D-A28EE39C2559} - System32\Tasks\Eigene Aufgaben\Backup Lexware
Task: {6DA6A8AF-17FF-4E97-A92F-D46F45F50741} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\Tools\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {7074A164-3E0C-428B-909B-394AF0EB865A} - System32\Tasks\Eigene Aufgaben\Feierabend Vorbereitung
Task: {77342821-9335-4706-BE9E-7A4DFFBA3FD9} - System32\Tasks\Eigene Aufgaben\Backup Ralf => C:\Program Files\Tools\FreeFileSync\FreeFileSync.exe [2014-02-01] (freefilesync.sourceforge.net)
Task: {9BD2741B-1F12-40BF-BCFA-B0C934DA1DB3} - \CreateChoiceProcessTask ATTENTION ====> No Task File
Task: {AA455224-03EF-43F9-AE09-0B6D25121E5D} - System32\Tasks\VisualBeeRecovery => C:\Users\Ralf
Task: {BA815CCB-0E2D-4F64-BAE3-BACA9F43C8A1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {BC7E4439-6E9F-407B-8131-2828B9195B5B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13] (Google Inc.)
Task: {D62B914F-7E6F-41EA-8168-1DC29A74CBF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\Tools\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {DB003477-59D5-4A5F-9171-ACCEA2D4D32C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09] (Adobe Systems Incorporated)
Task: {E0D5E448-B6CB-4C49-AC54-8B5A533BF1AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)
Task: {F269D1C3-C631-4352-9C3F-834D9CB87AEB} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {FFF717FC-2D02-42D2-9E05-9B87FE694AA9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core.job => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA.job => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-06 10:00 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-23 15:37 - 2014-01-23 15:37 - 00118784 _____ () C:\Windows\system32\qcap64.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00326448 _____ () C:\Program Files\OO Software\DiskImage\oodiagrs.dll
2013-09-09 17:35 - 2013-09-09 17:35 - 00344880 _____ () C:\Program Files\OO Software\DiskImage\oodishrs.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\Internet\FileZilla FTP Client\fzshellext_64.dll
2009-03-13 03:18 - 2009-03-13 03:18 - 00602624 _____ () C:\Program Files (x86)\Tools\Everything\Everything.exe
2012-12-06 11:26 - 2012-01-26 23:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-04-02 15:33 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-11-12 11:04 - 2013-11-12 11:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-02-13 14:17 - 2014-02-13 14:17 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-12-06 11:18 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-12-06 11:21 - 2012-01-21 13:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-12-14 14:51 - 2012-12-13 17:28 - 00439016 _____ () C:\Program Files (x86)\Tools\Textbausteinverwaltung\tbvlang.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2009-07-27 02:45 - 2009-07-27 02:45 - 00432128 _____ () C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF6\OutlookAddin.dll
2013-12-18 20:42 - 2013-12-18 20:42 - 02897280 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-12-18 20:43 - 2013-12-18 20:43 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-05 12:35 - 2014-03-05 12:35 - 00534056 _____ () C:\Program Files (x86)\Lexware\professional\2014\lxuser.dll
2014-03-05 12:35 - 2014-03-05 12:35 - 00151080 _____ () C:\Program Files (x86)\Lexware\professional\2014\lxcompany.dll
2014-03-24 18:23 - 2014-03-24 18:23 - 00873000 _____ () C:\Program Files (x86)\Lexware\professional\2014\FkManagedTools.dll
2014-03-24 12:37 - 2014-03-24 12:37 - 00297512 _____ () C:\Program Files (x86)\Lexware\professional\2014\FkCommonManagedTools.dll
2014-03-24 18:23 - 2014-03-24 18:23 - 00244776 _____ () C:\Program Files (x86)\Lexware\professional\2014\FkManagedKernel.dll
2014-01-15 12:24 - 2014-01-15 12:24 - 00086568 _____ () C:\Program Files (x86)\Lexware\professional\2014\LexCheckView.dll
2014-01-15 12:24 - 2014-01-15 12:24 - 00091176 _____ () C:\Program Files (x86)\Lexware\professional\2014\LexCheckMini.dll
2014-01-15 12:24 - 2014-01-15 12:24 - 00069672 _____ () C:\Program Files (x86)\Lexware\professional\2014\LexCheckDataProviderPro.dll
2014-04-02 14:57 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Internet\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:7FFED16F

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2014 08:30:53 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/14/2014 04:13:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/14/2014 03:32:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/14/2014 01:39:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/14/2014 08:31:20 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/11/2014 02:59:42 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/11/2014 02:47:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 14.4.0.7, Zeitstempel: 0x5316f9e0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0150010
Fehleroffset: 0x0008482b
ID des fehlerhaften Prozesses: 0x16dc
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3

Error: (04/11/2014 02:47:49 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0150010, Ausnahmeadresse 7709482B
Stapel:

Error: (04/10/2014 00:29:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: E401Cf.exe, Version: 1.0.0.25, Zeitstempel: 0x49107625
Name des fehlerhaften Moduls: MFC71.DLL, Version: 7.10.6030.0, Zeitstempel: 0x44b453c2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00021991
ID des fehlerhaften Prozesses: 0x1f3c
Startzeit der fehlerhaften Anwendung: 0xE401Cf.exe0
Pfad der fehlerhaften Anwendung: E401Cf.exe1
Pfad des fehlerhaften Moduls: E401Cf.exe2
Berichtskennung: E401Cf.exe3

Error: (04/10/2014 09:56:57 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.


System errors:
=============
Error: (04/15/2014 08:31:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/15/2014 08:31:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/15/2014 08:29:07 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (04/15/2014 08:28:56 AM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/14/2014 04:12:06 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (04/14/2014 02:13:33 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR7 gefunden.

Error: (04/14/2014 02:13:32 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR7 gefunden.

Error: (04/14/2014 10:14:30 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (04/14/2014 10:14:29 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (04/14/2014 08:58:42 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.


Microsoft Office Sessions:
=========================
Error: (10/29/2013 04:17:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22529 seconds with 2100 seconds of active time.  This session ended with a crash.

Error: (10/02/2013 08:39:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/30/2013 01:55:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 129 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/05/2013 04:21:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/18/2013 10:18:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-05-27 10:34:55.501
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:34:55.460
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:34:14.459
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:34:14.419
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:33:34.417
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-27 10:33:34.373
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-23 14:13:59.282
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-23 14:13:59.244
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-23 08:55:57.755
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-23 08:55:57.718
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Tools\Moborobo\MoboroboAssDriver64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 4056.92 MB
Available physical RAM: 1638.11 MB
Total Pagefile: 8112.02 MB
Available Pagefile: 5305.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Disk-C) (Fixed) (Total:915.83 GB) (Free:62.21 GB) NTFS
Drive n: (Corona) (Network) (Total:923.76 GB) (Free:640.09 GB) NTFS
Drive o: (iFuB) (Network) (Total:923.76 GB) (Free:640.09 GB) NTFS
Drive p: (Public) (Network) (Total:923.76 GB) (Free:640.09 GB) NTFS
Drive r: (Buchhaltung) (Network) (Total:923.76 GB) (Free:640.09 GB) NTFS
Drive s: (speechmedia) (Network) (Total:923.76 GB) (Free:640.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 410D9CD0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bootsektor · 15.04.2014, 07:57

Hallo draftec,

Fehlt noch die addition.txt,
hast du aktuell denn noch Probleme mit Downloadprotect?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AppInit_DLLs-x32: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll" File Not Found

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Wählen Sie eine
Kopiere nun folgendes in die Suchleiste
Code:
ATTFilter
```
C:\Windows\system32\qcap64.exe
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

Diese Datei wurde bereits von VirusTotal analysiert...

klicke auf Neu analysieren.
Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
Kopiere den Link aus deiner Adresszeile und poste ihn hier.

draftec · 15.04.2014, 15:09

Hallo Sandra,

die additions.txt hatte ich doch gepostet. Steht direkt über Deinen neuen Anweisungen.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2014
Ran by Ralf Pappers at 2014-04-15 09:03:37 Run:2
Running from C:\Install\Programme Ralf\Tools\Virenscanner\Farbars Recovery Scan Tool
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AppInit_DLLs-x32: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll" File Not Found
         
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll" => Value Data removed successfully.


The system needed a reboot. 

==== End of Fixlog ====

Die genannte Datei muß ich erst mal kopiert bekommen, da sie vom System blockiert wird.

Und ja, ich habe immer noch Probleme mit Download Protext, leider.

So, nachdem ich meinen Rechner mit einer Linux-DVD gestartet habe, konnte ich die Datei kopieren (auf einen USB-Stick) und scannen lassen:

Code:

ATTFilter

https://www.virustotal.com/de/file/a6abdd7c0887effc170bc5dc2d8eb86322b247c0569acda47df221576a45c533/analysis/1397547409/

Die scheint tatsächlich korrupt zu sein.

Kann es sein das diese qcap64.exe überhaupt nicht zum Betriebssystem gehört?
In Windows 8 gibt es die nicht. Kann sonst nur noch zu Hause auf meinem Rechner nachschauen.

Bootsektor · 22.04.2014, 00:30

Hallo draftec,
entschuldige bitte die Verzögerung, meine Antwort an dich scheint irgendwo hängen gebliben zu sein.

Ja diese qcap64 sieht tatsächlich nicht gut aus.

Was hast du da genau zurückgespielt an Backups?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

R2 rundlm32; C:\Windows\system32\qcap64.exe [118784 2014-01-23] ()
C:\Windows\system32\qcap64.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

draftec · 22.04.2014, 07:43

Hall Sandra,

kein Problem. Ich bin ja dankbar für Deine Hilfe.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Ralf Pappers at 2014-04-22 08:39:03 Run:3
Running from C:\Install\Programme Ralf\Tools\Virenscanner\Farbars Recovery Scan Tool
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
R2 rundlm32; C:\Windows\system32\qcap64.exe [118784 2014-01-23] ()
C:\Windows\system32\qcap64.exe
*****************

rundlm32 => Service stopped successfully.
rundlm32 => Service deleted successfully.
C:\Windows\system32\qcap64.exe => Moved successfully.

==== End of Fixlog ====

und hier die Fixlog.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Ralf Pappers (administrator) on RALFPAPPERS-PC on 22-04-2014 08:39:27
Running from C:\Install\Programme Ralf\Tools\Virenscanner\Farbars Recovery Scan Tool
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Multimedia\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Text\PDF Professional 6\PDFProFiltSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(TeamViewer GmbH) C:\Program Files (x86)\Tools\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Google) C:\Program Files (x86)\Internet\Google Calendar Sync\GoogleCalendarSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Tools\Everything\Everything.exe
(Bartels Media GmbH) C:\Program Files (x86)\Tools\Textbausteinverwaltung\Textbausteinverwaltung.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Tools\VirtualCloneDrive\VCDDaemon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\Tools\FreeCommander\FreeCommander.exe
(Mozilla Corporation) C:\Program Files (x86)\Internet\Mozilla Firefox\firefox.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\professional\2014\Framework.exe
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
() C:\Program Files\Notepad2\Notepad2.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-16] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Tools\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Tools\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Run: [Google Update] => C:\Users\Ralf Pappers\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-13] (Google Inc.)
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\MountPoints2: {47fdbf3a-34ba-11e3-8053-005056c00008} - J:\AutoRun.exe
HKU\S-1-5-21-749763346-3248520431-3326687565-1001\...\MountPoints2: {47fdbf50-34ba-11e3-8053-005056c00008} - J:\AutoRun.exe
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
URLSearchHook: HKCU - (No Name) - {1d053bb5-c922-44e3-9910-66585f017505} - No File
SearchScopes: HKLM - DefaultScope {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - {98D34335-7341-47D9-B499-9256FC755EA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS
SearchScopes: HKCU - DefaultScope {F51B30DC-C5D1-46E6-AEBC-0F95C81A71AA} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {F51B30DC-C5D1-46E6-AEBC-0F95C81A71AA} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Text\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {1D053BB5-C922-44E3-9910-66585F017505} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {AA299E98-6FB5-409F-99D3-D30D749F4864} hxxp://compardt.istmein.de/inc/kaxRemote.dll
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP3-17099/webex/ieatgpc1.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default
FF Homepage: https://www.google.com/calendar/render?gsessionid=OK
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Text\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ralf Pappers\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ralf Pappers\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ralf Pappers\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\searchplugins\duckduckgo.xml
FF Extension: Print pages to PDF - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\printPages2Pdf@reinhold.ripper [2014-04-04]
FF Extension: FEBE - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-04-04]
FF Extension: Empty Cache Button - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-04-04]
FF Extension: DownloadHelper - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-04]
FF Extension: Flash and Video Download - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-15]
FF Extension: Add Bookmark Here ² - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\abhere2@moztw.org.xpi [2014-04-15]
FF Extension: about:addons-memory - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\about-addons-memory@tn123.org.xpi [2014-04-15]
FF Extension: Bookmark Favicon Changer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2014-04-15]
FF Extension: Firebug - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-15]
FF Extension: Go Parent Folder - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\goParentFolder@alice.xpi [2014-04-15]
FF Extension: Print / Print Preview (Update) - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com.xpi [2014-04-15]
FF Extension: Restart - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\Restart@schuzak.jp.xpi [2014-04-15]
FF Extension: Save as PDF - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2014-04-15]
FF Extension: Slim Add-ons Manager - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\slimaddonmanager@opendfki.de.xpi [2014-04-15]
FF Extension: Auto-Sort Bookmarks - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\sortbookmarks@bouanto.xpi [2014-04-15]
FF Extension: Firesizer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi [2014-04-15]
FF Extension: FlashGot - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-15]
FF Extension: Download Status Bar - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-04-15]
FF Extension: CookieCuller - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-04-15]
FF Extension: FireFTP - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-04-15]
FF Extension: Password Exporter - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-04-15]
FF Extension: Web Developer - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-04-15]
FF Extension: Adblock Plus - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-15]
FF Extension: Tab Mix Plus - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-04-15]
FF Extension: DownThemAll! - C:\Users\Ralf Pappers\AppData\Roaming\Mozilla\Firefox\Profiles\99il9q12.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF HKLM-x32\...\Firefox\Extensions: [{A16F2E48-309E-4005-AFE5-00F5D4A5B337}] - C:\Windows\Installer\{3B7ED942-D019-4E01-8C53-0277D1222227}\{A16F2E48-309E-4005-AFE5-00F5D4A5B337}.xpi
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-30]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Internet\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Google-Suche) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (AdBlock) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Google Mail) - C:\Users\Ralf Pappers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [flegfcibpcnhjcfmmpgckdobbiiogkda] - C:\Users\Ralf Pappers\AppData\Local\CRE\flegfcibpcnhjcfmmpgckdobbiiogkda.crx [2014-03-12]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-07-31]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Tools\Ashampoo WinOptimizer 2014\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Multimedia\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-04] (Ellora Assets Corp.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-24] (IObit)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [6258480 2013-09-09] (O&O Software GmbH)
R2 PDFProFiltSrv; C:\Program Files (x86)\Text\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 TeamViewer8; C:\Program Files (x86)\Tools\TeamViewer\TeamViewer_Service.exe [3574624 2013-04-23] (TeamViewer GmbH)
R2 wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [76400 2013-05-24] (BiniSoft.org)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-11-02] (AnchorFree Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116936 2013-09-09] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41160 2013-09-09] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255688 2013-09-09] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44744 2013-09-09] (O&O Software GmbH)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-19] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 UacCtl2; C:\Windows\System32\DRIVERS\uacctl2.sys [17408 2006-12-19] (Micronas GmbH)
S3 UacFlt2; C:\Windows\System32\DRIVERS\uacflt2.sys [18304 2006-12-19] (Micronas GmbH)
U5 UnlockerDriver5; C:\Program Files\Tools\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 cleanhlp; \??\C:\EEK\Run\cleanhlp64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 09:32 - 2014-04-15 09:32 - 530774454 _____ () C:\Windows\MEMORY.DMP
2014-04-15 09:32 - 2014-04-15 09:32 - 00324208 _____ () C:\Windows\Minidump\041514-10670-01.dmp
2014-04-15 09:32 - 2014-04-15 09:32 - 00000000 ____D () C:\Windows\Minidump
2014-04-15 08:27 - 2014-04-15 08:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-11 16:07 - 2014-04-11 16:07 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\PDF24
2014-04-11 14:59 - 2014-04-15 08:28 - 00002500 _____ () C:\Windows\PFRO.log
2014-04-09 15:28 - 2014-04-09 15:28 - 00000000 __SHD () C:\Users\Ralf Pappers\AppData\Local\EmieUserList
2014-04-09 15:28 - 2014-04-09 15:28 - 00000000 __SHD () C:\Users\Ralf Pappers\AppData\Local\EmieSiteList
2014-04-09 12:39 - 2014-04-09 12:39 - 00000000 ____D () C:\Users\Ralf Pappers\Downloads\Mac OS X Leopard
2014-04-09 10:37 - 2014-04-22 08:39 - 00000000 ____D () C:\FRST
2014-04-09 09:18 - 2014-04-09 09:18 - 00001562 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-04-09 08:46 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 08:46 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 08:46 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 08:46 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 08:46 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 08:46 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 08:46 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 08:46 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 08:46 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 08:46 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 08:46 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 08:46 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 08:46 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 08:46 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 08:46 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 08:46 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 08:46 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 08:46 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 08:46 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 08:46 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 08:46 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 08:46 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 08:46 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 08:46 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 08:46 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 08:46 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 08:46 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 08:46 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 08:46 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 08:46 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 08:46 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 08:46 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 08:46 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 08:46 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 08:46 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 08:46 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 08:46 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 08:46 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 08:46 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 08:46 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 08:46 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 08:46 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 08:46 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 08:46 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 08:46 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 08:46 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 08:46 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 08:46 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 08:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 08:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 08:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 08:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 08:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 08:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 08:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 08:42 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:42 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:42 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:42 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:42 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 08:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 15:43 - 2014-04-08 15:18 - 08946728 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll
2014-04-08 15:43 - 2014-04-08 15:18 - 07181352 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll
2014-04-08 15:12 - 2014-04-09 08:49 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Package Cache
2014-04-08 13:48 - 2014-03-26 19:01 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-04-08 13:48 - 2014-03-26 19:00 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-04-08 13:02 - 2014-04-08 13:02 - 00006304 _____ () C:\Users\Ralf Pappers\AppData\Local\recently-used.xbel
2014-04-08 11:01 - 2014-04-22 08:26 - 00001747 _____ () C:\Windows\setupact.log
2014-04-08 11:01 - 2014-04-08 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Public\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\ProgramData\ABBYY
2014-04-04 13:06 - 2014-04-04 13:07 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Wondershare
2014-04-04 13:06 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Wondershare
2014-04-04 10:57 - 2014-04-07 11:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 10:56 - 2014-04-04 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 10:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 10:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 10:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 11:30 - 2014-04-03 11:30 - 00000000 ____D () C:\HP-Drucker
2014-04-03 09:13 - 2014-04-10 15:59 - 00000024 _____ () C:\Users\Ralf Pappers\AppData\Local\pdfshaper.ini
2014-04-03 09:04 - 2014-04-10 15:59 - 00000134 _____ () C:\Users\Ralf Pappers\AppData\Roaming\PDFShaper.ini
2014-04-03 09:03 - 2014-04-03 09:03 - 00001091 _____ () C:\Users\Public\Desktop\PDF Shaper.lnk
2014-04-03 09:02 - 2014-04-03 09:02 - 00000025 _____ () C:\Users\Ralf Pappers\AppData\Local\trueburner.ini
2014-04-02 15:37 - 2014-04-02 15:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-02 15:34 - 2014-04-02 15:34 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 15:33 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-02 15:33 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-02 15:33 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-02 14:38 - 2014-04-02 15:11 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Mozilla
2014-04-02 14:38 - 2014-04-02 14:57 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Mozilla
2014-04-02 14:17 - 2014-04-07 10:29 - 00000000 ____D () C:\AdwCleaner
2014-04-02 12:05 - 2014-04-02 12:05 - 00001103 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-04-01 15:53 - 2014-04-01 15:53 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Ashampoo Burning Studio FREE
2014-04-01 15:30 - 2014-04-01 15:30 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-04-01 13:43 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Microsoft Games
2014-03-31 14:59 - 2014-03-31 14:59 - 00002653 _____ () C:\Users\Public\Desktop\dodMover.lnk
2014-03-31 14:58 - 2014-03-31 14:59 - 00000000 ____D () C:\Program Files (x86)\DictaTeam
2014-03-31 14:58 - 2014-03-31 14:58 - 00002661 _____ () C:\Users\Public\Desktop\dodConverter.lnk
2014-03-31 14:57 - 2011-08-29 10:00 - 00074752 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-03-31 14:57 - 2011-08-29 10:00 - 00000038 _____ () C:\Windows\avisplitter.ini
2014-03-31 14:57 - 2011-07-16 16:17 - 00151552 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2014-03-31 14:57 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-03-31 14:57 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-03-31 14:57 - 2011-03-02 12:43 - 00175616 _____ () C:\Windows\SysWOW64\unrar.dll
2014-03-31 14:57 - 2008-10-03 14:30 - 00000414 _____ () C:\Windows\SysWOW64\lame_acm.xml
2014-03-31 14:57 - 2008-09-24 20:41 - 00839680 _____ (hxxp://www.mp3dev.org/) C:\Windows\SysWOW64\lameACM.acm
2014-03-31 14:55 - 2014-03-31 14:56 - 00003016 _____ () C:\Windows\unins000.dat
2014-03-31 14:55 - 2014-03-31 14:55 - 00719243 _____ () C:\Windows\unins000.exe
2014-03-31 14:55 - 2014-03-31 14:55 - 00000000 ____D () C:\dod
2014-03-31 12:49 - 2014-04-11 08:51 - 00000000 ___RD () C:\Users\Ralf Pappers\Documents\Spaces
2014-03-31 12:44 - 2014-03-31 12:44 - 00001123 _____ () C:\Users\Public\Desktop\TeamDrive 3.lnk
2014-03-28 16:54 - 2014-04-11 15:16 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\XnViewMP
2014-03-28 12:42 - 2014-03-28 12:42 - 00038434 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Program Files (x86)\Steganos Online-Banking Free
2014-03-26 14:52 - 2014-03-26 14:52 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\wPlayer
2014-03-26 14:48 - 2014-03-26 14:56 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\JS-Tools
2014-03-24 13:50 - 2014-03-24 13:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Kalender1
2014-03-24 12:37 - 2014-03-24 12:37 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\SysWOW64\FKStampPainter20.dll

==================== One Month Modified Files and Folders =======

2014-04-22 08:39 - 2014-04-09 10:37 - 00000000 ____D () C:\FRST
2014-04-22 08:33 - 2012-12-13 16:51 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-22 08:33 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 08:33 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 08:30 - 2010-11-21 08:50 - 00716782 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 08:30 - 2010-11-21 08:50 - 00155436 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 08:30 - 2009-07-14 07:13 - 01667546 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 08:26 - 2014-04-08 11:01 - 00001747 _____ () C:\Windows\setupact.log
2014-04-22 08:26 - 2014-03-12 13:54 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 08:26 - 2012-12-20 17:11 - 00000000 ____D () C:\ProgramData\VMware
2014-04-22 08:26 - 2012-12-06 11:38 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-22 08:26 - 2012-12-06 11:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-22 08:26 - 2012-12-06 11:26 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-22 08:26 - 2012-12-06 10:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-22 08:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 16:22 - 2012-12-06 10:01 - 01233039 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 16:04 - 2014-03-12 13:54 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 16:01 - 2013-02-06 11:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 15:50 - 2014-03-13 13:14 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Free Download Manager
2014-04-17 15:45 - 2013-02-13 13:46 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA.job
2014-04-17 15:34 - 2013-01-28 13:05 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\vlc
2014-04-17 14:20 - 2013-08-08 14:51 - 00024022 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Notepad2.ini
2014-04-17 13:45 - 2013-02-13 13:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core.job
2014-04-17 13:07 - 2012-12-11 14:50 - 00000000 ____D () C:\!_Test
2014-04-17 11:26 - 2012-12-20 12:24 - 00000000 ____D () C:\Users\Ralf Pappers\.gimp-2.8
2014-04-17 08:45 - 2012-12-13 12:13 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\CrashDumps
2014-04-16 15:20 - 2012-12-14 12:45 - 00002874 _____ () C:\Users\Ralf Pappers\AppData\Roaming\SAS7_000.DAT
2014-04-16 14:05 - 2012-12-12 10:08 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Deployment
2014-04-16 13:18 - 2012-12-11 14:17 - 00000000 ____D () C:\Users\Ralf Pappers
2014-04-16 12:54 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 11:06 - 2012-12-11 14:31 - 00000000 ____D () C:\Arbeitsordner Ralf
2014-04-16 10:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-16 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-15 14:32 - 2013-01-03 13:12 - 00000000 ____D () C:\Users\Ralf Pappers\.freemind
2014-04-15 13:10 - 2012-12-13 13:42 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multimedia
2014-04-15 13:06 - 2012-12-20 17:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\VMware
2014-04-15 13:02 - 2012-12-20 17:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\VMware
2014-04-15 12:56 - 2014-01-02 15:52 - 00000000 ____D () C:\Users\Ralf Pappers\.VirtualBox
2014-04-15 12:52 - 2012-12-13 10:24 - 00001443 _____ () C:\Users\Ralf Pappers\AppData\Roaming\burnaware.ini
2014-04-15 12:36 - 2012-12-13 12:33 - 00000000 ____D () C:\Program Files (x86)\Multimedia
2014-04-15 11:27 - 2012-12-12 13:04 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Paint.NET
2014-04-15 09:48 - 2012-12-17 11:58 - 00000000 ____D () C:\VMmaschinen
2014-04-15 09:32 - 2014-04-15 09:32 - 530774454 _____ () C:\Windows\MEMORY.DMP
2014-04-15 09:32 - 2014-04-15 09:32 - 00324208 _____ () C:\Windows\Minidump\041514-10670-01.dmp
2014-04-15 09:32 - 2014-04-15 09:32 - 00000000 ____D () C:\Windows\Minidump
2014-04-15 09:22 - 2012-12-12 13:06 - 00000000 ____D () C:\Program Files (x86)\Text
2014-04-15 09:04 - 2012-12-13 13:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-15 09:03 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-15 08:30 - 2013-11-26 11:40 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-15 08:28 - 2014-04-11 14:59 - 00002500 _____ () C:\Windows\PFRO.log
2014-04-15 08:28 - 2013-01-02 16:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-15 08:28 - 2012-12-11 14:56 - 00000000 ____D () C:\Program Files (x86)\Tools
2014-04-15 08:27 - 2014-04-15 08:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-15 08:25 - 2009-07-14 04:34 - 00000786 _____ () C:\Windows\win.ini
2014-04-14 14:51 - 2013-03-26 11:39 - 00001165 _____ () C:\Users\Public\Desktop\BurnAware Free.lnk
2014-04-14 10:54 - 2013-02-18 15:45 - 00001206 _____ () C:\Users\Ralf Pappers\Desktop\FreeMind.lnk
2014-04-11 16:07 - 2014-04-11 16:07 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\PDF24
2014-04-11 15:16 - 2014-03-28 16:54 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\XnViewMP
2014-04-11 14:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2014-04-11 13:39 - 2012-12-12 10:38 - 00000000 ____D () C:\Install
2014-04-11 12:31 - 2010-11-21 09:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-11 12:27 - 2013-02-07 13:20 - 00000000 ____D () C:\Users\Public\Documents\gcmail
2014-04-11 12:27 - 2012-12-12 10:11 - 00000000 ____D () C:\Program Files (x86)\Internet
2014-04-11 09:23 - 2013-04-26 09:18 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\TeamDrive3
2014-04-11 08:51 - 2014-03-31 12:49 - 00000000 ___RD () C:\Users\Ralf Pappers\Documents\Spaces
2014-04-11 08:51 - 2012-12-13 12:21 - 00000000 ___RD () C:\Users\Ralf Pappers\Dropbox
2014-04-11 08:51 - 2012-12-13 12:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Dropbox
2014-04-10 15:59 - 2014-04-03 09:13 - 00000024 _____ () C:\Users\Ralf Pappers\AppData\Local\pdfshaper.ini
2014-04-10 15:59 - 2014-04-03 09:04 - 00000134 _____ () C:\Users\Ralf Pappers\AppData\Roaming\PDFShaper.ini
2014-04-10 10:33 - 2014-03-18 14:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Download Manager
2014-04-09 16:15 - 2013-01-22 12:22 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\ActivePresenter
2014-04-09 16:14 - 2014-02-21 11:31 - 00001382 _____ () C:\Users\Ralf Pappers\Desktop\Active Presenter.lnk
2014-04-09 15:28 - 2014-04-09 15:28 - 00000000 __SHD () C:\Users\Ralf Pappers\AppData\Local\EmieUserList
2014-04-09 15:28 - 2014-04-09 15:28 - 00000000 __SHD () C:\Users\Ralf Pappers\AppData\Local\EmieSiteList
2014-04-09 12:39 - 2014-04-09 12:39 - 00000000 ____D () C:\Users\Ralf Pappers\Downloads\Mac OS X Leopard
2014-04-09 10:27 - 2009-07-14 06:45 - 00671592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 09:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-09 09:26 - 2012-12-11 14:17 - 00204656 _____ () C:\Users\Ralf Pappers\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 09:18 - 2014-04-09 09:18 - 00001562 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-04-09 08:49 - 2014-04-08 15:12 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Package Cache
2014-04-09 08:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 08:47 - 2012-12-13 14:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 08:45 - 2013-07-30 13:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 08:44 - 2013-02-06 11:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-09 08:44 - 2013-02-06 11:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-09 08:44 - 2013-02-06 11:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-09 08:44 - 2012-12-11 14:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 08:43 - 2012-12-11 14:19 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Adobe
2014-04-08 15:45 - 2013-01-02 12:35 - 00000000 ____D () C:\Program Files (x86)\SQL Anywhere 12
2014-04-08 15:45 - 2012-12-13 16:52 - 00000141 _____ () C:\Windows\ODBC.INI
2014-04-08 15:45 - 2012-12-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-08 15:43 - 2014-01-22 10:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-08 15:18 - 2014-04-08 15:43 - 08946728 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll
2014-04-08 15:18 - 2014-04-08 15:43 - 07181352 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll
2014-04-08 13:48 - 2014-01-02 15:52 - 00001082 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-04-08 13:40 - 2012-12-12 12:46 - 00000000 ____D () C:\Program Files (x86)\Zeichnen
2014-04-08 13:37 - 2013-01-10 11:22 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\inkscape
2014-04-08 13:17 - 2013-04-05 16:13 - 00000000 ____D () C:\speechmedia
2014-04-08 13:02 - 2014-04-08 13:02 - 00006304 _____ () C:\Users\Ralf Pappers\AppData\Local\recently-used.xbel
2014-04-08 11:01 - 2014-04-08 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-04-08 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-08 10:57 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\Virtual Machines
2014-04-08 10:52 - 2012-12-06 11:18 - 00000000 ____D () C:\Program Files\Windows XP Mode
2014-04-07 12:10 - 2012-12-13 11:43 - 00000000 ____D () C:\iFuB
2014-04-07 11:30 - 2011-02-11 19:36 - 00000000 ____D () C:\Windows\panther
2014-04-07 11:14 - 2014-04-04 10:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 10:29 - 2014-04-02 14:17 - 00000000 ____D () C:\AdwCleaner
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\Users\Public\ABBYY
2014-04-04 15:31 - 2014-04-04 15:31 - 00000000 ____D () C:\ProgramData\ABBYY
2014-04-04 13:07 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Wondershare
2014-04-04 13:06 - 2014-04-04 13:06 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Wondershare
2014-04-04 11:33 - 2012-12-12 17:03 - 00001429 _____ () C:\Users\Ralf Pappers\Desktop\o2.box.lnk
2014-04-04 10:56 - 2014-04-04 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 14:16 - 2012-12-13 12:51 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\FileZilla
2014-04-03 11:48 - 2013-02-27 12:47 - 00013318 _____ () C:\ProgramData\hpzinstall.log
2014-04-03 11:31 - 2013-07-30 12:40 - 00266610 _____ () C:\Windows\hpwins22.dat
2014-04-03 11:30 - 2014-04-03 11:30 - 00000000 ____D () C:\HP-Drucker
2014-04-03 09:51 - 2014-04-04 10:56 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-04 10:56 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-04 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 09:16 - 2013-02-11 10:27 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-03 09:03 - 2014-04-03 09:03 - 00001091 _____ () C:\Users\Public\Desktop\PDF Shaper.lnk
2014-04-03 09:02 - 2014-04-03 09:02 - 00000025 _____ () C:\Users\Ralf Pappers\AppData\Local\trueburner.ini
2014-04-02 15:37 - 2014-04-02 15:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-02 15:34 - 2014-04-02 15:34 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 15:33 - 2014-04-02 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 15:31 - 2012-12-11 15:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-02 15:11 - 2014-04-02 14:38 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Mozilla
2014-04-02 14:57 - 2014-04-02 14:38 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Mozilla
2014-04-02 13:40 - 2013-02-13 13:46 - 00004136 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001UA
2014-04-02 13:40 - 2013-02-13 13:46 - 00003740 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-749763346-3248520431-3326687565-1001Core
2014-04-02 12:05 - 2014-04-02 12:05 - 00001103 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-04-01 15:53 - 2014-04-01 15:53 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Ashampoo Burning Studio FREE
2014-04-01 15:52 - 2012-12-13 10:26 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Ashampoo
2014-04-01 15:51 - 2012-12-13 10:26 - 00000000 ____D () C:\ProgramData\ashampoo
2014-04-01 15:30 - 2014-04-01 15:30 - 00000000 ____D () C:\Program Files (x86)\Versandhelfer
2014-04-01 15:30 - 2014-03-13 14:03 - 00000360 _____ () C:\Users\Ralf Pappers\AppData\Roaming\dpdhl.versandhelfer_state.xml
2014-04-01 15:30 - 2012-12-18 14:14 - 00000887 _____ () C:\Users\Public\Desktop\Versandhelfer.lnk
2014-04-01 13:44 - 2014-04-01 13:43 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Microsoft Games
2014-04-01 12:14 - 2013-02-07 11:15 - 00346112 _____ () C:\Users\Ralf Pappers\Documents\Ralf Pappers.stb
2014-03-31 15:13 - 2013-06-24 14:05 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Winamp
2014-03-31 14:59 - 2014-03-31 14:59 - 00002653 _____ () C:\Users\Public\Desktop\dodMover.lnk
2014-03-31 14:59 - 2014-03-31 14:58 - 00000000 ____D () C:\Program Files (x86)\DictaTeam
2014-03-31 14:59 - 2013-11-15 11:04 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\DictaTeam
2014-03-31 14:58 - 2014-03-31 14:58 - 00002661 _____ () C:\Users\Public\Desktop\dodConverter.lnk
2014-03-31 14:56 - 2014-03-31 14:55 - 00003016 _____ () C:\Windows\unins000.dat
2014-03-31 14:55 - 2014-03-31 14:55 - 00719243 _____ () C:\Windows\unins000.exe
2014-03-31 14:55 - 2014-03-31 14:55 - 00000000 ____D () C:\dod
2014-03-31 12:44 - 2014-03-31 12:44 - 00001123 _____ () C:\Users\Public\Desktop\TeamDrive 3.lnk
2014-03-28 16:54 - 2012-12-12 13:04 - 00000000 ____D () C:\Program Files\Zeichnen
2014-03-28 14:59 - 2014-03-12 13:54 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 14:59 - 2014-03-12 13:54 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 12:42 - 2014-03-28 12:42 - 00038434 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-03-28 12:38 - 2013-06-10 12:41 - 00038450 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2014-03-28 12:37 - 2013-05-29 11:30 - 00038441 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-03-27 14:23 - 2013-10-31 10:05 - 00000031 _____ () C:\Windows\DESKCALC.INI
2014-03-27 14:14 - 2012-12-14 14:51 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Textbausteinverwaltung
2014-03-27 12:44 - 2012-12-14 12:23 - 00000000 ____D () C:\Dragon-Cache
2014-03-26 19:01 - 2014-04-08 13:48 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-03-26 19:00 - 2014-04-08 13:48 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Program Files (x86)\Steganos Online-Banking Free
2014-03-26 14:56 - 2014-03-26 14:48 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\JS-Tools
2014-03-26 14:52 - 2014-03-26 14:52 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\wPlayer
2014-03-26 14:08 - 2014-01-02 15:53 - 00000000 ____D () C:\VMBox
2014-03-26 12:41 - 2012-12-13 16:49 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Lexware
2014-03-25 15:36 - 2012-12-14 11:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-03-25 14:24 - 2012-12-13 12:08 - 00000000 ____D () C:\Program Files (x86)\Datenbanken
2014-03-25 10:13 - 2013-07-30 11:54 - 00000000 ____D () C:\Users\Ralf Pappers\Documents\Lexware
2014-03-25 10:13 - 2012-12-13 16:53 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Roaming\Lexware
2014-03-24 14:15 - 2013-10-22 13:12 - 00000000 ___HD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by Starter)
2014-03-24 13:58 - 2014-01-23 16:57 - 00002900 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-03-24 13:58 - 2014-01-23 16:57 - 00001218 _____ () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-24 13:58 - 2013-11-26 11:40 - 00001194 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-24 13:51 - 2014-03-24 13:50 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Kalender1
2014-03-24 13:50 - 2012-12-11 14:19 - 00000000 ___RD () C:\Users\Ralf Pappers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 13:49 - 2013-01-04 10:25 - 00000000 ____D () C:\Users\Ralf Pappers\AppData\Local\Downloaded Installations
2014-03-24 12:37 - 2014-03-24 12:37 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\SysWOW64\FKStampPainter20.dll
2014-03-24 10:16 - 2013-01-03 12:30 - 00000000 ____D () C:\Users\Ralf Pappers\.mediathek3

Some content of TEMP:
====================
C:\Users\Ralf Pappers\AppData\Local\Temp\avgnt.exe
C:\Users\Ralf Pappers\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwd_r_x.dll
C:\Users\Ralf Pappers\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Ralf Pappers\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-14 13:34

==================== End Of Log ============================

--- --- ---

Backup: Ich spiele dann immer mein Firefox-Profil zurück, damit ich meine Einstellungen zurück erhalte. Mehr nicht. Der Rest des System bleibt unangetastet.

11.04.2014, 13:20	#9
Bootsektor Ruhe in Frieden † 2019	Download Protect in Firefox läßt sich nicht dauerhaft entfernen Alles klar, danke fürs Bescheidgeben. __________________ Grüße stolzes Mitglied von UNITE Du hast Lob oder Verbesserungsvorschläge? Du findest unsere Arbeit gut und möchtest uns finanziell unterstützen? -> Spende

Download Protect in Firefox läßt sich nicht dauerhaft entfernen

Plagegeister aller Art und deren Bekämpfung: Download Protect in Firefox läßt sich nicht dauerhaft entfernen