posadi17 im IE

lillimucki · 07.05.2014, 07:42

Guten Morgen liebes Trojaner-Board Team
dieses Thema wurde zwar schon einmal behandelt - aber da jeder PC anders konfiguriert ist, setze ich es noch einmal ein.
Der Link zu hxxp://posadi17.com ist nur im IE enthalten und erscheint im Taskmanager. Bisher habe ich einen "Bedrohungssuchlauf" mit AVAST! Premier durchgeführt - ohne Ergebnis. Desweiteren einen Suchlauf mit Malwarebytes und einen mit adwcleaner.

Malwarebytes:

Zitat:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 07.05.2014
Suchlauf-Zeit: 08:25:51
Logdatei: Malwarebytes Verlauf.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.07.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Heiner

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 282350
Verstrichene Zeit: 15 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)

(end)

ADWCleaner:

Zitat:

# AdwCleaner v3.207 - Bericht erstellt am 07/05/2014 um 08:28:29
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Heiner - HEINER-HP
# Gestartet von : C:\Users\Heiner\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0 (de)

[ Datei : C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\1kgkyran.default-1348578825969\prefs.js ]

[ Datei : C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\prefs.js ]

[ Datei : C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\nd9usbuj.default-1380281105346\prefs.js ]

*************************

AdwCleaner[R0].txt - [27866 octets] - [01/05/2014 19:34:29]
AdwCleaner[R1].txt - [27927 octets] - [01/05/2014 20:30:38]
AdwCleaner[R2].txt - [1225 octets] - [03/05/2014 09:33:24]
AdwCleaner[R3].txt - [1349 octets] - [03/05/2014 20:19:42]
AdwCleaner[R4].txt - [1864 octets] - [05/05/2014 11:58:51]
AdwCleaner[R5].txt - [1534 octets] - [06/05/2014 14:47:44]
AdwCleaner[R6].txt - [1273 octets] - [07/05/2014 08:28:29]
AdwCleaner[S0].txt - [27166 octets] - [01/05/2014 21:08:12]
AdwCleaner[S1].txt - [1286 octets] - [03/05/2014 09:34:40]
AdwCleaner[S2].txt - [1879 octets] - [05/05/2014 12:02:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1514 octets] ##########

Könnt Ihr mir helfen, diesen Eintrag zu beseitigen?
Liebe Grüße
lillimucki

schrauber · 07.05.2014, 08:43

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

lillimucki · 07.05.2014, 08:59

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Heiner (administrator) on HEINER-HP on 07-05-2014 09:51:24
Running from C:\Download\Sicherheit
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hollie-Soft) C:\Program Files (x86)\Klebezettel NG\klebez.exe
(Mirko Böer) C:\Program Files (x86)\AmP\AmP.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe
() C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Ascora GmbH) C:\Program Files (x86)\StartupStar\StartupStar.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(IMU-BerliNet) D:\Z-defrag RAM\zdefrag27\z-defrag\Z-defrag.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(The OpenVPN Project) C:\Program Files (x86)\Steganos Online Shield\openvpn64\openvpn.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Solvusoft Corporation) C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logicool, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Z-defragRAM] => D:\Z-defrag RAM\zdefrag27\z-defrag\Z-defrag.EXE [233536 2011-03-17] (IMU-BerliNet)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-06] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [Klebezettel NG] => C:\Program Files (x86)\Klebezettel NG\klebez.exe [4418048 2014-02-20] (Hollie-Soft)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [Alle meine Passworte] => C:\Program Files (x86)\AmP\AmP.exe [3792776 2011-05-25] (Mirko Böer)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [SOS_Agent] => C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe [4709720 2014-04-09] (Steganos Software GmbH)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [InetStat] => C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe [1260648 2014-04-26] ()
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [HideSCABattery] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [StartMenuLogOff] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Geburtstagsmahner.lnk
ShortcutTarget: Geburtstagsmahner.lnk -> D:\ZEHBESOFT\Geburtstagsmahner\GebAlert.exe (ZehbeSoft)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x521226656469CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\QUICKEN8\inet\common\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
URLSearchHook: HKLM-x32 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
URLSearchHook: HKLM-x32 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {274f31ad-f6cd-4945-bc41-ff5408939c05} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz Premium - {d9b15ccf-bdb7-4d41-82ee-7cdc09afc400} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022
FF Homepage: https://www.google.de/|hxxp://www.onlinetvrecorder.com/v2/?go=list&tab=search&station=&date=sinceregister&year=2014&fd=1&fm=1&td=31&tm=12&actor=&director=&minutes=&title=&times=0&intext=0&cbde=0&cbsing=0&cben=0&cbxy=0&cbfav=0&rating=0&weekday=&searchmethod=match&indatefrom=0&indateto=0&intimefrom=&intimeto=&genre=0&format=&source=my&filestate=&wdh=&fsk=&start=0&view=table&order=beginn&saveorder=beginn|hxxp://www.wetter.com/wetter_aktuell/wettervorhersage/heute/deutschland/obernzenn/DE0007791.html|hxxp://wetter.msn.com/local.aspx?wealocations=wc:8256724&q=Bad+Windsheim%2c+BY|hxxp://www.unwetterzentrale.de/uwz/getwarning_de.php?xpos=187&ypos=193&bland=bayern&lang=de|hxxp://www.unwetterzentrale.de/uwz/bayernindex.html
FF NetworkProxy: "socks_version", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Heiner\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary (de-DE), classical spelling standards - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\alterechtschreibung@googlemail.com [2013-10-30]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\de_DE@dicts.j3e.de [2014-03-22]
FF Extension: HashColouredTabs+ - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\hashcolouredtabs@bristol.ac.uk [2013-09-27]
FF Extension: LastPass - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\support@lastpass.com [2014-03-21]
FF Extension: New Tab Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\weidunewtab@gmail.com [2014-04-29]
FF Extension: Forecastfox - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-09-27]
FF Extension: ColorfulTabs - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-02]
FF Extension: DownloadHelper - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: New Tab King - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-05-06]
FF Extension: Add to Amazon Wish List Button - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\amznUWL2@amazon.com.xpi [2014-02-13]
FF Extension: Classic Theme Restorer - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-29]
FF Extension: IdentFavIcon - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\identfavicon@david.hanak.hu.xpi [2013-09-27]
FF Extension: Personas Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\personas@christopher.beard.xpi [2013-09-27]
FF Extension: S3.Google Translator - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\s3google@translator.xpi [2013-11-14]
FF Extension: FastestFox - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\smarterwiki@wikiatic.com.xpi [2014-02-13]
FF Extension: FlashGot - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-09-27]
FF Extension: Adblock Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF Extension: Tab Mix Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-27]
FF Extension: Torbutton - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2013-12-16]
FF Extension: Menu Editor - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-09-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-04-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-09-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-06]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-06] (AVAST Software)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-10-14] (DATA BECKER GmbH & Co KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2565632 2011-10-24] (Deutsche Telekom AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [318328 2014-04-09] (Steganos Software GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-05-15] ()
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-06] ()
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [318152 2010-05-15] (EldoS Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-04-27] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2012-12-06] (Abelssoft GmbH)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2012-05-23] (Devguru Co., Ltd)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-10] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2010-10-08] (Paragon Software Group)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2011-05-31] (Abelssoft GmbH)
R3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [54800 2008-02-29] (Logicool, Inc.)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [57360 2008-02-29] (Logicool, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [41488 2008-02-29] (Logicool, Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-10-08] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-10-08] (Paragon)
U2 TMAgent; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 09:51 - 2014-05-07 09:51 - 00000000 ____D () C:\FRST
2014-05-07 08:36 - 2014-05-07 08:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Solvusoft
2014-05-07 08:30 - 2014-05-07 08:30 - 00001594 _____ () C:\Users\Heiner\Desktop\AdwCleaner.txt
2014-05-07 08:26 - 2014-05-07 08:26 - 00001158 _____ () C:\Users\Heiner\Desktop\Malwarebytes Verlauf.txt
2014-05-07 01:02 - 2014-05-07 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 01:02 - 2014-05-07 01:01 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-06 16:55 - 2014-05-06 16:55 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (2)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (4)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (3)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST!
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST
2014-05-06 16:48 - 2014-05-06 21:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-06 16:48 - 2014-05-06 16:48 - 00002020 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00001960 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-06 16:48 - 2014-05-06 16:47 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-06 16:47 - 2014-05-06 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 16:47 - 2014-05-06 16:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-06 16:44 - 2014-05-06 16:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:42 - 2014-05-06 21:43 - 00000862 _____ () C:\Windows\setupact.log
2014-05-05 16:41 - 2014-05-05 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:40 - 2014-05-06 17:40 - 00088654 _____ () C:\Windows\PFRO.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000779 _____ () C:\Users\Heiner\AppData\Roaming\gdscan.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000000 _____ () C:\Users\Heiner\AppData\Roaming\gdfw.log
2014-05-05 16:21 - 2014-05-06 16:42 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-05 16:21 - 2014-05-05 16:21 - 00001962 _____ () C:\Windows\DPINST.LOG
2014-05-05 16:20 - 2014-05-06 16:41 - 00000000 ____D () C:\ProgramData\G Data
2014-05-05 16:18 - 2014-05-05 16:19 - 00033464 _____ () C:\Users\Heiner\Documents\cc_20140505_161846.reg
2014-05-05 16:14 - 2014-05-05 16:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 11:57 - 2014-05-05 11:57 - 01316991 _____ () C:\Users\Heiner\Desktop\adwcleaner.exe
2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-03 20:37 - 2014-05-03 20:37 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Trend Micro
2014-05-03 20:30 - 2014-05-03 20:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:30 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-03 20:30 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 20:23 - 2014-05-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-03 09:00 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 09:00 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 09:00 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 09:00 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 19:34 - 2014-05-07 08:29 - 00000000 ____D () C:\AdwCleaner
2014-04-30 15:57 - 2014-05-07 05:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 15:52 - 2014-04-30 15:52 - 00000000 ____D () C:\Users\Heiner\Documents\OneNote-Notizbücher
2014-04-30 13:08 - 2014-05-02 17:34 - 00000000 ___RD () C:\Users\Heiner\Desktop\Grafiken
2014-04-30 09:32 - 2014-04-30 09:33 - 00000450 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-30 08:27 - 2014-04-09 07:41 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140430-082747.backup
2014-04-29 16:12 - 2014-04-30 13:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 11:31 - 2014-05-06 21:44 - 00000266 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2014-04-29 11:31 - 2014-04-29 11:31 - 00002536 _____ () C:\Windows\System32\Tasks\StartupStar Firewall
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupStar
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\Program Files (x86)\StartupStar
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 09:48 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 09:42 - 2014-04-29 09:42 - 00001477 ____R () C:\Windows\AllemeinePassworte0_Uninstall.in
2014-04-29 09:42 - 2014-04-29 09:42 - 00000000 ____D () C:\Program Files\AmP
2014-04-29 09:42 - 2013-10-21 15:36 - 00583048 _____ (Mirko Böer) C:\Windows\AmPUn0.exe
2014-04-26 15:00 - 2014-04-26 15:00 - 00001132 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-26 14:36 - 2014-05-07 09:36 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {8F273583-E67F-4A5B-BE5B-F9941B213C99}.job
2014-04-26 14:36 - 2014-05-01 21:08 - 00001051 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-26 14:36 - 2014-04-26 14:36 - 00003252 _____ () C:\Windows\System32\Tasks\FF Watcher {8F273583-E67F-4A5B-BE5B-F9941B213C99}
2014-04-26 14:36 - 2014-04-26 14:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\InetStat
2014-04-26 14:35 - 2014-04-26 14:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieUserList
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieSiteList
2014-04-23 07:31 - 2014-04-09 07:41 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-073145.backup
2014-04-22 19:38 - 2014-04-22 19:39 - 00000041 _____ () C:\Users\Public\IK_PosLen.dat
2014-04-22 19:36 - 2014-04-22 19:37 - 00000000 ____D () C:\Program Files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 19:36 - 2014-04-22 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-IBAN-Konverter
2014-04-22 12:24 - 2014-04-22 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-04-21 01:26 - 2014-05-01 11:12 - 00001044 _____ () C:\Users\Heiner\Documents\DownloadScout.lst
2014-04-18 20:05 - 2014-04-18 20:30 - 00000000 ____D () C:\Users\Heiner\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2014-04-18 20:05 - 00001364 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk
2014-04-18 20:02 - 2014-04-18 20:05 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013
2014-04-17 17:56 - 2014-04-17 17:56 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM
2014-04-15 08:04 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 08:04 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-15 08:04 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 08:04 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-15 08:04 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 08:04 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 08:04 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-15 08:04 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-15 08:04 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 08:04 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-15 08:04 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-15 08:04 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 08:04 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 08:04 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-15 08:04 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-15 08:04 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-15 08:04 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-15 08:04 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-15 08:04 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 08:04 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-15 08:04 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-15 08:04 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-15 08:04 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-15 08:04 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-15 08:04 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-15 08:04 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 08:04 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-15 08:04 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-15 08:04 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-15 08:04 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 08:04 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-15 08:04 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 08:04 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-15 08:04 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-15 08:04 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 08:04 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-15 08:04 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-15 08:04 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-15 08:04 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 08:04 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 08:04 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-15 08:04 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-15 08:04 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-15 08:04 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 10:46 - 2014-04-12 10:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DataDesign
2014-04-12 10:45 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\Documents\Lexware
2014-04-12 10:31 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Lexware
2014-04-12 10:30 - 2014-04-17 19:32 - 00002978 _____ () C:\Users\Public\Desktop\Quicken DELUXE 2014.lnk
2014-04-12 10:30 - 2014-04-12 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2014-04-12 10:29 - 2014-04-12 10:31 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-12 10:29 - 2014-04-12 10:30 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-12 10:28 - 2014-04-12 10:31 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Lexware
2014-04-12 10:25 - 2014-04-12 10:25 - 00069662 _____ () C:\Users\Heiner\Downloads\PageDefrag232.zip
2014-04-10 11:53 - 2014-04-10 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2014-04-10 11:49 - 2014-04-10 11:49 - 00000000 ____D () C:\Windows\CryptoGuard
2014-04-09 21:10 - 2014-04-09 21:10 - 00001364 _____ () C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2014-04-09 14:16 - 2014-04-09 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-04-09 13:19 - 2014-01-23 05:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-04-09 13:19 - 2014-01-23 05:21 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-04-09 07:53 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:53 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:53 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:53 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:53 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:53 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:53 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:53 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:53 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:53 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:53 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:53 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:53 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:53 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:53 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:53 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:53 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 12:06 - 2014-04-07 12:06 - 00000926 _____ () C:\Users\Public\Desktop\PDF Bearbeiten.lnk

==================== One Month Modified Files and Folders =======

2014-05-07 09:51 - 2014-05-07 09:51 - 00000000 ____D () C:\FRST
2014-05-07 09:50 - 2013-02-05 08:55 - 00000000 ____D () C:\Program Files (x86)\FlashGet
2014-05-07 09:50 - 2012-03-08 17:31 - 00000000 ____D () C:\DVD-ColdCut
2014-05-07 09:36 - 2014-04-26 14:36 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {8F273583-E67F-4A5B-BE5B-F9941B213C99}.job
2014-05-07 09:00 - 2012-03-30 14:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 09:00 - 2012-03-08 15:58 - 01900082 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 08:36 - 2014-05-07 08:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Solvusoft
2014-05-07 08:36 - 2013-07-26 08:36 - 00003026 _____ () C:\Windows\System32\Tasks\DriverDoc_UPDATES
2014-05-07 08:36 - 2013-07-26 08:36 - 00000280 _____ () C:\Windows\Tasks\DriverDoc_UPDATES.job
2014-05-07 08:30 - 2014-05-07 08:30 - 00001594 _____ () C:\Users\Heiner\Desktop\AdwCleaner.txt
2014-05-07 08:29 - 2014-05-01 19:34 - 00000000 ____D () C:\AdwCleaner
2014-05-07 08:26 - 2014-05-07 08:26 - 00001158 _____ () C:\Users\Heiner\Desktop\Malwarebytes Verlauf.txt
2014-05-07 07:58 - 2012-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-07 07:49 - 2012-03-08 17:38 - 00000000 ____D () C:\Users\Heiner\Documents\Excel-Dateien
2014-05-07 05:36 - 2014-04-30 15:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 01:02 - 2014-05-07 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 01:01 - 2014-05-07 01:02 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-06 21:52 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 21:52 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 21:50 - 2012-03-09 14:39 - 00000000 ____D () C:\Users\Heiner\AppData\Local\CrashDumps
2014-05-06 21:45 - 2012-01-03 06:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-06 21:44 - 2014-04-29 11:31 - 00000266 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2014-05-06 21:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 21:43 - 2014-05-06 16:42 - 00000862 _____ () C:\Windows\setupact.log
2014-05-06 21:36 - 2014-05-06 16:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-06 17:40 - 2014-05-05 16:40 - 00088654 _____ () C:\Windows\PFRO.log
2014-05-06 17:12 - 2013-11-21 16:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-06 17:02 - 2012-04-13 17:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-06 17:02 - 2012-03-08 16:26 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Adobe
2014-05-06 17:01 - 2012-04-13 18:00 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Adobe
2014-05-06 16:55 - 2014-05-06 16:55 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (2)
2014-05-06 16:55 - 2012-10-01 15:07 - 00000000 ____D () C:\Users\Heiner\Documents\default
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (4)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (3)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST!
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST
2014-05-06 16:48 - 2014-05-06 16:48 - 00002020 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00001960 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-06 16:47 - 2014-05-06 16:48 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-06 16:47 - 2014-05-06 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 16:47 - 2014-05-06 16:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-06 16:44 - 2014-05-06 16:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:42 - 2014-05-05 16:21 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-06 16:41 - 2014-05-05 16:20 - 00000000 ____D () C:\ProgramData\G Data
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-05-06 16:31 - 2012-07-08 14:10 - 00000000 ____D () C:\Download
2014-05-06 15:40 - 2012-06-08 17:09 - 00000000 ___RD () C:\Users\Heiner\Desktop\*
2014-05-06 14:58 - 2012-06-25 20:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-06 14:33 - 2012-01-03 06:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-06 14:26 - 2012-03-08 17:32 - 00000000 ____D () C:\DVD-Filme-Archiv
2014-05-06 14:23 - 2012-03-08 18:55 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\vlc
2014-05-06 14:01 - 2013-01-27 14:23 - 00000000 ___RD () C:\Users\Heiner\Desktop\Texte
2014-05-06 13:04 - 2012-01-03 05:59 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-05-06 13:04 - 2012-01-03 05:59 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-05-06 13:04 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 08:00 - 2013-12-16 09:47 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Steganos VPN
2014-05-05 20:32 - 2012-03-08 16:13 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHeiner
2014-05-05 20:32 - 2012-03-08 16:13 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForHeiner.job
2014-05-05 16:44 - 2012-03-08 18:57 - 00000000 ___RD () C:\Users\Heiner\Desktop\Programme
2014-05-05 16:41 - 2014-05-05 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000779 _____ () C:\Users\Heiner\AppData\Roaming\gdscan.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000000 _____ () C:\Users\Heiner\AppData\Roaming\gdfw.log
2014-05-05 16:21 - 2014-05-05 16:21 - 00001962 _____ () C:\Windows\DPINST.LOG
2014-05-05 16:19 - 2014-05-05 16:18 - 00033464 _____ () C:\Users\Heiner\Documents\cc_20140505_161846.reg
2014-05-05 16:17 - 2012-12-06 21:27 - 00000000 ____D () C:\ProgramData\VSO
2014-05-05 16:17 - 2012-06-11 11:04 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\FileZilla
2014-05-05 16:17 - 2012-03-09 11:53 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Vso
2014-05-05 16:17 - 2012-03-08 17:01 - 00000000 ___DC () C:\Users\Heiner\AppData\Local\MigWiz
2014-05-05 16:14 - 2014-05-05 16:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 16:10 - 2012-01-03 06:34 - 00000000 ____D () C:\ProgramData\Norton
2014-05-05 11:57 - 2014-05-05 11:57 - 01316991 _____ () C:\Users\Heiner\Desktop\adwcleaner.exe
2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-03 20:37 - 2014-05-03 20:37 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Trend Micro
2014-05-03 20:30 - 2014-05-03 20:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:23 - 2014-05-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-02 17:34 - 2014-04-30 13:08 - 00000000 ___RD () C:\Users\Heiner\Desktop\Grafiken
2014-05-02 17:34 - 2012-03-15 15:14 - 00000000 ____D () C:\Ablage
2014-05-02 10:17 - 2012-03-11 00:17 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ZSGebmahner
2014-05-02 08:19 - 2012-12-05 13:56 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHEINER-HP$
2014-05-02 08:19 - 2012-12-05 13:56 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForHEINER-HP$.job
2014-05-01 21:08 - 2014-04-26 14:36 - 00001051 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-01 21:08 - 2012-08-27 11:32 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\CheckPoint
2014-05-01 20:58 - 2013-09-13 13:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-01 17:23 - 2012-03-11 14:54 - 00143360 _____ () C:\Users\Heiner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-01 17:23 - 2012-03-08 20:58 - 00000000 ____D () C:\Users\Heiner\AppData\Local\ColdCut
2014-05-01 11:12 - 2014-04-21 01:26 - 00001044 _____ () C:\Users\Heiner\Documents\DownloadScout.lst
2014-05-01 11:12 - 2013-04-07 10:39 - 00000170 _____ () C:\Users\Heiner\Documents\DownloadScout.filter
2014-05-01 11:12 - 2013-04-07 10:39 - 00000016 _____ () C:\Users\Heiner\Documents\DownloadScout.pos
2014-04-30 23:29 - 2012-03-30 14:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 23:29 - 2012-03-30 14:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 23:29 - 2012-01-03 06:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 19:30 - 2014-04-05 21:26 - 00001578 _____ () C:\Users\Heiner\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-04-30 19:30 - 2014-04-05 21:26 - 00001578 _____ () C:\FoxitReaderUpdateInfo.txt
2014-04-30 19:12 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-30 18:56 - 2012-03-08 16:13 - 00000000 ___RD () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-30 15:52 - 2014-04-30 15:52 - 00000000 ____D () C:\Users\Heiner\Documents\OneNote-Notizbücher
2014-04-30 13:25 - 2014-04-29 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-30 13:25 - 2012-04-24 19:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-30 12:19 - 2013-07-17 10:23 - 00000004 _____ () C:\Users\Heiner\Desktop\Heilerliste.txt
2014-04-30 09:33 - 2014-04-30 09:32 - 00000450 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-30 08:27 - 2009-07-14 04:34 - 00444891 ____R () C:\Windows\system32\Drivers\etc\hosts.20140507-073727.backup
2014-04-29 16:19 - 2012-03-08 18:08 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 16:01 - 2014-05-03 09:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-29 15:40 - 2014-05-03 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 09:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 12:20 - 2009-07-14 06:45 - 00389880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-29 12:18 - 2009-07-14 04:34 - 94371840 _____ () C:\Windows\system32\config\software.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 21757952 _____ () C:\Windows\system32\config\system.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 05505024 _____ () C:\Windows\system32\config\default.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.rcbak
2014-04-29 11:31 - 2014-04-29 11:31 - 00002536 _____ () C:\Windows\System32\Tasks\StartupStar Firewall
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupStar
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\Program Files (x86)\StartupStar
2014-04-29 11:31 - 2012-08-24 10:13 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Abelssoft
2014-04-29 11:31 - 2012-03-15 21:22 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Abelssoft
2014-04-29 10:59 - 2012-03-20 15:13 - 00000000 ____D () C:\Program Files (x86)\JetDrive
2014-04-29 10:37 - 2012-08-24 10:28 - 00099104 _____ () C:\Users\Heiner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-29 10:35 - 2012-10-08 16:22 - 00000000 ___RD () C:\Users\Heiner\Desktop\Systemwartung
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2012-09-25 10:59 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Malwarebytes
2014-04-29 09:48 - 2012-09-25 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 09:42 - 2014-04-29 09:42 - 00001477 ____R () C:\Windows\AllemeinePassworte0_Uninstall.in
2014-04-29 09:42 - 2014-04-29 09:42 - 00000000 ____D () C:\Program Files\AmP
2014-04-29 09:42 - 2012-03-27 09:05 - 00000730 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alle meine Passworte.lnk
2014-04-29 09:40 - 2012-03-27 09:05 - 00000000 ____D () C:\Program Files (x86)\AmP
2014-04-29 09:29 - 2013-12-07 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateYeti
2014-04-29 09:29 - 2013-12-07 23:09 - 00000000 ____D () C:\Program Files (x86)\UpdateYeti
2014-04-29 09:00 - 2014-02-22 00:01 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-26 15:00 - 2014-04-26 15:00 - 00001132 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-26 14:49 - 2014-04-26 14:35 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-26 14:36 - 2014-04-26 14:36 - 00003252 _____ () C:\Windows\System32\Tasks\FF Watcher {8F273583-E67F-4A5B-BE5B-F9941B213C99}
2014-04-26 14:36 - 2014-04-26 14:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\InetStat
2014-04-25 16:47 - 2012-01-03 06:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieUserList
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieSiteList
2014-04-24 19:24 - 2012-03-15 19:58 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-22 19:39 - 2014-04-22 19:38 - 00000041 _____ () C:\Users\Public\IK_PosLen.dat
2014-04-22 19:37 - 2014-04-22 19:36 - 00000000 ____D () C:\Program Files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 19:36 - 2014-04-22 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-IBAN-Konverter
2014-04-22 19:35 - 2013-06-11 15:05 - 00000000 ____D () C:\Users\Heiner\AppData\Local\VR-IK
2014-04-22 12:24 - 2014-04-22 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-04-21 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 18:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 20:46 - 2013-06-26 17:21 - 00000000 ____D () C:\ProgramData\Live Aquarium HD
2014-04-18 20:30 - 2014-04-18 20:05 - 00000000 ____D () C:\Users\Heiner\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2014-04-18 20:05 - 00001364 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk
2014-04-18 20:05 - 2014-04-18 20:02 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2012-03-09 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
2014-04-18 20:03 - 2012-03-12 00:16 - 00000000 ____D () C:\Program Files (x86)\NetObjects
2014-04-18 12:51 - 2009-07-14 04:34 - 00000236 _____ () C:\Windows\system.ini
2014-04-17 19:32 - 2014-04-12 10:30 - 00002978 _____ () C:\Users\Public\Desktop\Quicken DELUXE 2014.lnk
2014-04-17 19:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-17 17:56 - 2014-04-17 17:56 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM
2014-04-17 13:39 - 2012-07-25 19:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Auslogics
2014-04-17 09:35 - 2012-03-08 16:00 - 00000000 ____D () C:\Users\Heiner
2014-04-17 09:34 - 2013-09-03 09:33 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-04-17 09:34 - 2012-03-15 21:44 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\KlebezettelNG
2014-04-17 09:34 - 2012-03-09 14:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 20:05 - 2013-09-24 09:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-15 08:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 19:28 - 2011-02-11 19:00 - 00000000 ____D () C:\Windows\Panther
2014-04-14 04:24 - 2014-05-03 20:30 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-03 20:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 10:46 - 2014-04-12 10:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DataDesign
2014-04-12 10:45 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\Documents\Lexware
2014-04-12 10:45 - 2014-04-12 10:31 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Lexware
2014-04-12 10:31 - 2014-04-12 10:29 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-12 10:31 - 2014-04-12 10:28 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Lexware
2014-04-12 10:30 - 2014-04-12 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2014-04-12 10:30 - 2014-04-12 10:29 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-12 10:25 - 2014-04-12 10:25 - 00069662 _____ () C:\Users\Heiner\Downloads\PageDefrag232.zip
2014-04-10 11:53 - 2014-04-10 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2014-04-10 11:53 - 2013-12-16 09:46 - 00000000 ____D () C:\Program Files (x86)\Steganos Online Shield
2014-04-10 11:49 - 2014-04-10 11:49 - 00000000 ____D () C:\Windows\CryptoGuard
2014-04-10 11:49 - 2013-10-19 18:42 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-04-10 11:41 - 2013-10-19 18:42 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-04-10 11:41 - 2013-10-19 18:42 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-04-10 11:41 - 2013-10-19 18:42 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-04-09 21:10 - 2014-04-09 21:10 - 00001364 _____ () C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2014-04-09 21:10 - 2012-12-23 16:55 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-09 21:10 - 2012-09-28 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-04-09 21:10 - 2012-09-28 20:09 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DVDVideoSoft
2014-04-09 14:16 - 2014-04-09 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-04-09 09:07 - 2012-03-08 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 09:05 - 2013-08-14 19:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 09:01 - 2012-03-11 10:55 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 07:41 - 2014-04-30 08:27 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140430-082747.backup
2014-04-09 07:41 - 2014-04-23 07:31 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-073145.backup
2014-04-08 19:39 - 2012-12-05 14:07 - 00168862 _____ () C:\Windows\SysWOW64\AdobeFnt.lst
2014-04-08 16:15 - 2014-03-25 10:40 - 00000010 _____ () C:\Users\Heiner\AppData\Roaming\pdfdrawcodec.dll
2014-04-07 12:14 - 2014-03-25 10:40 - 00000000 ____D () C:\Program Files (x86)\PDFBearbeiten
2014-04-07 12:06 - 2014-04-07 12:06 - 00000926 _____ () C:\Users\Public\Desktop\PDF Bearbeiten.lnk
2014-04-07 12:06 - 2014-03-25 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFBearbeiten

Files to move or delete:
====================
C:\Users\Heiner\AppData\Roaming\CamLayout.ini
C:\Users\Heiner\AppData\Roaming\CamShapes.ini
C:\Users\Public\IK_PosLen.dat
C:\Users\Public\VR-IBAN-Konverter.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-21 16:45

==================== End Of Log ============================

--- --- ---

lillimucki · 07.05.2014, 22:03

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by Heiner at 2014-05-07 09:52:11
Running from C:\Download\Sicherheit
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

1&1 SmartFax (HKLM-x32\...\1&1 SmartFax) (Version: 2.00.231 - 1&1 Internet AG)
5CentSMS (HKLM-x32\...\{75839B2F-771F-4472-80B0-7A229675FF77}) (Version: 2.05.0000 - Wolfgang Wirth IT-Design)
5CentSMS (HKLM-x32\...\{90141793-E338-4EEB-B7E8-8CDED19D908D}) (Version: 2.01.0200 - Wolfgang Wirth IT-Design)
5CentSMS (HKLM-x32\...\{B231FF69-59F2-473E-A56C-68A123F3F220}) (Version: 2.08.0000 - Wirth IT-Design)
7 Wonders II (HKLM-x32\...\7 Wonders II) (Version:  - )
7-PDF Split & Merge Version 2.0.3 (Build 264) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.3 (Build 264) - 7-PDF, Germany - Thorsten Hodes)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
aborange Crypter - Deinstallation (HKLM-x32\...\aborange Crypter_is1) (Version: 2.21 - Mathias Gerlach [aborange.de])
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AKVIS Refocus (HKLM\...\{C6059B1A-E091-4B1D-8040-64DB2F932FFB}) (Version: 4.0.344.10160 - AKVIS)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}) (Version: 3.1.45.72435 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 3.1.45.72435 - Alcor Micro Corp.) Hidden
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 14 v.14.0.1 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo DE Toolbar (HKLM-x32\...\Ashampoo_DE Toolbar) (Version: 6.8.5.1 - Ashampoo DE) <==== ATTENTION
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\{4209F371-A431-385E-2D7E-ACDA5DA3BA0B}_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Internet Accelerator 3.20 (HKLM-x32\...\Ashampoo Internet Accelerator 3_is1) (Version: 3.2.0 - ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 10 v.10.2.5 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.02.05 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{96F38867-9D41-683C-DF60-034A731C37FE}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{7108738A-F48C-4FC9-80A1-4B70254270DF}) (Version: 9.1.13600.0 - RapidSolution Software AG)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.5 - Auslogics Software Pty Ltd)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Beetle Ju 2 VOLLVERSION (HKLM-x32\...\Beetle Ju 2 VOLLVERSION) (Version:  - )
Beetle Ju 3 (HKLM-x32\...\Beetle Ju 3) (Version: 0.0.0.0 - INTENIUM GmbH)
Benutzerhandbuch - Grundlagen EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Bog) (Version:  - )
Benutzerhandbuch EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Useg) (Version:  - )
Bilder-Puzzle (HKLM-x32\...\{97848E7B-79AE-4EFD-B93A-5351E5FCF027}) (Version: 1.4.0 - BEGAware)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0531.2216.38124 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help English (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help French (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help German (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
ccc-utility64 (Version: 2011.0531.2216.38124 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ColdCut (HKLM-x32\...\{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1) (Version: ColdCut - © Jan Brummelte)
COMPUTERBILD-Abzockschutz Premium (HKLM\...\{9EC116D4-C0AE-4F53-987C-249848D8B393}) (Version: 1.0.32 - J3S)
concept/design Video Jukebox (HKLM-x32\...\{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1) (Version: 1.3.0.0 - concept/design GmbH)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
CryptBox (HKLM-x32\...\CryptBox_is1) (Version: 1.2 - Abelssoft GmbH)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
CVE-2012-1889 (HKLM\...\{06b2b7ed-809a-44e6-8538-ca0f5b74ecc4}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{29447369-6968-4e86-a208-603f6f0771a6}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{393ffabe-5a1a-43b3-8e03-8f573e1e0d01}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{7d32ab1f-1858-4373-a75a-b7cd8feb5d92}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{f300e352-12de-4e7f-ace3-a376874402b6}.sdb) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATA BECKER CD-DVD Druckerei 7 (HKLM-x32\...\CD-DVD Druckerei 7_is1) (Version: 7.50.0.40 - DATA BECKER GmbH & Co. KG)
DATA BECKER CD-DVD Druckerei 7 Demo (HKLM-x32\...\CD-DVD Druckerei 7 Demo_is1) (Version: 7.50.0.40 - DATA BECKER GmbH & Co. KG)
DATA BECKER CD-DVD Druckerei 7 LE (HKLM-x32\...\CD-DVD Druckerei 7 LE_is1) (Version: 7.50.0.30 - DATA BECKER GmbH & Co. KG)
DATA BECKER CD-DVD Druckerei 8 (HKLM-x32\...\CD-DVD Druckerei 8_is1) (Version: 8.0.0.1200 - DATA BECKER GmbH & Co. KG)
DDBAC (HKLM-x32\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery)
DesignPro 5 (x32 Version: 5.5.708 - Avery) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.2010.6.23 - INTENIUM GmbH)
DEUTSCHLAND SPIELT Spiele Post (HKLM-x32\...\DEUTSCHLAND SPIELT Spiele Post) (Version: 1.0.3.0 - INTENIUM GmbH)
Die verzauberten Inseln (HKLM-x32\...\Die verzauberten Inseln) (Version:  - )
Die Welt der Puzzle: Jigsaw Boom (HKLM-x32\...\Die Welt der Puzzle: Jigsaw Boom) (Version: 1.0.0.0 - INTENIUM GmbH)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DriverDoc (HKLM-x32\...\DriverDoc_is1) (Version: 1.52.1086.14425 - Solvusoft Corporation)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVDFab 8.1.5.6 (17/01/2012) Qt (HKLM-x32\...\DVDFab Mein Filmkopierer_is1) (Version:  - Fengtao Software Inc.)
DVDFab Passkey 8.0.6.5 (28/06/2012) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version:  - Fengtao Software Inc.)
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Netg) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ExtremeCopy (HKLM\...\{DFCE9296-5A54-468F-A0A9-98B978DFCD26}) (Version: 2.1.0000 - Easersoft)
ffdshow [rev 2946] [2009-05-15] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version:  - balesio AG)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version:  - )
Folder Colorizer version 1.0.2 (HKLM\...\{A133E9CD-2879-4F30-87D4-1604AFD5C5CC}_is1) (Version: 1.0.2 - Softorino)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.10.1213 - Foxit Corporation)
FRANZIS onlineTV 8 (HKLM-x32\...\{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1) (Version: 8.5.0.4 - FRANZIS Verlag GmbH)
Free MP4 Video Converter version 5.0.21.1212 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Sound Recorder v9.6.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright(C) 2005-2013 FreeSoundRecorder Technologies, Inc.)
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.11.812 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.11.812 - DVDVideoSoft Ltd.)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
GMX MediaCenter 1.5.1765.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.5.1765.0 - 1&1 Mail & Media GmbH)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
honestech Audio Recorder 2.0 Deluxe (HKLM-x32\...\{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}) (Version: 2.0 - honestech)
honestech Audio Recorder 2.0 Deluxe (x32 Version: 2.0 - Honest Technology) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.200.0 - ATI Technologies Inc.) Hidden
IBAN Finder (HKLM-x32\...\IBANFinder_is1) (Version: 1.00 - Abelssoft)
InetStat (HKCU\...\InetStat) (Version: 0.3 - InetStat)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 7.0 - Abelssoft)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Klebezettel NG (Version 2.9.14) (HKLM-x32\...\{4F81901F-3655-4340-8227-F687F69A3C79}}_is1) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.6.0.1277 - Telekom)
Mein Foto-Puzzle (HKLM-x32\...\{937C2799-B8DD-4519-96B2-4E2E84EF5B1E}) (Version:  - )
Meine CEWE FOTOWELT (HKLM-x32\...\Meine CEWE FOTOWELT) (Version:  - )
Meine Dienste Software (HKLM\...\Meine Dienste Software) (Version: 2.0.5.0 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_x64 (HKLM\...\{17106CA8-E65A-4D02-95BE-79AF8C698935}) (Version: 1.0.0 - Microsoft)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Mini Golf Pro (HKLM-x32\...\MiniGolfPro_is1) (Version: 1.0 - Media Contact LLC)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Firefox Packages (HKCU\...\Mozilla Firefox Packages) (Version:  - ) <==== ATTENTION
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 de)) (Version: 24.1.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiScreen (HKLM-x32\...\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}) (Version: 1.00.0000 - Samsung Electronics Ltd.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2013 - Abelssoft)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NetObjects Fusion 1&1 Edition (HKLM-x32\...\{60EED176-F138-4806-8EF9-4D977CC6E168}) (Version: 11.0 German - )
NetObjects Fusion 12.0 (HKLM-x32\...\{7DEEA62D-0588-4CF7-BE8A-10CA691D087F}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (HKLM-x32\...\{CA6182A0-26EA-4B4E-80BA-850A7C680FCB}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden
NetObjects Fusion 2013 (HKLM-x32\...\{CF34818E-AB90-4134-A7E3-63B2EA6F3CCC}) (Version: 13.0 - NetObjects)
NetObjects Fusion 2013 (x32 Version: 13.00.0000.5529 - NetObjects) Hidden
Netzmanager (Version: 1.07 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Paragon Backup & Recovery™ 10 Home (HKLM-x32\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
PC Fresh (HKLM-x32\...\PC Fresh_is1) (Version: 2012 - Abelssoft GmbH)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version:  - )
PDFBearbeiten V2.0.5 (HKLM-x32\...\PDFBearbeiten_is1) (Version:  - hxxp://www.PDFBearbeiten.net)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Quicken DELUXE 2014 (HKLM-x32\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
RAMRush 1.0.6.917 (HKLM-x32\...\RAMRush_is1) (Version:  - FTweak, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6953 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Ritter Arthur (HKLM-x32\...\Ritter Arthur) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur II (HKLM-x32\...\Ritter Arthur II) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ShiftN 3.6.1 (HKLM-x32\...\ShiftN_is1) (Version: 3.6.1 - Marcus Hebel)
Simply Good Pictures 2 (HKLM-x32\...\{DD2FEA6F-5AC2-46B2-0001-C2A0C077FD2C}) (Version: 2.0.12.1210 - Engelmann Media GmbH)
SiSoftware Sandra Lite 2013.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.29.2013.3 - SiSoftware)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SoftMaker Office 2010 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB00}) (Version: 10.0.600 - SoftMaker Software GmbH)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
StartupStar (HKLM-x32\...\{C8A6121E-BE35-418D-91EF-A9536DA70B36}_is1) (Version: 6.2 - Abelssoft)
Stegano.Net (HKCU\...\d734575cd6cff35b) (Version: 2.1.1.9 - Svenomenal.Net)
Steganos Online Shield (HKLM-x32\...\{896614ED-00BD-4E0C-99AB-01C76EE416D9}) (Version: 1.3.1 - Steganos Software GmbH)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.3 - Krzysztof Kowalczyk)
SuperEasy Video Converter 2 v.2.1.2296 (HKLM-x32\...\{039BC111-5D42-BD22-5D57-C7073E40209A}_is1) (Version: 2.1.2296 - SuperEasy Software GmbH & Co. KG)
Task ForceQuit Pro version 1.0.2 (HKLM\...\{61F50A30-6EE3-413B-B090-C94C0C3244C9}_is1) (Version: 1.0.2 - Softorino)
Uninstall Abelssoft Backup (HKLM-x32\...\Abelssoft Backup_is1) (Version: 2.2 - Abelssoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
UpdateYeti (HKLM-x32\...\UpdateYeti_is1) (Version: 2.16 - Abelssoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VR-IBAN-Konverter (HKLM-x32\...\{6942F598-FD76-405A-A242-1C888519F9FD}) (Version: 1.00.0028 - Genossenschaftliche FinanzGruppe)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.44 - VSO-Software SARL)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1420 - 1&1 Mail & Media GmbH)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.6.6 - Shark007)
Windows 7 Tweaker 3.8 (HKLM-x32\...\{36349091-DAA6-40C5-AB31-5EFAF8291263}) (Version: 3.8.0.0 - SuRe Softwares)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.46-1 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.9.0.16 - Winload)
WinSweeper 2.1 (HKLM-x32\...\{96E8A815-3053-4616-AAC2-865E6B1792F5}_is1) (Version:  - Solvusoft Corporation)
Wondershare PDF to Word (Build 4.0.1) (HKLM-x32\...\{90599D63-1879-4B90-BE4F-051CE70FA576}_is1) (Version: 4.0.1 - Wondershare Software)
Z-defragRAM (HKLM-x32\...\{0F9F096B-9EF0-43A2-91C8-4613835312F7}) (Version: 2.7 - IMU Andreas Baumann)
ZehbeSoft Geburtstagsmahner (HKLM-x32\...\ZehbeSoft Geburtstagsmahner) (Version: 3.2 - ZehbeSoft)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Restore Points  =========================

03-05-2014 07:00:21 Windows Update
03-05-2014 18:30:19 Windows Update
05-05-2014 14:08:08 Revo Uninstaller's restore point - Norton 360
06-05-2014 12:32:09 Removed Adobe Reader XI (11.0.06) - Deutsch.
06-05-2014 12:57:40 Removed Skype Click to Call
06-05-2014 14:39:19 Revo Uninstaller's restore point - G Data InternetSecurity CBE
06-05-2014 14:47:02 avast! antivirus system restore point
06-05-2014 15:11:56 Removed QuickTime
06-05-2014 21:50:04 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-07 07:37 - 00444891 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {03D6FB05-C018-4B16-834D-B64B8425CFD2} - System32\Tasks\{E7C6475D-13BF-4367-BEDB-344C52D2FC52} => C:\Program Files (x86)\DATA BECKER\CD-DVD Druckerei 7 LE\cdd7le.exe [2009-11-17] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de))
Task: {0CCEF991-AF3A-4914-994A-127FDBE4FE94} - System32\Tasks\{143D7CC1-9826-4A3B-B0B8-887846BB2997} => C:\WINPROV\PROVEX.EXE [2000-03-25] ()
Task: {0D0A0414-324E-4A06-BC84-8A9D5863B338} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0D0EE8AC-C4A9-4D78-B869-C33C2809A9ED} - System32\Tasks\{39756720-27CA-45B3-9847-3DF5927AD718} => C:\Users\Heiner\Documents\Downloads\microphotoed.exe
Task: {0D1B33CC-D3EA-48B0-820F-671514EFD303} - System32\Tasks\{DB1315A6-2C30-499B-8F26-F7973DF83172} => C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 11\burningstudio11.exe [2012-01-18] (Ashampoo)
Task: {1609A182-F4DC-48EA-B5B3-1C3CD40F99D3} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {165AD554-71FC-45FC-9430-C553BAC120F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-06] (AVAST Software)
Task: {1A9A5B66-0D5B-4190-B793-646C1EDDA43C} - System32\Tasks\{8FC815E3-5A81-4D90-9ADF-737CE24785E1} => C:\NOF 11\NetObjectsFusion11.exe
Task: {1EC9D076-1AA8-4A1D-B90D-1D8EC910C4AB} - System32\Tasks\{286DE59C-5619-45D6-834D-03B42686049B} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\RitterArthur3\RitterArthur3_og.exe [2011-09-19] ()
Task: {29E571DF-D89B-42BF-AF28-9FA2B2805E6B} - System32\Tasks\HPCeeScheduleForHEINER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {2A6E74B7-40CE-4752-86AF-0C328F55055B} - System32\Tasks\{2DA69B64-ACB1-43A5-AE76-8900DC574D7C} => C:\Users\Heiner\Documents\Downloads\microphotoed.exe
Task: {2AB24122-0EAE-4D37-AD6D-115C5DACA819} - System32\Tasks\{F5AB068E-5947-4A04-A33A-3BAE76C0A58F} => D:\Downloads\DVD\DVD Shrink.exe [2012-04-26] (www.download-sponsor.de)
Task: {2FA97941-05B6-456A-970F-B86D4E42CB4D} - System32\Tasks\{05D9FB28-AC1E-407D-A26C-DA992299B262} => D:\Patiencen\patipak.exe
Task: {36BC8854-528E-4ECD-B3B2-30427E2B4DBB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {37E5C3AD-7A5E-4907-AF0E-2A1A4B903E9C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3B6BD6B2-32F8-43A4-AE88-8ABE6B5B60AF} - System32\Tasks\{A377CDEC-6265-47E7-8F95-306EB96A1348} => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-02-14] (Samsung Electronics Co., Ltd.)
Task: {4221945C-C938-4607-8907-E63519C9551A} - System32\Tasks\{A0CF2158-4F2D-4BF8-8D35-01927F7722EA} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\RitterArthur3\RitterArthur3_og.exe [2011-09-19] ()
Task: {424CF20A-196B-4F8C-826B-0C2D8E98817E} - System32\Tasks\{E9F64151-59BB-4A2D-AEFD-FC9974E909F4} => C:\WINPROV\PROVEX.EXE [2000-03-25] ()
Task: {42E1DCCC-B1BF-4AF6-9082-5521B983EAD7} - System32\Tasks\{3FA3D464-BB66-475A-B67D-41777D09EEC3} => D:\Downloads\DVD\DVD Shrink.exe [2012-04-26] (www.download-sponsor.de)
Task: {453C0A7C-83FF-49C0-AFE6-518B3F880312} - System32\Tasks\{DEDB5CEF-F8C3-4398-86B8-2F69CAADB9D6} => D:\Downloads\DVD\DVD Shrink.exe [2012-04-26] (www.download-sponsor.de)
Task: {48548F49-79B5-439E-BD63-BB645E444317} - System32\Tasks\{207771AB-87A6-4DA6-8285-CF3225B2A6FE} => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-02-14] (Samsung Electronics Co., Ltd.)
Task: {4B790BF0-52BB-4A57-AAB5-5EA1741814A3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4B80B91B-8307-47AC-AEA8-B16CACE2AAC9} - System32\Tasks\FF Watcher {8F273583-E67F-4A5B-BE5B-F9941B213C99} => C:\Program Files\V-bates\PrefHelper.exe
Task: {4DF67846-6F85-4FBA-8C84-92E8C31CBBEA} - System32\Tasks\{DDA70186-FED9-4946-A4E5-90AE5103A6C6} => X:\Thumbs32\Thumbs.exe
Task: {5237A3A7-6A27-4E1C-A70A-7A817A0DCF40} - System32\Tasks\{12E7D124-9590-48FC-8C30-547A37A68900} => C:\Program Files (x86)\DVDFab Mein Filmkopierer\Passkey_mogen312.exe
Task: {66528F0E-CFBD-4D0D-87F1-D661A3BE1FBE} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe [2013-04-24] (Crystal Dew World)
Task: {67F44284-F367-4C9D-90A1-F7628BE33035} - System32\Tasks\{83FE75BE-B444-46C9-A8A4-9274D571B556} => F:\win-7\ZEHBESOFT\Geburtstagsmahner\GebEdit.exe
Task: {6BE2A88D-AFF1-4046-90EA-3C66762BCBE6} - System32\Tasks\{209CAB11-0569-48BA-A020-3405E26449F0} => C:\Program Files (x86)\DVDFab Mein Filmkopierer\Passkey_mogen312.exe
Task: {72A59A48-08AF-4E49-975F-D544BC45CD28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {7704E756-7309-439C-A5E2-56B395184E2A} - System32\Tasks\{438D002F-EBA9-4FC8-AA1A-9B602940377B} => C:\NOF 11\NetObjectsFusion11.exe
Task: {7C912EB6-4593-4537-B120-C469A0A6837D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {85801777-28B0-485C-8D8B-AF94227BF0EF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {878271C5-0B38-4CE7-B583-0D36C70E2365} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {87EDEAE0-DA83-40A4-A60A-A3E5040F8E09} - System32\Tasks\{7490306D-356B-4D80-97AF-2B7C26FCE2D4} => C:\Users\Heiner\Downloads\Kies_2.3.2.12054_19_1.exe [2012-06-08] (Samsung Electronics Co., Ltd.                                )
Task: {8C42A418-E1EA-49AB-A69A-0A4C0D1F8C74} - System32\Tasks\StartupStar Firewall => C:\Program Files (x86)\StartupStar\StartupStar.exe [2014-03-18] (Ascora GmbH)
Task: {90A52081-54D3-41C9-A716-2FC4C72651E0} - System32\Tasks\{49E87411-F615-466C-A839-E14238618FC4} => C:\Program Files (x86)\DATA BECKER\CD-DVD Druckerei 7 LE\cdd7le.exe [2009-11-17] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de))
Task: {966E6D5F-106F-49AB-B5FA-C9DF9804F216} - System32\Tasks\{80F1F312-D9D8-4DA4-823B-6DF6ABFF1515} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\RitterArthur3\RitterArthur3_og.exe [2011-09-19] ()
Task: {9ECF9C3F-75BC-4EFD-8B02-8A6444E23255} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A3DC59AD-14C1-4C91-895F-6EC6E38C8443} - System32\Tasks\{67C7E33E-52E7-4178-A345-0E3D8CAD952B} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 1&amp;1 Edition\Fusion-Lite.exe
Task: {A62736E5-9D6E-4A26-AB14-8287D164AAA3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AEF931EC-C9E8-4371-862E-30A3D0DA95F0} - System32\Tasks\HPCeeScheduleForHeiner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {B0C2DCF1-AECD-4B21-8458-36EAE5960904} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-08-23] (Hewlett-Packard)
Task: {B0F7ADAA-23FD-4EC8-B928-A78F68B13C51} - System32\Tasks\{61591E19-00CD-40E5-A9E8-696A42DAD574} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\RitterArthur3\RitterArthur3_og.exe [2011-09-19] ()
Task: {B9105CF7-19C2-4205-9224-06B5F3F14B6A} - System32\Tasks\{EB6A9F57-B403-4D44-BD31-56C56A204518} => C:\WINPROV\PROVEX.EXE [2000-03-25] ()
Task: {BE646BB8-623C-40DF-B571-5C122D2E58BD} - System32\Tasks\DriverDoc_UPDATES => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe [2012-10-05] (Solvusoft Corporation)
Task: {C1C02DBB-0AE1-48A7-A5D3-387EC2D1C68D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {C64420B8-4465-4EE9-9CCA-85904DBC77DB} - System32\Tasks\{4525A462-29D6-4A40-9289-9B0E7021CA28} => C:\WINPROV\PROVEX.EXE [2000-03-25] ()
Task: {CEC38045-575A-42D5-8204-B9E04D7244CA} - System32\Tasks\{A1452094-D68B-4CEE-9064-5891FA62E8F8} => D:\NetObjektsFusion 11\Fusion-Lite.exe
Task: {CECC5E33-2091-4998-8415-5494311B52BF} - System32\Tasks\{4861292C-014D-4292-A21B-416D290D9B54} => C:\Program Files (x86)\DATA BECKER\CD-DVD Druckerei 7 LE\cdd7le.exe [2009-11-17] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de))
Task: {D391985E-09C3-4E96-9671-28C0F3180469} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {DE047D14-82B0-4CDA-8FAD-515FC2EC427E} - System32\Tasks\{B799625F-375D-4E0A-A224-259E5A3994F7} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 1&amp;1 Edition\Fusion-Lite.exe
Task: {DF04659D-50AF-4868-9408-27B54EEDD648} - System32\Tasks\{08E77ADF-4B60-4664-9037-41FB83E10982} => F:\win-7\ZEHBESOFT\Geburtstagsmahner\GebEdit.exe
Task: {E0257E8C-AFC0-4A4E-AF90-8E31B20AA4A0} - System32\Tasks\{32596735-6652-415C-8E6B-01D767887CAD} => C:\Program Files (x86)\DVDFab Mein Filmkopierer\Passkey_mogen312.exe
Task: {E03A4BB7-C7AD-4C89-9271-7EFB937678E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {E2BD79FF-9419-448C-982E-D9BCEEDF9A44} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {E54D9390-CCBB-4D37-9881-0B7510C51376} - System32\Tasks\{937B2B51-FA12-4CC1-9D67-A9E8AE4B11D8} => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-02-14] (Samsung Electronics Co., Ltd.)
Task: {EBE7B988-F210-407D-973A-B23CC42B637F} - System32\Tasks\NetFusion 12 => C:\Program Files (x86)\NetObjects\NetObjects Fusion 12.0\Fusion.exe [2011-12-05] (NetObjects)
Task: {FA6E6733-24EE-477D-9C37-B0E8F89E927A} - System32\Tasks\{59736D31-F61C-4388-955C-F5DCE4C388B8} => C:\Users\Heiner\Documents\Downloads\microphotoed.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverDoc_UPDATES.job => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe
Task: C:\Windows\Tasks\FF Watcher {8F273583-E67F-4A5B-BE5B-F9941B213C99}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHEINER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeiner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\StartupStar Firewall.job => C:\Program Files (x86)\StartupStar\StartupStar.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-08-20 18:42 - 2012-07-30 09:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2014-04-26 14:36 - 2014-04-26 14:35 - 01260648 _____ () C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe
2014-04-29 11:31 - 2014-03-18 13:32 - 00053536 _____ () C:\Program Files (x86)\StartupStar\AbSettings.dll
2014-04-29 11:31 - 2014-03-18 13:32 - 01398560 _____ () C:\Program Files (x86)\StartupStar\AbGui.dll
2014-04-29 11:31 - 2014-03-18 13:32 - 00014112 _____ () C:\Program Files (x86)\StartupStar\AbAutostartManager.dll
2014-04-29 11:31 - 2014-03-18 13:32 - 00041248 _____ () C:\Program Files (x86)\StartupStar\AbApi.dll
2014-04-29 11:31 - 2014-03-18 13:32 - 00039712 _____ () C:\Program Files (x86)\StartupStar\StartupLogic.dll
2013-09-13 13:17 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-06-01 08:14 - 2011-06-01 08:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-04-12 02:20 - 2011-04-12 02:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-12 02:20 - 2011-04-12 02:20 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2014-04-08 17:42 - 2014-04-08 17:42 - 00199336 _____ () C:\Program Files (x86)\Steganos Online Shield\openvpn64\liblzo2-2.dll
2014-04-08 17:42 - 2014-04-08 17:42 - 00117464 _____ () C:\Program Files (x86)\Steganos Online Shield\openvpn64\libpkcs11-helper-1.dll
2014-05-06 21:37 - 2014-05-06 21:37 - 02253824 _____ () C:\Program Files\AVAST Software\Avast\defs\14050601\algo.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-06 16:47 - 2014-05-06 16:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-12-20 20:27 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2012-12-20 20:27 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2012-12-20 20:27 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2012-12-20 20:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2012-12-20 20:27 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2012-12-20 20:27 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-04-29 16:12 - 2014-04-22 11:25 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-21 10:13 - 2014-03-21 10:13 - 01020928 _____ () C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-04-29 09:01 - 2014-04-30 23:29 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2012-03-08 18:11 - 2013-10-24 01:20 - 03008624 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2012-03-08 18:11 - 2013-10-24 01:20 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2012-03-08 18:11 - 2013-10-24 01:20 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-07-26 08:35 - 2012-09-24 16:35 - 00168448 _____ () C:\Program Files (x86)\DriverDoc\unrar.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:B24B19F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UxTuneUp => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^honestech Audio Recorder 2.0 Deluxe Launcher.lnk => C:\Windows\pss\honestech Audio Recorder 2.0 Deluxe Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => 
MSCONFIG\startupfolder: C:^Users^Heiner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Alamandi tray notifier => 
MSCONFIG\startupreg: Alle meine Passworte => C:\PROGRA~2\AMP\AMP.EXE
MSCONFIG\startupreg: COMPUTERBILD-Abzockschutz Premium => "C:\Program Files (x86)\COMPUTERBILD-Abzockschutz Premium\bin\COMPUTERBILD-Abzockschutz Premium.exe"
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: Spiele Post => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2014 09:49:52 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17041, Zeitstempel: 0x53180888
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002853
ID des fehlerhaften Prozesses: 0x16b4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/06/2014 09:44:38 PM) (Source: Service1) (User: ) (EventID: 0)
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/06/2014 09:36:15 PM) (Source: Service1) (User: ) (EventID: 0)
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/06/2014 06:01:52 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17041, Zeitstempel: 0x53180888
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002853
ID des fehlerhaften Prozesses: 0x1730
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/06/2014 06:00:41 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17041, Zeitstempel: 0x53180888
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002853
ID des fehlerhaften Prozesses: 0xce4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/06/2014 05:58:59 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17041, Zeitstempel: 0x53180888
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002853
ID des fehlerhaften Prozesses: 0x186c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/06/2014 05:55:54 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17041, Zeitstempel: 0x53180888
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002853
ID des fehlerhaften Prozesses: 0x1384
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/06/2014 05:54:34 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17041, Zeitstempel: 0x53180888
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002853
ID des fehlerhaften Prozesses: 0x11bc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/06/2014 05:40:42 PM) (Source: Service1) (User: ) (EventID: 0)
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/06/2014 05:12:14 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4
Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5180f322
Ausnahmecode: 0xc0000005
Fehleroffset: 0x5393cc49
ID des fehlerhaften Prozesses: 0x1af4
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3


System errors:
=============
Error: (05/06/2014 09:45:11 PM) (Source: WMPNetworkSvc) (User: ) (EventID: 14319)
Description: WMPNetworkSvc

Error: (05/06/2014 09:44:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Online Shield Starter Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%5

Error: (05/06/2014 09:42:28 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/06/2014 09:36:41 PM) (Source: WMPNetworkSvc) (User: ) (EventID: 14319)
Description: WMPNetworkSvc

Error: (05/06/2014 08:10:04 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/06/2014 05:41:23 PM) (Source: WMPNetworkSvc) (User: ) (EventID: 14319)
Description: WMPNetworkSvc

Error: (05/06/2014 05:41:11 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Online Shield Starter Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%5

Error: (05/06/2014 05:39:25 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/06/2014 05:39:15 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/06/2014 04:43:47 PM) (Source: WMPNetworkSvc) (User: ) (EventID: 14319)
Description: WMPNetworkSvc


Microsoft Office Sessions:
=========================
Error: (05/06/2014 09:49:52 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1704153180888msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000285316b401cf69642b47fde9C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dll964d13fb-d557-11e3-9a82-38607789d681

Error: (05/06/2014 09:44:38 PM) (Source: Service1) (User: ) (EventID: 0)
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/06/2014 09:36:15 PM) (Source: Service1) (User: ) (EventID: 0)
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/06/2014 06:01:52 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1704153180888msvcrt.dll7.0.7601.177444eeb033fc00000050000000000002853173001cf694458d51295C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dllbc6d9163-d537-11e3-a206-38607789d681

Error: (05/06/2014 06:00:41 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1704153180888msvcrt.dll7.0.7601.177444eeb033fc00000050000000000002853ce401cf69441f18de8aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dll927b09e6-d537-11e3-a206-38607789d681

Error: (05/06/2014 05:58:59 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1704153180888msvcrt.dll7.0.7601.177444eeb033fc00000050000000000002853186c01cf6943add02fe6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dll5537c4c2-d537-11e3-a206-38607789d681

Error: (05/06/2014 05:55:54 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1704153180888msvcrt.dll7.0.7601.177444eeb033fc00000050000000000002853138401cf69437e0cecddC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dlle761db9c-d536-11e3-a206-38607789d681

Error: (05/06/2014 05:54:34 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1704153180888msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000285311bc01cf69430d5d7338C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dllb796d046-d536-11e3-a206-38607789d681

Error: (05/06/2014 05:40:42 PM) (Source: Service1) (User: ) (EventID: 0)
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/06/2014 05:12:14 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: MsiExec.exe5.0.7601.175144ce792c4QuickTime.qts_unloaded0.0.0.05180f322c00000055393cc491af401cf693d8f58bf56C:\Windows\syswow64\MsiExec.exeQuickTime.qtscda91655-d530-11e3-913c-38607789d681


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 8178.82 MB
Available physical RAM: 3500.94 MB
Total Pagefile: 16355.82 MB
Available Pagefile: 10718.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:585.94 GB) (Free:125.48 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1264.33 GB) (Free:855.02 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:12.65 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (EXTERN) (Fixed) (Total:931.51 GB) (Free:490.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0D08D81B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=586 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-841464414208) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 7AABCF89)

Partition: GPT Partition Type.

==================== End Of Log ============================

Da sind manche Links verzeichnet, die ich niemals aufgerufen habe. Gut zu wissen...

Jetzt noch ein Screenshot vom Taskmanager:

schrauber · 08.05.2014, 16:26

hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

lillimucki · 08.05.2014, 19:13

Code:

ATTFilter

ComboFix 14-05-07.03 - Heiner 08.05.2014  19:46:56.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8179.5423 [GMT 2:00]
ausgeführt von:: c:\users\Heiner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 SmartFax\Settings.xml
c:\programdata\1360059849.bdinstall.bin
c:\programdata\1361789707.bdinstall.bin
c:\programdata\1375123999.bdinstall.bin
c:\programdata\1375125864.bdinstall.bin
c:\programdata\1375127725.bdinstall.bin
c:\programdata\1375163116.bdinstall.bin
c:\programdata\1375164939.bdinstall.bin
c:\programdata\1375166760.bdinstall.bin
c:\programdata\1375168582.bdinstall.bin
c:\programdata\1375170453.bdinstall.bin
c:\programdata\1375172319.bdinstall.bin
c:\programdata\1375174181.bdinstall.bin
c:\programdata\1375176048.bdinstall.bin
c:\programdata\1375211915.bdinstall.bin
c:\programdata\1375213805.bdinstall.bin
c:\programdata\1375215677.bdinstall.bin
c:\programdata\1375292848.bdinstall.bin
c:\programdata\1375294670.bdinstall.bin
c:\programdata\1375296573.bdinstall.bin
c:\programdata\1375298477.bdinstall.bin
c:\programdata\1375300381.bdinstall.bin
c:\programdata\1375302251.bdinstall.bin
c:\programdata\1375337207.bdinstall.bin
c:\programdata\1375339048.bdinstall.bin
c:\programdata\1375384680.bdinstall.bin
c:\programdata\1385017842.bdinstall.bin
c:\programdata\1385019667.bdinstall.bin
c:\programdata\1385021488.bdinstall.bin
c:\programdata\1385023308.bdinstall.bin
c:\programdata\1385025129.bdinstall.bin
c:\programdata\1385026950.bdinstall.bin
c:\programdata\1385028863.bdinstall.bin
c:\programdata\1385030684.bdinstall.bin
c:\programdata\1385032505.bdinstall.bin
c:\programdata\1385106047.bdinstall.bin
c:\programdata\1385154955.bdinstall.bin
c:\programdata\1385156777.bdinstall.bin
c:\programdata\1385241206.bdinstall.bin
c:\programdata\1385243032.bdinstall.bin
c:\programdata\1385244853.bdinstall.bin
c:\programdata\1385246673.bdinstall.bin
c:\programdata\1385248495.bdinstall.bin
c:\programdata\1385250320.bdinstall.bin
c:\programdata\1385252146.bdinstall.bin
c:\programdata\1385254012.bdinstall.bin
c:\programdata\1385287188.bdinstall.bin
c:\programdata\1385289011.bdinstall.bin
c:\programdata\1385290832.bdinstall.bin
c:\programdata\1385292652.bdinstall.bin
c:\programdata\1385294472.bdinstall.bin
c:\programdata\1385296292.bdinstall.bin
c:\programdata\1385298112.bdinstall.bin
c:\programdata\1385299930.bdinstall.bin
c:\programdata\1385301753.bdinstall.bin
c:\programdata\1385303592.bdinstall.bin
c:\programdata\1385353308.bdinstall.bin
c:\programdata\1385355128.bdinstall.bin
c:\programdata\1385356948.bdinstall.bin
c:\programdata\1385358768.bdinstall.bin
c:\programdata\1385360588.bdinstall.bin
c:\programdata\1385362409.bdinstall.bin
c:\programdata\1385364229.bdinstall.bin
c:\programdata\1385366050.bdinstall.bin
c:\programdata\1385367870.bdinstall.bin
c:\programdata\1385369690.bdinstall.bin
c:\programdata\1385371510.bdinstall.bin
c:\programdata\1385373330.bdinstall.bin
c:\programdata\1385375150.bdinstall.bin
c:\programdata\1385376971.bdinstall.bin
c:\programdata\1385378793.bdinstall.bin
c:\programdata\1385380613.bdinstall.bin
c:\programdata\1385382433.bdinstall.bin
c:\programdata\1385384379.bdinstall.bin
c:\programdata\1385386229.bdinstall.bin
c:\programdata\1385388050.bdinstall.bin
c:\programdata\1385389876.bdinstall.bin
c:\programdata\1385391696.bdinstall.bin
c:\users\Heiner\AppData\Roaming\1&1
c:\users\Heiner\AppData\Roaming\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\users\Heiner\AppData\Roaming\1&1\1&1 SmartFax\Settings.xml
c:\users\Heiner\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\users\Heiner\GoToAssistDownloadHelper.exe
c:\windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-08 bis 2014-05-08  ))))))))))))))))))))))))))))))
.
.
2014-05-08 17:59 . 2014-05-08 17:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-08 10:49 . 2014-05-08 10:49	--------	d-----w-	c:\programdata\Logitech
2014-05-08 10:49 . 2014-05-08 10:49	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Leadertech
2014-05-08 10:49 . 2014-05-08 10:49	53248	----a-r-	c:\users\Heiner\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-05-08 10:49 . 2014-05-08 10:49	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2014-05-08 10:48 . 2014-05-08 10:48	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-05-08 10:47 . 2014-05-08 10:49	--------	d-----w-	c:\programdata\Logishrd
2014-05-08 10:47 . 2014-05-08 10:47	--------	d-----w-	c:\program files\Logitech
2014-05-08 10:47 . 2014-05-08 10:48	--------	d-----w-	c:\program files\Common Files\LogiShrd
2014-05-08 10:46 . 2014-05-08 10:49	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Logitech
2014-05-08 10:46 . 2014-05-08 10:47	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Logishrd
2014-05-07 07:51 . 2014-05-07 07:54	--------	d-----w-	C:\FRST
2014-05-07 06:36 . 2014-05-07 06:36	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Solvusoft
2014-05-06 23:02 . 2014-05-06 23:01	313256	----a-w-	c:\windows\system32\javaws.exe
2014-05-06 23:02 . 2014-05-06 23:01	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-06 23:02 . 2014-05-06 23:01	189352	----a-w-	c:\windows\system32\javaw.exe
2014-05-06 23:02 . 2014-05-06 23:01	189352	----a-w-	c:\windows\system32\java.exe
2014-05-06 21:51 . 2014-04-17 03:31	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2613D108-F098-4BDA-A0E3-D21386E14F4C}\mpengine.dll
2014-05-06 14:48 . 2014-05-06 14:48	--------	d-----w-	c:\users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 14:48 . 2014-05-06 14:47	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-05-06 14:48 . 2014-05-06 14:47	85328	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-05-06 14:48 . 2014-05-06 14:47	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-05-06 14:48 . 2014-05-06 14:47	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-05-06 14:48 . 2014-05-06 14:47	423240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-05-06 14:48 . 2014-05-06 14:47	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-05-06 14:48 . 2014-05-06 14:47	208416	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-05-06 14:48 . 2014-05-06 14:47	1039096	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-05-06 14:48 . 2014-05-06 14:47	28184	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2014-05-06 14:47 . 2014-05-06 14:47	334648	----a-w-	c:\windows\system32\aswBoot.exe
2014-05-06 14:47 . 2014-05-06 14:47	43152	----a-w-	c:\windows\avastSS.scr
2014-05-06 14:47 . 2014-05-06 14:47	447888	----a-w-	c:\windows\system32\drivers\aswNdisFlt.sys
2014-05-06 14:47 . 2014-05-06 14:47	--------	d-----w-	c:\program files\AVAST Software
2014-05-06 14:44 . 2014-05-06 14:44	--------	d-----w-	c:\programdata\AVAST Software
2014-05-06 14:43 . 2014-05-06 14:43	--------	d-----w-	c:\windows\SysWow64\wbem\Logs
2014-05-05 14:21 . 2014-05-06 14:42	--------	d-----w-	c:\program files (x86)\G Data
2014-05-05 14:20 . 2014-05-06 14:41	--------	d-----w-	c:\programdata\G Data
2014-05-05 14:14 . 2014-05-05 14:14	--------	d-----w-	c:\program files\CCleaner
2014-05-03 18:37 . 2014-05-03 18:37	--------	d-----w-	c:\users\Heiner\AppData\Local\Trend Micro
2014-05-03 18:34 . 2014-05-03 18:40	--------	d-----w-	c:\programdata\Trend Micro Installer
2014-05-03 18:30 . 2014-05-03 18:30	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-03 18:30 . 2014-04-14 02:24	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-05-03 18:30 . 2014-04-14 02:19	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-03 18:23 . 2014-05-03 18:23	--------	d-----w-	c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-03 07:00 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-03 07:00 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-03 07:00 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-01 17:34 . 2014-05-07 06:29	--------	d-----w-	C:\AdwCleaner
2014-04-30 13:57 . 2014-05-08 16:17	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-29 09:31 . 2014-04-29 09:31	--------	d-----w-	c:\program files (x86)\StartupStar
2014-04-29 07:48 . 2014-04-29 07:48	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 07:48 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-29 07:48 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-29 07:42 . 2013-10-21 13:36	583048	----a-w-	c:\windows\AmPUn0.exe
2014-04-29 07:42 . 2014-04-29 07:42	--------	d-----w-	c:\program files\AmP
2014-04-26 12:36 . 2014-04-26 12:36	--------	d-----w-	c:\users\Heiner\AppData\Roaming\InetStat
2014-04-26 12:35 . 2014-04-26 12:49	--------	d-----w-	c:\users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-24 19:54 . 2014-04-24 19:54	--------	d-sh--w-	c:\users\Heiner\AppData\Local\EmieUserList
2014-04-24 19:54 . 2014-04-24 19:54	--------	d-sh--w-	c:\users\Heiner\AppData\Local\EmieSiteList
2014-04-22 17:36 . 2014-04-22 17:37	--------	d-----w-	c:\program files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 10:24 . 2014-04-22 10:24	--------	d-----w-	c:\program files\Microsoft Mouse and Keyboard Center
2014-04-12 08:46 . 2014-04-12 08:46	--------	d-----w-	c:\users\Heiner\AppData\Roaming\DataDesign
2014-04-12 08:31 . 2014-04-12 08:45	--------	d-----w-	c:\users\Heiner\AppData\Roaming\Lexware
2014-04-12 08:30 . 2014-04-12 08:30	--------	d-----w-	c:\program files (x86)\Common Files\DataDesign
2014-04-12 08:29 . 2014-04-12 08:30	--------	d-----w-	c:\program files (x86)\Lexware
2014-04-12 08:29 . 2014-04-12 08:31	--------	d-----w-	c:\programdata\Lexware
2014-04-12 08:28 . 2014-04-12 08:30	--------	d-----w-	c:\program files (x86)\Common Files\Lexware
2014-04-12 08:28 . 2014-04-12 08:31	--------	d-----w-	c:\users\Heiner\AppData\Local\Lexware
2014-04-10 09:49 . 2014-04-10 09:49	--------	d-----w-	c:\windows\CryptoGuard
2014-04-09 11:19 . 2014-01-23 03:21	206080	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2014-04-09 11:19 . 2014-01-23 03:21	108800	----a-w-	c:\windows\system32\drivers\ssudbus.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-30 21:29 . 2012-03-30 12:25	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-30 21:29 . 2012-01-03 04:26	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 07:00 . 2014-02-21 22:01	17931952	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-04-10 09:41 . 2013-10-19 16:42	93144	----a-w-	c:\windows\system32\drivers\hmpalert.sys
2014-04-10 09:41 . 2013-10-19 16:42	548424	----a-w-	c:\windows\system32\hmpalert.dll
2014-04-10 09:41 . 2013-10-19 16:42	477008	----a-w-	c:\windows\SysWow64\hmpalert.dll
2014-04-09 07:01 . 2012-03-11 08:55	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-04-08 14:15 . 2014-03-25 08:40	10	----a-w-	c:\users\Heiner\AppData\Roaming\pdfdrawcodec.dll
2014-04-03 07:50 . 2012-09-25 08:58	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-19 13:23 . 2014-03-19 13:23	862664	----a-w-	c:\windows\SysWow64\msvcr110.dll
2014-03-19 13:23 . 2014-03-19 13:23	828872	----a-w-	c:\windows\system32\msvcr110.dll
2014-03-19 13:23 . 2014-03-19 13:23	661448	----a-w-	c:\windows\system32\msvcp110.dll
2014-03-19 13:23 . 2014-03-19 13:23	534480	----a-w-	c:\windows\SysWow64\msvcp110.dll
2014-03-19 13:23 . 2014-03-19 13:23	50896	----a-w-	c:\windows\system32\drivers\point64.sys
2014-03-19 13:23 . 2014-03-19 13:23	354264	----a-w-	c:\windows\system32\vccorlib110.dll
2014-03-19 13:23 . 2014-03-19 13:23	251864	----a-w-	c:\windows\SysWow64\vccorlib110.dll
2014-03-19 13:23 . 2014-03-19 13:23	2276560	----a-w-	c:\windows\system32\coin95ip.dll
2014-03-19 13:23 . 2014-03-19 13:23	1795952	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
2014-03-04 09:17 . 2014-04-09 05:53	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-02-28 08:51 . 2014-02-28 08:51	825696	----a-w-	c:\windows\SysWow64\Ddbaccpl.cpl
2014-02-28 08:51 . 2014-02-28 08:51	227680	----a-w-	c:\windows\SysWow64\ddBACCTM.cpl
2014-02-26 15:37 . 2012-03-20 13:13	9728	----a-w-	c:\windows\SysWow64\WindowsClosingService.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Klebezettel NG"="c:\program files (x86)\Klebezettel NG\klebez.exe" [2014-02-20 4418048]
"Alle meine Passworte"="c:\progra~2\AMP\AMP.EXE" [2011-05-25 3792776]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
"pdiface"="c:\program files\Bitdefender\60-Second Virus Scanner\pdiface.exe" [2013-10-30 283608]
"KiesPDLR.exe"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-02-14 845120]
"SOS_Agent"="c:\program files (x86)\Steganos Online Shield\OnlineShieldClient.exe" [2014-04-09 4709720]
"InetStat"="c:\users\Heiner\AppData\Roaming\InetStat\inetstat.exe" [2014-04-26 1260648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-01 336384]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Z-defragRAM"="d:\z-defrag ram\zdefrag27\z-defrag\Z-defrag.EXE" [2011-03-17 233536]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-06 3873704]
.
c:\users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Geburtstagsmahner.lnk - d:\zehbesoft\Geburtstagsmahner\GebAlert.exe [2012-3-11 493056]
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Meine Dienste.lnk - c:\program files\Telekom\Meine Dienste\StartMeineDienste.exe Autostart [2012-8-30 269944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService;c:\windows\SYSNATIVE\WindowsClosingService [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys;c:\windows\SYSNATIVE\DRIVERS\jddrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 CryptBox;CryptBox;c:\windows\SysWOW64\drivers\CryptBox.sys;c:\windows\SysWOW64\drivers\CryptBox.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Online Shield Starter Service;Online Shield Starter Service;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:29]
.
2014-05-07 c:\windows\Tasks\DriverDoc_UPDATES.job
- c:\program files (x86)\DriverDoc\Solvusoftdd.exe [2013-07-26 17:06]
.
2014-05-02 c:\windows\Tasks\HPCeeScheduleForHEINER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-05-05 c:\windows\Tasks\HPCeeScheduleForHeiner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-05-08 c:\windows\Tasks\StartupStar Firewall.job
- c:\program files (x86)\StartupStar\StartupStar.exe [2014-04-29 11:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-06 14:47	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 13:55	187672	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:02	308736	----a-w-	c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\quicken8\inet\common\blank.htm
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/|hxxp://www.onlinetvrecorder.com/v2/?go=list&tab=search&station=&date=sinceregister&year=2014&fd=1&fm=1&td=31&tm=12&actor=&director=&minutes=&title=&times=0&intext=0&cbde=0&cbsing=0&cben=0&cbxy=0&cbfav=0&rating=0&weekday=&searchmethod=match&indatefrom=0&indateto=0&intimefrom=&intimeto=&genre=0&format=&source=my&filestate=&wdh=&fsk=&start=0&view=table&order=beginn&saveorder=beginn|hxxp://www.wetter.com/wetter_aktuell/wettervorhersage/heute/deutschland/obernzenn/DE0007791.html|hxxp://wetter.msn.com/local.aspx?wealocations=wc:8256724&q=Bad+Windsheim%2c+BY|hxxp://www.unwetterzentrale.de/uwz/getwarning_de.php?xpos=187&ypos=193&bland=bayern&lang=de|hxxp://www.unwetterzentrale.de/uwz/bayernindex.html
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk - c:\windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-ZehbeSoft Geburtstagsmahner - c:\windows\system32\GKSUI20.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\AmP\AmP.exe
c:\program files (x86)\Canon\Quick Menu\CNQMSWCS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-08  20:09:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-08 18:09
.
Vor Suchlauf: 41 Verzeichnis(se), 131.328.126.976 Bytes frei
Nach Suchlauf: 49 Verzeichnis(se), 130.509.320.192 Bytes frei
.
- - End Of File - - 39C6405A4EA78513A9C1DBA9090DBADD
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 09.05.2014, 16:00

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

lillimucki · 09.05.2014, 17:44

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.05.2014
Suchlauf-Zeit: 17:29:59
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.09.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Heiner

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 293660
Verstrichene Zeit: 15 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.207 - Bericht erstellt am 09/05/2014 um 17:36:26
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Heiner - HEINER-HP
# Gestartet von : C:\Users\Heiner\Desktop\Programme\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Heiner\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Heiner\AppData\Roaming\Solvusoft

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Solvusoft
Schlüssel Gelöscht : HKLM\Software\Solvusoft

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

[ Datei : C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\1kgkyran.default-1348578825969\prefs.js ]


[ Datei : C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\prefs.js ]


[ Datei : C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\nd9usbuj.default-1380281105346\prefs.js ]


*************************

AdwCleaner[R0].txt - [27866 octets] - [01/05/2014 19:34:29]
AdwCleaner[R1].txt - [27927 octets] - [01/05/2014 20:30:38]
AdwCleaner[R2].txt - [1225 octets] - [03/05/2014 09:33:24]
AdwCleaner[R3].txt - [1349 octets] - [03/05/2014 20:19:42]
AdwCleaner[R4].txt - [1864 octets] - [05/05/2014 11:58:51]
AdwCleaner[R5].txt - [1534 octets] - [06/05/2014 14:47:44]
AdwCleaner[R6].txt - [1594 octets] - [07/05/2014 08:28:29]
AdwCleaner[R7].txt - [1922 octets] - [09/05/2014 17:33:48]
AdwCleaner[S0].txt - [27166 octets] - [01/05/2014 21:08:12]
AdwCleaner[S1].txt - [1286 octets] - [03/05/2014 09:34:40]
AdwCleaner[S2].txt - [1879 octets] - [05/05/2014 12:02:01]
AdwCleaner[S3].txt - [1791 octets] - [09/05/2014 17:36:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1851 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Heiner on 09.05.2014 at 18:03:35,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Heiner\AppData\Roaming\mozilla\firefox\profiles\ekhthtf0.default-1380005200022\minidumps [117 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2014 at 18:33:30,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by Heiner (administrator) on HEINER-HP on 09-05-2014 18:41:01
Running from C:\Download\Sicherheit
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hollie-Soft) C:\Program Files (x86)\Klebezettel NG\klebez.exe
(Mirko Böer) C:\Program Files (x86)\AmP\AmP.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
() C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(IMU-BerliNet) D:\Z-defrag RAM\zdefrag27\z-defrag\Z-defrag.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logicool, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Z-defragRAM] => D:\Z-defrag RAM\zdefrag27\z-defrag\Z-defrag.EXE [233536 2011-03-17] (IMU-BerliNet)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-06] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [Klebezettel NG] => C:\Program Files (x86)\Klebezettel NG\klebez.exe [4418048 2014-02-20] (Hollie-Soft)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [Alle meine Passworte] => C:\Program Files (x86)\AmP\AmP.exe [3792776 2011-05-25] (Mirko Böer)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [InetStat] => C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe [1260648 2014-04-26] ()
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [HideSCABattery] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Geburtstagsmahner.lnk
ShortcutTarget: Geburtstagsmahner.lnk -> D:\ZEHBESOFT\Geburtstagsmahner\GebAlert.exe (ZehbeSoft)
Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x521226656469CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\QUICKEN8\inet\common\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
URLSearchHook: HKLM-x32 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
URLSearchHook: HKLM-x32 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {274f31ad-f6cd-4945-bc41-ff5408939c05} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz Premium - {d9b15ccf-bdb7-4d41-82ee-7cdc09afc400} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022
FF Homepage: https://www.google.de/|hxxp://www.onlinetvrecorder.com/v2/?go=list&tab=search&station=&date=sinceregister&year=2014&fd=1&fm=1&td=31&tm=12&actor=&director=&minutes=&title=&times=0&intext=0&cbde=0&cbsing=0&cben=0&cbxy=0&cbfav=0&rating=0&weekday=&searchmethod=match&indatefrom=0&indateto=0&intimefrom=&intimeto=&genre=0&format=&source=my&filestate=&wdh=&fsk=&start=0&view=table&order=beginn&saveorder=beginn|hxxp://www.wetter.com/wetter_aktuell/wettervorhersage/heute/deutschland/obernzenn/DE0007791.html|hxxp://wetter.msn.com/local.aspx?wealocations=wc:8256724&q=Bad+Windsheim%2c+BY|hxxp://www.unwetterzentrale.de/uwz/getwarning_de.php?xpos=187&ypos=193&bland=bayern&lang=de|hxxp://www.unwetterzentrale.de/uwz/bayernindex.html
FF NetworkProxy: "socks_version", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Heiner\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary (de-DE), classical spelling standards - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\alterechtschreibung@googlemail.com [2013-10-30]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\de_DE@dicts.j3e.de [2014-03-22]
FF Extension: HashColouredTabs+ - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\hashcolouredtabs@bristol.ac.uk [2013-09-27]
FF Extension: LastPass - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\support@lastpass.com [2014-03-21]
FF Extension: New Tab Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\weidunewtab@gmail.com [2014-04-29]
FF Extension: Forecastfox - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-09-27]
FF Extension: ColorfulTabs - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-02]
FF Extension: DownloadHelper - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: New Tab King - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-05-06]
FF Extension: Add to Amazon Wish List Button - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\amznUWL2@amazon.com.xpi [2014-02-13]
FF Extension: Classic Theme Restorer - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-29]
FF Extension: IdentFavIcon - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\identfavicon@david.hanak.hu.xpi [2013-09-27]
FF Extension: Personas Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\personas@christopher.beard.xpi [2013-09-27]
FF Extension: S3.Google Translator - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\s3google@translator.xpi [2013-11-14]
FF Extension: FastestFox - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\smarterwiki@wikiatic.com.xpi [2014-02-13]
FF Extension: FlashGot - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-09-27]
FF Extension: Adblock Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF Extension: Tab Mix Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-27]
FF Extension: Torbutton - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2013-12-16]
FF Extension: Menu Editor - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-09-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-04-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-29]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-06] (AVAST Software)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-10-14] (DATA BECKER GmbH & Co KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [318328 2014-04-09] (Steganos Software GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-05-15] ()
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-06] ()
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [318152 2010-05-15] (EldoS Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-04-27] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2012-12-06] (Abelssoft GmbH)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2012-05-23] (Devguru Co., Ltd)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-10] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2010-10-08] (Paragon Software Group)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2011-05-31] (Abelssoft GmbH)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [41488 2008-02-29] (Logicool, Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-10-08] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-10-08] (Paragon)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-09 18:33 - 2014-05-09 18:34 - 00000949 _____ () C:\Users\Heiner\Desktop\JRT.txt
2014-05-09 17:45 - 2014-05-09 17:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 17:42 - 2014-05-09 17:43 - 01016261 _____ (Thisisu) C:\Users\Heiner\Desktop\JRT.exe
2014-05-09 17:40 - 2014-05-09 17:40 - 00001931 _____ () C:\Users\Heiner\Desktop\AdwCleaner[S3].txt
2014-05-09 17:31 - 2014-05-09 17:31 - 00001142 _____ () C:\Users\Heiner\Desktop\mbam.txt
2014-05-09 16:08 - 2014-05-09 16:08 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\Program Files\Netzmanager
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-05-09 13:52 - 2014-05-09 14:05 - 00000000 ____D () C:\Users\Heiner\Documents\AvastPEToolkit
2014-05-08 23:00 - 2014-05-08 23:00 - 00000000 ___SD () C:\ComboFix
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\Program Files (x86)\Steganos Online Shield
2014-05-08 21:34 - 2014-05-08 20:01 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140508-213428.backup
2014-05-08 21:05 - 2014-05-08 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-08 20:09 - 2014-05-08 20:09 - 00039153 _____ () C:\ComboFix.txt
2014-05-08 18:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-08 18:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-08 18:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-08 18:50 - 2014-05-08 23:00 - 00000000 ____D () C:\Qoobox
2014-05-08 18:50 - 2014-05-08 20:06 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Leadertech
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logitech
2014-05-08 12:48 - 2014-05-09 18:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-05-08 12:48 - 2014-05-09 18:02 - 00000475 _____ () C:\Windows\LkmdfCoInst.log
2014-05-08 12:48 - 2014-05-08 12:48 - 00015343 _____ () C:\Windows\LDPINST.LOG
2014-05-08 12:48 - 2014-05-08 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-05-08 12:47 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logishrd
2014-05-08 12:47 - 2014-05-08 12:48 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-05-08 12:47 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Logitech
2014-05-08 12:46 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logitech
2014-05-08 12:46 - 2014-05-08 12:47 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logishrd
2014-05-07 19:58 - 2014-05-07 19:58 - 17630356 _____ () C:\Users\Heiner\Desktop\Junger Klaviervirtuose.mp4
2014-05-07 09:51 - 2014-05-09 18:41 - 00000000 ____D () C:\FRST
2014-05-07 09:10 - 2014-05-07 09:10 - 05200039 ____R (Swearware) C:\Users\Heiner\Desktop\ComboFix.exe
2014-05-07 01:02 - 2014-05-07 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 01:02 - 2014-05-07 01:01 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-06 16:55 - 2014-05-06 16:55 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (2)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (4)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (3)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST!
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST
2014-05-06 16:48 - 2014-05-08 20:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-06 16:48 - 2014-05-06 16:48 - 00002020 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-06 16:48 - 2014-05-06 16:47 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-06 16:47 - 2014-05-06 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 16:47 - 2014-05-06 16:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-06 16:44 - 2014-05-06 16:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:42 - 2014-05-09 18:02 - 00002050 _____ () C:\Windows\setupact.log
2014-05-05 16:41 - 2014-05-05 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:40 - 2014-05-09 17:37 - 00095264 _____ () C:\Windows\PFRO.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000779 _____ () C:\Users\Heiner\AppData\Roaming\gdscan.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000000 _____ () C:\Users\Heiner\AppData\Roaming\gdfw.log
2014-05-05 16:21 - 2014-05-06 16:42 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-05 16:21 - 2014-05-05 16:21 - 00001962 _____ () C:\Windows\DPINST.LOG
2014-05-05 16:20 - 2014-05-06 16:41 - 00000000 ____D () C:\ProgramData\G Data
2014-05-05 16:18 - 2014-05-05 16:19 - 00033464 _____ () C:\Users\Heiner\Documents\cc_20140505_161846.reg
2014-05-05 16:14 - 2014-05-05 16:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-03 20:37 - 2014-05-03 20:37 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Trend Micro
2014-05-03 20:30 - 2014-05-03 20:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:30 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-03 20:30 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 20:23 - 2014-05-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-03 09:00 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 09:00 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 09:00 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 09:00 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 19:34 - 2014-05-09 17:36 - 00000000 ____D () C:\AdwCleaner
2014-04-30 15:57 - 2014-05-09 18:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 15:52 - 2014-04-30 15:52 - 00000000 ____D () C:\Users\Heiner\Documents\OneNote-Notizbücher
2014-04-30 13:08 - 2014-05-02 17:34 - 00000000 ___RD () C:\Users\Heiner\Desktop\Grafiken
2014-04-30 09:32 - 2014-04-30 09:33 - 00000450 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-30 08:27 - 2014-04-09 07:41 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140430-082747.backup
2014-04-29 16:12 - 2014-04-30 13:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 11:31 - 2014-05-09 18:03 - 00000266 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2014-04-29 11:31 - 2014-04-29 11:31 - 00002536 _____ () C:\Windows\System32\Tasks\StartupStar Firewall
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupStar
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\Program Files (x86)\StartupStar
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 09:48 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 09:42 - 2014-04-29 09:42 - 00001477 ____R () C:\Windows\AllemeinePassworte0_Uninstall.in
2014-04-29 09:42 - 2014-04-29 09:42 - 00000000 ____D () C:\Program Files\AmP
2014-04-29 09:42 - 2013-10-21 15:36 - 00583048 _____ (Mirko Böer) C:\Windows\AmPUn0.exe
2014-04-26 15:00 - 2014-04-26 15:00 - 00001132 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-26 14:36 - 2014-05-01 21:08 - 00001051 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-26 14:36 - 2014-04-26 14:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\InetStat
2014-04-26 14:35 - 2014-04-26 14:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieUserList
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieSiteList
2014-04-23 07:31 - 2014-04-09 07:41 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-073145.backup
2014-04-22 19:38 - 2014-04-22 19:39 - 00000041 _____ () C:\Users\Public\IK_PosLen.dat
2014-04-22 19:36 - 2014-04-22 19:37 - 00000000 ____D () C:\Program Files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 19:36 - 2014-04-22 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-IBAN-Konverter
2014-04-22 12:24 - 2014-04-22 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-04-21 01:26 - 2014-05-01 11:12 - 00001044 _____ () C:\Users\Heiner\Documents\DownloadScout.lst
2014-04-18 20:05 - 2014-04-18 20:30 - 00000000 ____D () C:\Users\Heiner\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2014-04-18 20:05 - 00001364 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk
2014-04-18 20:02 - 2014-04-18 20:05 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013
2014-04-17 17:56 - 2014-04-17 17:56 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM
2014-04-15 08:04 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 08:04 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-15 08:04 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 08:04 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-15 08:04 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 08:04 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 08:04 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-15 08:04 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-15 08:04 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 08:04 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-15 08:04 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-15 08:04 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 08:04 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 08:04 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-15 08:04 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-15 08:04 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-15 08:04 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-15 08:04 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-15 08:04 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 08:04 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-15 08:04 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-15 08:04 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-15 08:04 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-15 08:04 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-15 08:04 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-15 08:04 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 08:04 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-15 08:04 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-15 08:04 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-15 08:04 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 08:04 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-15 08:04 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 08:04 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-15 08:04 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-15 08:04 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 08:04 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-15 08:04 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-15 08:04 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-15 08:04 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 08:04 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 08:04 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-15 08:04 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-15 08:04 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-15 08:04 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 10:46 - 2014-04-12 10:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DataDesign
2014-04-12 10:45 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\Documents\Lexware
2014-04-12 10:31 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Lexware
2014-04-12 10:30 - 2014-04-17 19:32 - 00002978 _____ () C:\Users\Public\Desktop\Quicken DELUXE 2014.lnk
2014-04-12 10:30 - 2014-04-12 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2014-04-12 10:29 - 2014-04-12 10:31 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-12 10:29 - 2014-04-12 10:30 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-12 10:28 - 2014-04-12 10:31 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Lexware
2014-04-12 10:25 - 2014-04-12 10:25 - 00069662 _____ () C:\Users\Heiner\Downloads\PageDefrag232.zip
2014-04-10 11:49 - 2014-04-10 11:49 - 00000000 ____D () C:\Windows\CryptoGuard
2014-04-09 21:10 - 2014-04-09 21:10 - 00001364 _____ () C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2014-04-09 14:16 - 2014-04-09 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-04-09 13:19 - 2014-01-23 05:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-04-09 13:19 - 2014-01-23 05:21 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-04-09 07:53 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:53 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:53 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:53 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:53 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:53 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:53 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:53 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:53 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:53 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:53 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:53 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:53 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:53 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:53 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:53 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:53 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-09 18:41 - 2014-05-07 09:51 - 00000000 ____D () C:\FRST
2014-05-09 18:36 - 2012-03-08 17:31 - 00000000 ____D () C:\DVD-ColdCut
2014-05-09 18:34 - 2014-05-09 18:33 - 00000949 _____ () C:\Users\Heiner\Desktop\JRT.txt
2014-05-09 18:09 - 2014-04-30 15:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 18:03 - 2014-04-29 11:31 - 00000266 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2014-05-09 18:02 - 2014-05-08 12:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-05-09 18:02 - 2014-05-08 12:48 - 00000475 _____ () C:\Windows\LkmdfCoInst.log
2014-05-09 18:02 - 2014-05-06 16:42 - 00002050 _____ () C:\Windows\setupact.log
2014-05-09 18:02 - 2012-03-08 15:58 - 01993381 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 18:00 - 2012-03-30 14:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-09 17:57 - 2012-03-08 17:38 - 00000000 ____D () C:\Users\Heiner\Documents\Excel-Dateien
2014-05-09 17:46 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 17:46 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 17:45 - 2014-05-09 17:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 17:44 - 2012-07-08 14:10 - 00000000 ____D () C:\Download
2014-05-09 17:43 - 2014-05-09 17:42 - 01016261 _____ (Thisisu) C:\Users\Heiner\Desktop\JRT.exe
2014-05-09 17:40 - 2014-05-09 17:40 - 00001931 _____ () C:\Users\Heiner\Desktop\AdwCleaner[S3].txt
2014-05-09 17:39 - 2012-01-03 06:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-09 17:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 17:37 - 2014-05-05 16:40 - 00095264 _____ () C:\Windows\PFRO.log
2014-05-09 17:37 - 2012-04-24 19:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 17:36 - 2014-05-01 19:34 - 00000000 ____D () C:\AdwCleaner
2014-05-09 17:31 - 2014-05-09 17:31 - 00001142 _____ () C:\Users\Heiner\Desktop\mbam.txt
2014-05-09 16:30 - 2012-06-08 17:09 - 00000000 ___RD () C:\Users\Heiner\Desktop\*
2014-05-09 16:30 - 2012-03-08 18:57 - 00000000 ___RD () C:\Users\Heiner\Desktop\Programme
2014-05-09 16:16 - 2012-06-18 14:49 - 00000000 ____D () C:\ProgramData\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\Program Files\Netzmanager
2014-05-09 14:30 - 2012-03-08 18:11 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Thunderbird
2014-05-09 14:30 - 2012-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-05-09 14:05 - 2014-05-09 13:52 - 00000000 ____D () C:\Users\Heiner\Documents\AvastPEToolkit
2014-05-09 13:28 - 2013-07-17 10:23 - 00000004 _____ () C:\Users\Heiner\Desktop\Heilerliste.txt
2014-05-08 23:00 - 2014-05-08 23:00 - 00000000 ___SD () C:\ComboFix
2014-05-08 23:00 - 2014-05-08 18:50 - 00000000 ____D () C:\Qoobox
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\Program Files (x86)\Steganos Online Shield
2014-05-08 21:34 - 2012-03-13 18:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-08 21:24 - 2013-01-27 14:23 - 00000000 ___RD () C:\Users\Heiner\Desktop\Texte
2014-05-08 21:10 - 2012-03-13 18:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-08 21:05 - 2014-05-08 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-08 20:54 - 2012-01-03 05:59 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-05-08 20:54 - 2012-01-03 05:59 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-05-08 20:54 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 20:09 - 2014-05-08 20:09 - 00039153 _____ () C:\ComboFix.txt
2014-05-08 20:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-08 20:07 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 20:06 - 2014-05-08 18:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 20:03 - 2009-07-14 04:34 - 00000232 _____ () C:\Windows\system.ini
2014-05-08 20:02 - 2014-05-06 16:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-08 20:01 - 2014-05-08 21:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140508-213428.backup
2014-05-08 20:00 - 2009-07-14 04:34 - 94371840 _____ () C:\Windows\system32\config\software.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 23592960 _____ () C:\Windows\system32\config\system.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-05-08 19:59 - 2012-03-08 16:00 - 00000000 ____D () C:\Users\Heiner
2014-05-08 19:43 - 2013-02-05 08:55 - 00000000 ____D () C:\Program Files (x86)\FlashGet
2014-05-08 19:37 - 2012-12-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-08 19:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 19:22 - 2012-04-27 07:58 - 00000000 ____D () C:\ProgramData\firebird
2014-05-08 18:46 - 2012-10-21 13:01 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\MozillaFirefoxPackages
2014-05-08 16:29 - 2012-03-08 18:55 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\vlc
2014-05-08 16:04 - 2012-03-08 18:11 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Thunderbird
2014-05-08 14:11 - 2012-03-09 14:39 - 00000000 ____D () C:\Users\Heiner\AppData\Local\CrashDumps
2014-05-08 12:52 - 2012-03-08 16:13 - 00000000 ___RD () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Leadertech
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logitech
2014-05-08 12:49 - 2014-05-08 12:47 - 00000000 ____D () C:\ProgramData\Logishrd
2014-05-08 12:49 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logitech
2014-05-08 12:48 - 2014-05-08 12:48 - 00015343 _____ () C:\Windows\LDPINST.LOG
2014-05-08 12:48 - 2014-05-08 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-05-08 12:48 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-05-08 12:47 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Logitech
2014-05-08 12:47 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logishrd
2014-05-07 21:31 - 2012-03-16 00:10 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 3
2014-05-07 20:17 - 2013-07-26 08:36 - 00000280 _____ () C:\Windows\Tasks\DriverDoc_UPDATES.job
2014-05-07 20:16 - 2012-03-08 17:32 - 00000000 ____D () C:\DVD-Filme-Archiv
2014-05-07 19:58 - 2014-05-07 19:58 - 17630356 _____ () C:\Users\Heiner\Desktop\Junger Klaviervirtuose.mp4
2014-05-07 09:10 - 2014-05-07 09:10 - 05200039 ____R (Swearware) C:\Users\Heiner\Desktop\ComboFix.exe
2014-05-07 08:36 - 2013-07-26 08:36 - 00003026 _____ () C:\Windows\System32\Tasks\DriverDoc_UPDATES
2014-05-07 01:02 - 2014-05-07 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 01:01 - 2014-05-07 01:02 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-06 17:12 - 2013-11-21 16:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-06 17:02 - 2012-04-13 17:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-06 17:02 - 2012-03-08 16:26 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Adobe
2014-05-06 17:01 - 2012-04-13 18:00 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Adobe
2014-05-06 16:55 - 2014-05-06 16:55 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (2)
2014-05-06 16:55 - 2012-10-01 15:07 - 00000000 ____D () C:\Users\Heiner\Documents\default
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (4)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (3)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST!
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST
2014-05-06 16:48 - 2014-05-06 16:48 - 00002020 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-06 16:47 - 2014-05-06 16:48 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-06 16:47 - 2014-05-06 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 16:47 - 2014-05-06 16:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-06 16:44 - 2014-05-06 16:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:42 - 2014-05-05 16:21 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-06 16:41 - 2014-05-05 16:20 - 00000000 ____D () C:\ProgramData\G Data
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-05-06 14:58 - 2012-06-25 20:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-06 14:33 - 2012-01-03 06:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-06 08:00 - 2013-12-16 09:47 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Steganos VPN
2014-05-05 20:32 - 2012-03-08 16:13 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHeiner
2014-05-05 20:32 - 2012-03-08 16:13 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForHeiner.job
2014-05-05 16:41 - 2014-05-05 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000779 _____ () C:\Users\Heiner\AppData\Roaming\gdscan.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000000 _____ () C:\Users\Heiner\AppData\Roaming\gdfw.log
2014-05-05 16:21 - 2014-05-05 16:21 - 00001962 _____ () C:\Windows\DPINST.LOG
2014-05-05 16:19 - 2014-05-05 16:18 - 00033464 _____ () C:\Users\Heiner\Documents\cc_20140505_161846.reg
2014-05-05 16:17 - 2012-12-06 21:27 - 00000000 ____D () C:\ProgramData\VSO
2014-05-05 16:17 - 2012-06-11 11:04 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\FileZilla
2014-05-05 16:17 - 2012-03-09 11:53 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Vso
2014-05-05 16:17 - 2012-03-08 17:01 - 00000000 ___DC () C:\Users\Heiner\AppData\Local\MigWiz
2014-05-05 16:14 - 2014-05-05 16:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 16:10 - 2012-01-03 06:34 - 00000000 ____D () C:\ProgramData\Norton
2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-03 20:37 - 2014-05-03 20:37 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Trend Micro
2014-05-03 20:30 - 2014-05-03 20:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:23 - 2014-05-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-02 17:34 - 2014-04-30 13:08 - 00000000 ___RD () C:\Users\Heiner\Desktop\Grafiken
2014-05-02 17:34 - 2012-03-15 15:14 - 00000000 ____D () C:\Ablage
2014-05-02 10:17 - 2012-03-11 00:17 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ZSGebmahner
2014-05-02 08:19 - 2012-12-05 13:56 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHEINER-HP$
2014-05-02 08:19 - 2012-12-05 13:56 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForHEINER-HP$.job
2014-05-01 21:08 - 2014-04-26 14:36 - 00001051 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-01 21:08 - 2012-08-27 11:32 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\CheckPoint
2014-05-01 20:58 - 2013-09-13 13:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-01 17:23 - 2012-03-11 14:54 - 00143360 _____ () C:\Users\Heiner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-01 17:23 - 2012-03-08 20:58 - 00000000 ____D () C:\Users\Heiner\AppData\Local\ColdCut
2014-05-01 11:12 - 2014-04-21 01:26 - 00001044 _____ () C:\Users\Heiner\Documents\DownloadScout.lst
2014-05-01 11:12 - 2013-04-07 10:39 - 00000170 _____ () C:\Users\Heiner\Documents\DownloadScout.filter
2014-05-01 11:12 - 2013-04-07 10:39 - 00000016 _____ () C:\Users\Heiner\Documents\DownloadScout.pos
2014-04-30 23:29 - 2012-03-30 14:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 23:29 - 2012-03-30 14:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 23:29 - 2012-01-03 06:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 19:30 - 2014-04-05 21:26 - 00001578 _____ () C:\FoxitReaderUpdateInfo.txt
2014-04-30 19:12 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-30 15:52 - 2014-04-30 15:52 - 00000000 ____D () C:\Users\Heiner\Documents\OneNote-Notizbücher
2014-04-30 13:25 - 2014-04-29 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-30 09:33 - 2014-04-30 09:32 - 00000450 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-30 08:27 - 2009-07-14 04:34 - 00444891 ____R () C:\Windows\system32\Drivers\etc\hosts.20140507-073727.backup
2014-04-29 16:19 - 2012-03-08 18:08 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 16:01 - 2014-05-03 09:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 09:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 12:20 - 2009-07-14 06:45 - 00389880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-29 12:18 - 2009-07-14 04:34 - 94371840 _____ () C:\Windows\system32\config\software.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 21757952 _____ () C:\Windows\system32\config\system.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 05505024 _____ () C:\Windows\system32\config\default.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.rcbak
2014-04-29 11:31 - 2014-04-29 11:31 - 00002536 _____ () C:\Windows\System32\Tasks\StartupStar Firewall
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupStar
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\Program Files (x86)\StartupStar
2014-04-29 11:31 - 2012-08-24 10:13 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Abelssoft
2014-04-29 11:31 - 2012-03-15 21:22 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Abelssoft
2014-04-29 10:59 - 2012-03-20 15:13 - 00000000 ____D () C:\Program Files (x86)\JetDrive
2014-04-29 10:37 - 2012-08-24 10:28 - 00099104 _____ () C:\Users\Heiner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-29 10:35 - 2012-10-08 16:22 - 00000000 ___RD () C:\Users\Heiner\Desktop\Systemwartung
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2012-09-25 10:59 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Malwarebytes
2014-04-29 09:48 - 2012-09-25 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 09:42 - 2014-04-29 09:42 - 00001477 ____R () C:\Windows\AllemeinePassworte0_Uninstall.in
2014-04-29 09:42 - 2014-04-29 09:42 - 00000000 ____D () C:\Program Files\AmP
2014-04-29 09:42 - 2012-03-27 09:05 - 00000730 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alle meine Passworte.lnk
2014-04-29 09:40 - 2012-03-27 09:05 - 00000000 ____D () C:\Program Files (x86)\AmP
2014-04-29 09:29 - 2013-12-07 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateYeti
2014-04-29 09:29 - 2013-12-07 23:09 - 00000000 ____D () C:\Program Files (x86)\UpdateYeti
2014-04-29 09:00 - 2014-02-22 00:01 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-26 15:00 - 2014-04-26 15:00 - 00001132 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-26 14:49 - 2014-04-26 14:35 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-26 14:36 - 2014-04-26 14:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\InetStat
2014-04-25 16:47 - 2012-01-03 06:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieUserList
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieSiteList
2014-04-22 19:39 - 2014-04-22 19:38 - 00000041 _____ () C:\Users\Public\IK_PosLen.dat
2014-04-22 19:37 - 2014-04-22 19:36 - 00000000 ____D () C:\Program Files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 19:36 - 2014-04-22 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-IBAN-Konverter
2014-04-22 19:35 - 2013-06-11 15:05 - 00000000 ____D () C:\Users\Heiner\AppData\Local\VR-IK
2014-04-22 12:24 - 2014-04-22 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-04-21 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 18:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 20:46 - 2013-06-26 17:21 - 00000000 ____D () C:\ProgramData\Live Aquarium HD
2014-04-18 20:30 - 2014-04-18 20:05 - 00000000 ____D () C:\Users\Heiner\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2014-04-18 20:05 - 00001364 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk
2014-04-18 20:05 - 2014-04-18 20:02 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2012-03-09 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
2014-04-18 20:03 - 2012-03-12 00:16 - 00000000 ____D () C:\Program Files (x86)\NetObjects
2014-04-17 19:32 - 2014-04-12 10:30 - 00002978 _____ () C:\Users\Public\Desktop\Quicken DELUXE 2014.lnk
2014-04-17 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-17 17:56 - 2014-04-17 17:56 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM
2014-04-17 13:39 - 2012-07-25 19:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Auslogics
2014-04-17 09:34 - 2013-09-03 09:33 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-04-17 09:34 - 2012-03-15 21:44 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\KlebezettelNG
2014-04-17 09:34 - 2012-03-09 14:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 20:05 - 2013-09-24 09:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-15 08:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 19:28 - 2011-02-11 19:00 - 00000000 ____D () C:\Windows\Panther
2014-04-14 04:24 - 2014-05-03 20:30 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-03 20:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 10:46 - 2014-04-12 10:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DataDesign
2014-04-12 10:45 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\Documents\Lexware
2014-04-12 10:45 - 2014-04-12 10:31 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Lexware
2014-04-12 10:31 - 2014-04-12 10:29 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-12 10:31 - 2014-04-12 10:28 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Lexware
2014-04-12 10:30 - 2014-04-12 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2014-04-12 10:30 - 2014-04-12 10:29 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-12 10:25 - 2014-04-12 10:25 - 00069662 _____ () C:\Users\Heiner\Downloads\PageDefrag232.zip
2014-04-10 11:49 - 2014-04-10 11:49 - 00000000 ____D () C:\Windows\CryptoGuard
2014-04-10 11:49 - 2013-10-19 18:42 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-04-10 11:41 - 2013-10-19 18:42 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-04-10 11:41 - 2013-10-19 18:42 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-04-10 11:41 - 2013-10-19 18:42 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-04-09 21:10 - 2014-04-09 21:10 - 00001364 _____ () C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2014-04-09 21:10 - 2012-12-23 16:55 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-09 21:10 - 2012-09-28 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-04-09 21:10 - 2012-09-28 20:09 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DVDVideoSoft
2014-04-09 14:16 - 2014-04-09 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-04-09 09:07 - 2012-03-08 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 09:05 - 2013-08-14 19:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 09:01 - 2012-03-11 10:55 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 07:41 - 2014-04-30 08:27 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140430-082747.backup
2014-04-09 07:41 - 2014-04-23 07:31 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-073145.backup

Files to move or delete:
====================
C:\Users\Heiner\AppData\Roaming\CamLayout.ini
C:\Users\Heiner\AppData\Roaming\CamShapes.ini
C:\Users\Public\IK_PosLen.dat
C:\Users\Public\VR-IBAN-Konverter.dat


Some content of TEMP:
====================
C:\Users\Heiner\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-07 21:59

==================== End Of Log ============================

--- --- ---

--- --- ---

lillimucki · 09.05.2014, 18:54

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by Heiner at 2014-05-09 18:47:05
Running from C:\Download\Sicherheit
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

1&1 SmartFax (HKLM-x32\...\1&1 SmartFax) (Version: 2.00.231 - 1&1 Internet AG)
5CentSMS (HKLM-x32\...\{75839B2F-771F-4472-80B0-7A229675FF77}) (Version: 2.05.0000 - Wolfgang Wirth IT-Design)
5CentSMS (HKLM-x32\...\{90141793-E338-4EEB-B7E8-8CDED19D908D}) (Version: 2.01.0200 - Wolfgang Wirth IT-Design)
5CentSMS (HKLM-x32\...\{B231FF69-59F2-473E-A56C-68A123F3F220}) (Version: 2.08.0000 - Wirth IT-Design)
7 Wonders II (HKLM-x32\...\7 Wonders II) (Version:  - )
7-PDF Split & Merge Version 2.0.3 (Build 264) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.3 (Build 264) - 7-PDF, Germany - Thorsten Hodes)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
aborange Crypter - Deinstallation (HKLM-x32\...\aborange Crypter_is1) (Version: 2.21 - Mathias Gerlach [aborange.de])
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AKVIS Refocus (HKLM\...\{C6059B1A-E091-4B1D-8040-64DB2F932FFB}) (Version: 4.0.344.10160 - AKVIS)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}) (Version: 3.1.45.72435 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 3.1.45.72435 - Alcor Micro Corp.) Hidden
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 14 v.14.0.1 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo DE Toolbar (HKLM-x32\...\Ashampoo_DE Toolbar) (Version: 6.8.5.1 - Ashampoo DE) <==== ATTENTION
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\{4209F371-A431-385E-2D7E-ACDA5DA3BA0B}_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Internet Accelerator 3.20 (HKLM-x32\...\Ashampoo Internet Accelerator 3_is1) (Version: 3.2.0 - ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 10 v.10.2.5 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.02.05 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{96F38867-9D41-683C-DF60-034A731C37FE}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{7108738A-F48C-4FC9-80A1-4B70254270DF}) (Version: 9.1.13600.0 - RapidSolution Software AG)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.5 - Auslogics Software Pty Ltd)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Beetle Ju 2 VOLLVERSION (HKLM-x32\...\Beetle Ju 2 VOLLVERSION) (Version:  - )
Beetle Ju 3 (HKLM-x32\...\Beetle Ju 3) (Version: 0.0.0.0 - INTENIUM GmbH)
Benutzerhandbuch - Grundlagen EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Bog) (Version:  - )
Benutzerhandbuch EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Useg) (Version:  - )
Bilder-Puzzle (HKLM-x32\...\{97848E7B-79AE-4EFD-B93A-5351E5FCF027}) (Version: 1.4.0 - BEGAware)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0531.2216.38124 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0531.2216.38124 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help English (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help French (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help German (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0531.2215.38124 - ATI) Hidden
ccc-utility64 (Version: 2011.0531.2216.38124 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ColdCut (HKLM-x32\...\{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1) (Version: ColdCut - © Jan Brummelte)
COMPUTERBILD-Abzockschutz Premium (HKLM\...\{9EC116D4-C0AE-4F53-987C-249848D8B393}) (Version: 1.0.32 - J3S)
concept/design Video Jukebox (HKLM-x32\...\{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1) (Version: 1.3.0.0 - concept/design GmbH)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
CryptBox (HKLM-x32\...\CryptBox_is1) (Version: 1.2 - Abelssoft GmbH)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
CVE-2012-1889 (HKLM\...\{06b2b7ed-809a-44e6-8538-ca0f5b74ecc4}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{29447369-6968-4e86-a208-603f6f0771a6}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{393ffabe-5a1a-43b3-8e03-8f573e1e0d01}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{7d32ab1f-1858-4373-a75a-b7cd8feb5d92}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{f300e352-12de-4e7f-ace3-a376874402b6}.sdb) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATA BECKER CD-DVD Druckerei 7 (HKLM-x32\...\CD-DVD Druckerei 7_is1) (Version: 7.50.0.40 - DATA BECKER GmbH & Co. KG)
DATA BECKER CD-DVD Druckerei 7 Demo (HKLM-x32\...\CD-DVD Druckerei 7 Demo_is1) (Version: 7.50.0.40 - DATA BECKER GmbH & Co. KG)
DATA BECKER CD-DVD Druckerei 7 LE (HKLM-x32\...\CD-DVD Druckerei 7 LE_is1) (Version: 7.50.0.30 - DATA BECKER GmbH & Co. KG)
DATA BECKER CD-DVD Druckerei 8 (HKLM-x32\...\CD-DVD Druckerei 8_is1) (Version: 8.0.0.1200 - DATA BECKER GmbH & Co. KG)
DDBAC (HKLM-x32\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-

952C-9F2BF94070A4}) (Version:  - Microsoft)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery)
DesignPro 5 (x32 Version: 5.5.708 - Avery) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.2010.6.23 - INTENIUM GmbH)
DEUTSCHLAND SPIELT Spiele Post (HKLM-x32\...\DEUTSCHLAND SPIELT Spiele Post) (Version: 1.0.3.0 - INTENIUM GmbH)
Die verzauberten Inseln (HKLM-x32\...\Die verzauberten Inseln) (Version:  - )
Die Welt der Puzzle: Jigsaw Boom (HKLM-x32\...\Die Welt der Puzzle: Jigsaw Boom) (Version: 1.0.0.0 - INTENIUM GmbH)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DriverDoc (HKLM-x32\...\DriverDoc_is1) (Version: 1.52.1086.14425 - Solvusoft Corporation)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVDFab 8.1.5.6 (17/01/2012) Qt (HKLM-x32\...\DVDFab Mein Filmkopierer_is1) (Version:  - Fengtao Software Inc.)
DVDFab Passkey 8.0.6.5 (28/06/2012) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version:  - Fengtao Software Inc.)
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON 

CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Netg) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExtremeCopy (HKLM\...\{DFCE9296-5A54-468F-A0A9-98B978DFCD26}) (Version: 2.1.0000 - Easersoft)
ffdshow [rev 2946] [2009-05-15] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version:  - balesio AG)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version:  - )
Folder Colorizer version 1.0.2 (HKLM\...\{A133E9CD-2879-4F30-87D4-1604AFD5C5CC}_is1) (Version: 1.0.2 - Softorino)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.10.1213 - Foxit Corporation)
FRANZIS onlineTV 8 (HKLM-x32\...\{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1) (Version: 8.5.0.4 - FRANZIS Verlag GmbH)
Free MP4 Video Converter version 5.0.21.1212 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Sound Recorder v9.6.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright(C) 2005-2013 FreeSoundRecorder Technologies, Inc.)
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.11.812 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.11.812 - DVDVideoSoft Ltd.)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
GMX MediaCenter 1.5.1765.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.5.1765.0 - 1&1 Mail & Media GmbH)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
honestech Audio Recorder 2.0 Deluxe (HKLM-x32\...\{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}) (Version: 2.0 - honestech)
honestech Audio Recorder 2.0 Deluxe (x32 Version: 2.0 - Honest Technology) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.200.0 - ATI Technologies Inc.) Hidden
IBAN Finder (HKLM-x32\...\IBANFinder_is1) (Version: 1.00 - Abelssoft)
InetStat (HKCU\...\InetStat) (Version: 0.3 - InetStat)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 7.0 - Abelssoft)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Klebezettel NG (Version 2.9.14) (HKLM-x32\...\{4F81901F-3655-4340-8227-F687F69A3C79}}_is1) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.6.0.1277 - Telekom)
Mein Foto-Puzzle (HKLM-x32\...\{937C2799-B8DD-4519-96B2-4E2E84EF5B1E}) (Version:  - )
Meine CEWE FOTOWELT (HKLM-x32\...\Meine CEWE FOTOWELT) (Version:  - )
Meine Dienste Software (HKLM\...\Meine Dienste Software) (Version: 2.0.5.0 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) 

(Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_x64 (HKLM\...\{17106CA8-E65A-4D02-95BE-79AF8C698935}) (Version: 1.0.0 - Microsoft)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Mini Golf Pro (HKLM-x32\...\MiniGolfPro_is1) (Version: 1.0 - Media Contact LLC)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiScreen (HKLM-x32\...\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}) (Version: 1.00.0000 - Samsung Electronics Ltd.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2013 - Abelssoft)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NetObjects Fusion 1&1 Edition (HKLM-x32\...\{60EED176-F138-4806-8EF9-4D977CC6E168}) (Version: 11.0 German - )
NetObjects Fusion 12.0 (HKLM-x32\...\{7DEEA62D-0588-4CF7-BE8A-10CA691D087F}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (HKLM-x32\...\{CA6182A0-26EA-4B4E-80BA-850A7C680FCB}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden
NetObjects Fusion 2013 (HKLM-x32\...\{CF34818E-AB90-4134-A7E3-63B2EA6F3CCC}) (Version: 13.0 - NetObjects)
NetObjects Fusion 2013 (x32 Version: 13.00.0000.5529 - NetObjects) Hidden
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Paragon Backup & Recovery™ 10 Home (HKLM-x32\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
PC Fresh (HKLM-x32\...\PC Fresh_is1) (Version: 2012 - Abelssoft GmbH)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PDFBearbeiten V2.0.5 (HKLM-x32\...\PDFBearbeiten_is1) (Version:  - hxxp://www.PDFBearbeiten.net)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Quicken DELUXE 2014 (HKLM-x32\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
RAMRush 1.0.6.917 (HKLM-x32\...\RAMRush_is1) (Version:  - FTweak, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6953 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Ritter Arthur (HKLM-x32\...\Ritter Arthur) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur II (HKLM-x32\...\Ritter Arthur II) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ShiftN 3.6.1 (HKLM-x32\...\ShiftN_is1) (Version: 3.6.1 - Marcus Hebel)
Simply Good Pictures 2 (HKLM-x32\...\{DD2FEA6F-5AC2-46B2-0001-C2A0C077FD2C}) (Version: 2.0.12.1210 - Engelmann Media GmbH)
SiSoftware Sandra Lite 2013.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.29.2013.3 - SiSoftware)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SoftMaker Office 2010 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB00}) (Version: 10.0.600 - SoftMaker Software GmbH)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StartupStar (HKLM-x32\...\{C8A6121E-BE35-418D-91EF-A9536DA70B36}_is1) (Version: 6.2 - Abelssoft)
Stegano.Net (HKCU\...\d734575cd6cff35b) (Version: 2.1.1.9 - Svenomenal.Net)
Steganos Online Shield (HKLM-x32\...\{896614ED-00BD-4E0C-99AB-01C76EE416D9}) (Version: 1.3.1 - Steganos Software GmbH)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.3 - Krzysztof Kowalczyk)
SuperEasy Video Converter 2 v.2.1.2296 (HKLM-x32\...\{039BC111-5D42-BD22-5D57-C7073E40209A}_is1) (Version: 2.1.2296 - SuperEasy Software GmbH & Co. KG)
Task ForceQuit Pro version 1.0.2 (HKLM\...\{61F50A30-6EE3-413B-B090-C94C0C3244C9}_is1) (Version: 1.0.2 - Softorino)
Uninstall Abelssoft Backup (HKLM-x32\...\Abelssoft Backup_is1) (Version: 2.2 - Abelssoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-

0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-

1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-

1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-

3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) 

(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) 

(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-

86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-

CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) 

(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-

1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-

9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-

9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-

B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-

E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-

563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-

5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-

59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-

59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-

DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-

8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-

A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-

5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-

E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-

E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-

3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-

3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-

6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-

6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-

58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-

23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250

-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-

16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-

C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-

ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-

4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-

BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-

78440A411DC5}) (Version:  - Microsoft)
UpdateYeti (HKLM-x32\...\UpdateYeti_is1) (Version: 2.16 - Abelssoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VR-IBAN-Konverter (HKLM-x32\...\{6942F598-FD76-405A-A242-1C888519F9FD}) (Version: 1.00.0028 - Genossenschaftliche FinanzGruppe)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.44 - VSO-Software SARL)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1420 - 1&1 Mail & Media GmbH)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.6.6 - Shark007)
Windows 7 Tweaker 3.8 (HKLM-x32\...\{36349091-DAA6-40C5-AB31-5EFAF8291263}) (Version: 3.8.0.0 - SuRe Softwares)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinHTTrack Website Copier 3.46-1 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.9.0.16 - Winload)
WinSweeper 2.1 (HKLM-x32\...\{96E8A815-3053-4616-AAC2-865E6B1792F5}_is1) (Version:  - Solvusoft Corporation)
Wondershare PDF to Word (Build 4.0.1) (HKLM-x32\...\{90599D63-1879-4B90-BE4F-051CE70FA576}_is1) (Version: 4.0.1 - Wondershare Software)
Z-defragRAM (HKLM-x32\...\{0F9F096B-9EF0-43A2-91C8-4613835312F7}) (Version: 2.7 - IMU Andreas Baumann)
ZehbeSoft Geburtstagsmahner (HKLM-x32\...\ZehbeSoft Geburtstagsmahner) (Version: 3.2 - ZehbeSoft)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Restore Points  =========================

03-05-2014 07:00:21 Windows Update
03-05-2014 18:30:19 Windows Update
05-05-2014 14:08:08 Revo Uninstaller's restore point - Norton 360
06-05-2014 12:32:09 Removed Adobe Reader XI (11.0.06) - Deutsch.
06-05-2014 12:57:40 Removed Skype Click to Call
06-05-2014 14:39:19 Revo Uninstaller's restore point - G Data InternetSecurity CBE
06-05-2014 14:47:02 avast! antivirus system restore point
06-05-2014 15:11:56 Removed QuickTime
06-05-2014 21:50:04 Windows Update
08-05-2014 16:01:52 Revo Uninstaller's restore point - Software Updater
08-05-2014 16:26:49 Removed Software Updater
08-05-2014 16:30:15 Revo Uninstaller's restore point - Mozilla Firefox Packages
08-05-2014 16:54:35 Revo Uninstaller's restore point - Spybot - Search & Destroy

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-08 21:34 - 00449915 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {03D6FB05-C018-4B16-834D-B64B8425CFD2} - System32\Tasks\{E7C6475D-13BF-4367-BEDB-344C52D2FC52} => C:\Program Files (x86)\DATA BECKER\CD-DVD Druckerei 

7 LE\cdd7le.exe [2009-11-17] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de))
Task: {0CCEF991-AF3A-4914-994A-127FDBE4FE94} - System32\Tasks\{143D7CC1-9826-4A3B-B0B8-887846BB2997} => C:\WINPROV\PROVEX.EXE [2000-03-25] ()
Task: {0D0A0414-324E-4A06-BC84-8A9D5863B338} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe 

[2014-03-19] (Microsoft Corporation)
Task: {0D0EE8AC-C4A9-4D78-B869-C33C2809A9ED} - System32\Tasks\{39756720-27CA-45B3-9847-3DF5927AD718} => C:\Users\Heiner\Documents\Downloads\microphotoed.exe
Task: {0D1B33CC-D3EA-48B0-820F-671514EFD303} - System32\Tasks\{DB1315A6-2C30-499B-8F26-F7973DF83172} => C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 

11\burningstudio11.exe [2012-01-18] (Ashampoo)
Task: {1609A182-F4DC-48EA-B5B3-1C3CD40F99D3} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 

[2011-10-28] (Hewlett-Packard)
Task: {165AD554-71FC-45FC-9430-C553BAC120F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-06] 

(AVAST Software)
Task: {1A9A5B66-0D5B-4190-B793-646C1EDDA43C} - System32\Tasks\{8FC815E3-5A81-4D90-9ADF-737CE24785E1} => C:\NOF 11\NetObjectsFusion11.exe
Task: {1EC9D076-1AA8-4A1D-B90D-1D8EC910C4AB} - System32\Tasks\{286DE59C-5619-45D6-834D-03B42686049B} => C:\Program Files (x86)\DEUTSCHLAND SPIELT

\RitterArthur3\RitterArthur3_og.exe [2011-09-19] ()
Task: {29E571DF-D89B-42BF-AF28-9FA2B2805E6B} - System32\Tasks\HPCeeScheduleForHEINER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010

-09-14] (Hewlett-Packard)
Task: {2A6E74B7-40CE-4752-86AF-0C328F55055B} - System32\Tasks\{2DA69B64-ACB1-43A5-AE76-8900DC574D7C} => C:\Users\Heiner\Documents\Downloads\microphotoed.exe
Task: {2AB24122-0EAE-4D37-AD6D-115C5DACA819} - System32\Tasks\{F5AB068E-5947-4A04-A33A-3BAE76C0A58F} => D:\Downloads\DVD\DVD Shrink.exe [2012-04-26] 

(www.download-sponsor.de)
Task: {2FA97941-05B6-456A-970F-B86D4E42CB4D} - System32\Tasks\{05D9FB28-AC1E-407D-A26C-DA992299B262} => D:\Patiencen\patipak.exe
Task: {36BC8854-528E-4ECD-B3B2-30427E2B4DBB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe 

[2014-03-19] (Microsoft Corporation)
Task: {37E5C3AD-7A5E-4907-AF0E-2A1A4B903E9C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe 

[2014-03-19] (Microsoft Corporation)
Task: {3B6BD6B2-32F8-43A4-AE88-8ABE6B5B60AF} - System32\Tasks\{A377CDEC-6265-47E7-8F95-306EB96A1348} => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 

[2014-02-14] (Samsung Electronics Co., Ltd.)
Task: {4221945C-C938-4607-8907-E63519C9551A} - System32\Tasks\{A0CF2158-4F2D-4BF8-8D35-01927F7722EA} => C:\Program Files (x86)\DEUTSCHLAND SPIELT

\RitterArthur3\RitterArthur3_og.exe [2011-09-19] ()
Task: {424CF20A-196B-4F8C-826B-0C2D8E98817E} - System32\Tasks\{E9F64151-59BB-4A2D-AEFD-FC9974E909F4} => C:\WINPROV\PROVEX.EXE [2000-03-25] ()
Task: {42E1DCCC-B1BF-4AF6-9082-5521B983EAD7} - System32\Tasks\{3FA3D464-BB66-475A-B67D-41777D09EEC3} => D:\Downloads\DVD\DVD Shrink.exe [2012-04-26] 

(www.download-sponsor.de)
Task: {453C0A7C-83FF-49C0-AFE6-518B3F880312} - System32\Tasks\{DEDB5CEF-F8C3-4398-86B8-2F69CAADB9D6} => D:\Downloads\DVD\DVD Shrink.exe [2012-04-26] 

(www.download-sponsor.de)
Task: {48548F49-79B5-439E-BD63-BB645E444317} - System32\Tasks\{207771AB-87A6-4DA6-8285-CF3225B2A6FE} => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 

[2014-02-14] (Samsung Electronics Co., Ltd.)
Task: {4B790BF0-52BB-4A57-AAB5-5EA1741814A3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard 

Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4DF67846-6F85-4FBA-8C84-92E8C31CBBEA} - System32\Tasks\{DDA70186-FED9-4946-A4E5-90AE5103A6C6} => X:\Thumbs32\Thumbs.exe
Task: {5237A3A7-6A27-4E1C-A70A-7A817A0DCF40} - System32\Tasks\{12E7D124-9590-48FC-8C30-547A37A68900} => C:\Program Files (x86)\DVDFab Mein Filmkopierer

\Passkey_mogen312.exe
Task: {66528F0E-CFBD-4D0D-87F1-D661A3BE1FBE} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe [2013-04-24] (Crystal Dew World)
Task: {67F44284-F367-4C9D-90A1-F7628BE33035} - System32\Tasks\{83FE75BE-B444-46C9-A8A4-9274D571B556} => F:\win-7\ZEHBESOFT\Geburtstagsmahner\GebEdit.exe
Task: {6BE2A88D-AFF1-4046-90EA-3C66762BCBE6} - System32\Tasks\{209CAB11-0569-48BA-A020-3405E26449F0} => C:\Program Files (x86)\DVDFab Mein Filmkopierer

\Passkey_mogen312.exe
Task: {72A59A48-08AF-4E49-975F-D544BC45CD28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 

[2014-04-30] (Adobe Systems Incorporated)
Task: {7704E756-7309-439C-A5E2-56B395184E2A} - System32\Tasks\{438D002F-EBA9-4FC8-AA1A-9B602940377B} => C:\NOF 11\NetObjectsFusion11.exe
Task: {7C912EB6-4593-4537-B120-C469A0A6837D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe 

[2014-03-19] (Microsoft Corporation)
Task: {85801777-28B0-485C-8D8B-AF94227BF0EF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {878271C5-0B38-4CE7-B583-0D36C70E2365} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] 

(Oracle Corporation)
Task: {87EDEAE0-DA83-40A4-A60A-A3E5040F8E09} - System32\Tasks\{7490306D-356B-4D80-97AF-2B7C26FCE2D4} => C:\Users\Heiner\Downloads\Kies_2.3.2.12054_19_1.exe 

[2012-06-08] (Samsung Electronics Co., Ltd.                                )
Task: {8BC023FB-83A2-4A56-B271-4E7D22EBAF04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP 

Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-08-23] (Hewlett-Packard)
Task: {8C42A418-E1EA-49AB-A69A-0A4C0D1F8C74} - System32\Tasks\StartupStar Firewall => C:\Program Files (x86)\StartupStar\StartupStar.exe [2014-03-18] (Ascora GmbH)
Task: {90A52081-54D3-41C9-A716-2FC4C72651E0} - System32\Tasks\{49E87411-F615-466C-A839-E14238618FC4} => C:\Program Files (x86)\DATA BECKER\CD-DVD Druckerei 7 

LE\cdd7le.exe [2009-11-17] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de))
Task: {966E6D5F-106F-49AB-B5FA-C9DF9804F216} - System32\Tasks\{80F1F312-D9D8-4DA4-823B-6DF6ABFF1515} => C:\Program Files (x86)\DEUTSCHLAND SPIELT

\RitterArthur3\RitterArthur3_og.exe [2011-09-19] ()
Task: {A3DC59AD-14C1-4C91-895F-6EC6E38C8443} - System32\Tasks\{67C7E33E-52E7-4178-A345-0E3D8CAD952B} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 

1&amp;1 Edition\Fusion-Lite.exe
Task: {AEF931EC-C9E8-4371-862E-30A3D0DA95F0} - System32\Tasks\HPCeeScheduleForHeiner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] 

(Hewlett-Packard)
Task: {B0F7ADAA-23FD-4EC8-B928-A78F68B13C51} - System32\Tasks\{61591E19-00CD-40E5-A9E8-696A42DAD574} => C:\Program Files (x86)\DEUTSCHLAND SPIELT

\RitterArthur3\RitterArthur3_og.exe [2011-09-19] ()
Task: {B9105CF7-19C2-4205-9224-06B5F3F14B6A} - System32\Tasks\{EB6A9F57-B403-4D44-BD31-56C56A204518} => C:\WINPROV\PROVEX.EXE [2000-03-25] ()
Task: {BE646BB8-623C-40DF-B571-5C122D2E58BD} - System32\Tasks\DriverDoc_UPDATES => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe [2012-10-05] (Solvusoft 

Corporation)
Task: {C1C02DBB-0AE1-48A7-A5D3-387EC2D1C68D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe
Task: {C64420B8-4465-4EE9-9CCA-85904DBC77DB} - System32\Tasks\{4525A462-29D6-4A40-9289-9B0E7021CA28} => C:\WINPROV\PROVEX.EXE [2000-03-25] ()
Task: {CEC38045-575A-42D5-8204-B9E04D7244CA} - System32\Tasks\{A1452094-D68B-4CEE-9064-5891FA62E8F8} => D:\NetObjektsFusion 11\Fusion-Lite.exe
Task: {CECC5E33-2091-4998-8415-5494311B52BF} - System32\Tasks\{4861292C-014D-4292-A21B-416D290D9B54} => C:\Program Files (x86)\DATA BECKER\CD-DVD Druckerei 7 

LE\cdd7le.exe [2009-11-17] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de))
Task: {D391985E-09C3-4E96-9671-28C0F3180469} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] 

()
Task: {DE047D14-82B0-4CDA-8FAD-515FC2EC427E} - System32\Tasks\{B799625F-375D-4E0A-A224-259E5A3994F7} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 

1&amp;1 Edition\Fusion-Lite.exe
Task: {DF04659D-50AF-4868-9408-27B54EEDD648} - System32\Tasks\{08E77ADF-4B60-4664-9037-41FB83E10982} => F:\win-7\ZEHBESOFT\Geburtstagsmahner\GebEdit.exe
Task: {E0257E8C-AFC0-4A4E-AF90-8E31B20AA4A0} - System32\Tasks\{32596735-6652-415C-8E6B-01D767887CAD} => C:\Program Files (x86)\DVDFab Mein Filmkopierer

\Passkey_mogen312.exe
Task: {E2BD79FF-9419-448C-982E-D9BCEEDF9A44} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {E54D9390-CCBB-4D37-9881-0B7510C51376} - System32\Tasks\{937B2B51-FA12-4CC1-9D67-A9E8AE4B11D8} => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 

[2014-02-14] (Samsung Electronics Co., Ltd.)
Task: {EBE7B988-F210-407D-973A-B23CC42B637F} - System32\Tasks\NetFusion 12 => C:\Program Files (x86)\NetObjects\NetObjects Fusion 12.0\Fusion.exe [2011-12-05] 

(NetObjects)
Task: {FA6E6733-24EE-477D-9C37-B0E8F89E927A} - System32\Tasks\{59736D31-F61C-4388-955C-F5DCE4C388B8} => C:\Users\Heiner\Documents\Downloads\microphotoed.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverDoc_UPDATES.job => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHEINER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeiner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\StartupStar Firewall.job => C:\Program Files (x86)\StartupStar\StartupStar.exe

==================== Loaded Modules (whitelisted) =============

2013-08-20 18:42 - 2012-07-30 09:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2014-04-26 14:36 - 2014-04-26 14:35 - 01260648 _____ () C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe
2013-09-13 13:17 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-06-01 08:14 - 2011-06-01 08:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-04-12 02:20 - 2011-04-12 02:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-12 02:20 - 2011-04-12 02:20 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-09 13:42 - 2014-05-09 13:42 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14050900\algo.dll
2014-05-09 18:44 - 2014-05-09 18:44 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14050902\algo.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-06 16:47 - 2014-05-06 16:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-29 16:12 - 2014-04-22 11:25 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-21 10:13 - 2014-03-21 10:13 - 01020928 _____ () C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\extensions

\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-04-29 09:01 - 2014-04-30 23:29 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:B24B19F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UxTuneUp => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^honestech Audio Recorder 2.0 Deluxe Launcher.lnk => C:\Windows\pss\honestech 

Audio Recorder 2.0 Deluxe Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => 
MSCONFIG\startupfolder: C:^Users^Heiner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Alamandi tray notifier => 
MSCONFIG\startupreg: Alle meine Passworte => C:\PROGRA~2\AMP\AMP.EXE
MSCONFIG\startupreg: COMPUTERBILD-Abzockschutz Premium => "C:\Program Files (x86)\COMPUTERBILD-Abzockschutz Premium\bin\COMPUTERBILD-Abzockschutz 

Premium.exe"
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: SOS_Agent => "C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe" -agent
MSCONFIG\startupreg: Spiele Post => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-08 19:58:17.747
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. 

Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche 

Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-08 19:58:17.586
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. 

Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche 

Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 8178.82 MB
Available physical RAM: 4470.75 MB
Total Pagefile: 16355.82 MB
Available Pagefile: 11916.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:585.94 GB) (Free:116.07 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1264.33 GB) (Free:855.02 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:12.65 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (EXTERN) (Fixed) (Total:931.51 GB) (Free:490.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0D08D81B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=586 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-841464414208) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 7AABCF89)

Partition: GPT Partition Type.

==================== End Of Log ============================

Hallo Schrauber
Du bist SPITZE....und ich maßlos erleichtert. Jetzt spende ich Euch gerne etwas, denn mit einem feuchten Händedruck könnt Ihr herzlich wenig anfangen!

posadi17 im IE
hat aufgehört zu existieren

und so hat es angefangen:

Liebe Grüße und vielen Dank
lillimucki

schrauber · 10.05.2014, 17:35

Supi, Kontrollscans und wir sind durch

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

lillimucki · 11.05.2014, 05:24

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cfed5e0ed7051c47b0a9fc3c4f3e8efc
# engine=18210
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-11 02:02:43
# local_time=2014-05-11 04:02:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 66 80 386075 386094 0 0
# compatibility_mode=5893 16776573 100 94 159950 151403613 0 0
# scanned=1373452
# found=1
# cleaned=0
# scan_time=30295
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="C:\Users\Heiner\Desktop\*\Alte Firefox-Daten\extensions\plugin@yontoo.com\content\overlay.js"

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Heiner (administrator) on HEINER-HP on 11-05-2014 07:08:16
Running from C:\Users\Heiner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hollie-Soft) C:\Program Files (x86)\Klebezettel NG\klebez.exe
(Mirko Böer) C:\Program Files (x86)\AmP\AmP.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
() C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(IMU-BerliNet) D:\Z-defrag RAM\zdefrag27\z-defrag\Z-defrag.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logicool, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Z-defragRAM] => D:\Z-defrag RAM\zdefrag27\z-defrag\Z-defrag.EXE [233536 2011-03-17] (IMU-BerliNet)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-06] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [Klebezettel NG] => C:\Program Files (x86)\Klebezettel NG\klebez.exe [4418048 2014-02-20] (Hollie-Soft)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [Alle meine Passworte] => C:\Program Files (x86)\AmP\AmP.exe [3792776 2011-05-25] (Mirko Böer)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [InetStat] => C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe [1260648 2014-04-26] ()
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [HideSCABattery] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Geburtstagsmahner.lnk
ShortcutTarget: Geburtstagsmahner.lnk -> D:\ZEHBESOFT\Geburtstagsmahner\GebAlert.exe (ZehbeSoft)
Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x521226656469CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\QUICKEN8\inet\common\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
URLSearchHook: HKLM-x32 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
URLSearchHook: HKLM-x32 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {274f31ad-f6cd-4945-bc41-ff5408939c05} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz Premium - {d9b15ccf-bdb7-4d41-82ee-7cdc09afc400} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022
FF Homepage: https://www.google.de/|hxxp://www.onlinetvrecorder.com/v2/?go=list&tab=search&station=&date=sinceregister&year=2014&fd=1&fm=1&td=31&tm=12&actor=&director=&minutes=&title=&times=0&intext=0&cbde=0&cbsing=0&cben=0&cbxy=0&cbfav=0&rating=0&weekday=&searchmethod=match&indatefrom=0&indateto=0&intimefrom=&intimeto=&genre=0&format=&source=my&filestate=&wdh=&fsk=&start=0&view=table&order=beginn&saveorder=beginn|hxxp://www.wetter.com/wetter_aktuell/wettervorhersage/heute/deutschland/obernzenn/DE0007791.html|hxxp://wetter.msn.com/local.aspx?wealocations=wc:8256724&q=Bad+Windsheim%2c+BY|hxxp://www.unwetterzentrale.de/uwz/getwarning_de.php?xpos=187&ypos=193&bland=bayern&lang=de|hxxp://www.unwetterzentrale.de/uwz/bayernindex.html
FF NetworkProxy: "socks_version", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Heiner\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary (de-DE), classical spelling standards - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\alterechtschreibung@googlemail.com [2013-10-30]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\de_DE@dicts.j3e.de [2014-03-22]
FF Extension: HashColouredTabs+ - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\hashcolouredtabs@bristol.ac.uk [2013-09-27]
FF Extension: LastPass - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\support@lastpass.com [2014-03-21]
FF Extension: New Tab Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\weidunewtab@gmail.com [2014-04-29]
FF Extension: Forecastfox - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-09-27]
FF Extension: ColorfulTabs - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-02]
FF Extension: DownloadHelper - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: New Tab King - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-05-06]
FF Extension: Add to Amazon Wish List Button - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\amznUWL2@amazon.com.xpi [2014-02-13]
FF Extension: Classic Theme Restorer - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-29]
FF Extension: IdentFavIcon - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\identfavicon@david.hanak.hu.xpi [2013-09-27]
FF Extension: Personas Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\personas@christopher.beard.xpi [2013-09-27]
FF Extension: S3.Google Translator - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\s3google@translator.xpi [2013-11-14]
FF Extension: FastestFox - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\smarterwiki@wikiatic.com.xpi [2014-02-13]
FF Extension: FlashGot - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-09-27]
FF Extension: Adblock Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF Extension: Tab Mix Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-27]
FF Extension: Torbutton - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2013-12-16]
FF Extension: Menu Editor - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-09-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-06] (AVAST Software)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-10-14] (DATA BECKER GmbH & Co KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [318328 2014-04-09] (Steganos Software GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-05-15] ()
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-06] ()
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [318152 2010-05-15] (EldoS Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-04-27] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2012-12-06] (Abelssoft GmbH)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2012-05-23] (Devguru Co., Ltd)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-10] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2010-10-08] (Paragon Software Group)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2011-05-31] (Abelssoft GmbH)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [41488 2008-02-29] (Logicool, Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-10-08] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-10-08] (Paragon)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 07:08 - 2014-05-11 07:08 - 00031473 _____ () C:\Users\Heiner\Desktop\FRST.txt
2014-05-11 07:07 - 2014-05-11 07:07 - 02066432 _____ (Farbar) C:\Users\Heiner\Desktop\FRST64.exe
2014-05-11 06:25 - 2014-05-11 06:25 - 00855379 _____ () C:\Users\Heiner\Desktop\SecurityCheck.exe
2014-05-10 21:30 - 2014-05-10 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 19:35 - 2014-05-10 19:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-09 17:45 - 2014-05-09 17:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 16:08 - 2014-05-09 16:08 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\Program Files\Netzmanager
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-05-09 13:52 - 2014-05-09 14:05 - 00000000 ____D () C:\Users\Heiner\Documents\AvastPEToolkit
2014-05-08 23:00 - 2014-05-08 23:00 - 00000000 ___SD () C:\ComboFix
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\Program Files (x86)\Steganos Online Shield
2014-05-08 21:34 - 2014-05-08 20:01 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140508-213428.backup
2014-05-08 21:05 - 2014-05-08 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-08 20:09 - 2014-05-08 20:09 - 00039153 _____ () C:\ComboFix.txt
2014-05-08 18:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-08 18:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-08 18:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-08 18:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-08 18:50 - 2014-05-08 23:00 - 00000000 ____D () C:\Qoobox
2014-05-08 18:50 - 2014-05-08 20:06 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Leadertech
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logitech
2014-05-08 12:48 - 2014-05-09 18:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-05-08 12:48 - 2014-05-09 18:02 - 00000475 _____ () C:\Windows\LkmdfCoInst.log
2014-05-08 12:48 - 2014-05-08 12:48 - 00015343 _____ () C:\Windows\LDPINST.LOG
2014-05-08 12:48 - 2014-05-08 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-05-08 12:47 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logishrd
2014-05-08 12:47 - 2014-05-08 12:48 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-05-08 12:47 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Logitech
2014-05-08 12:46 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logitech
2014-05-08 12:46 - 2014-05-08 12:47 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logishrd
2014-05-07 19:58 - 2014-05-07 19:58 - 17630356 _____ () C:\Users\Heiner\Desktop\Junger Klaviervirtuose.mp4
2014-05-07 09:51 - 2014-05-11 07:08 - 00000000 ____D () C:\FRST
2014-05-07 09:10 - 2014-05-07 09:10 - 05200039 ____R (Swearware) C:\Users\Heiner\Desktop\ComboFix - Copy.exe
2014-05-07 01:02 - 2014-05-07 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 01:02 - 2014-05-07 01:01 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-06 16:55 - 2014-05-06 16:55 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (2)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (4)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (3)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST!
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST
2014-05-06 16:48 - 2014-05-08 20:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-06 16:48 - 2014-05-06 16:48 - 00002020 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-06 16:48 - 2014-05-06 16:47 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-06 16:47 - 2014-05-06 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 16:47 - 2014-05-06 16:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-06 16:44 - 2014-05-06 16:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:42 - 2014-05-09 18:02 - 00002050 _____ () C:\Windows\setupact.log
2014-05-05 16:41 - 2014-05-05 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:40 - 2014-05-09 17:37 - 00095264 _____ () C:\Windows\PFRO.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000779 _____ () C:\Users\Heiner\AppData\Roaming\gdscan.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000000 _____ () C:\Users\Heiner\AppData\Roaming\gdfw.log
2014-05-05 16:21 - 2014-05-06 16:42 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-05 16:21 - 2014-05-05 16:21 - 00001962 _____ () C:\Windows\DPINST.LOG
2014-05-05 16:20 - 2014-05-06 16:41 - 00000000 ____D () C:\ProgramData\G Data
2014-05-05 16:18 - 2014-05-05 16:19 - 00033464 _____ () C:\Users\Heiner\Documents\cc_20140505_161846.reg
2014-05-05 16:14 - 2014-05-05 16:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-03 20:37 - 2014-05-03 20:37 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Trend Micro
2014-05-03 20:30 - 2014-05-03 20:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:30 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-03 20:30 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 20:23 - 2014-05-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-03 09:00 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 09:00 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 09:00 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 09:00 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 19:34 - 2014-05-09 17:36 - 00000000 ____D () C:\AdwCleaner
2014-04-30 15:57 - 2014-05-11 07:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 15:52 - 2014-04-30 15:52 - 00000000 ____D () C:\Users\Heiner\Documents\OneNote-Notizbücher
2014-04-30 13:08 - 2014-05-09 20:59 - 00000000 ___RD () C:\Users\Heiner\Desktop\Grafiken
2014-04-30 09:32 - 2014-04-30 09:33 - 00000450 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-30 08:27 - 2014-04-09 07:41 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140430-082747.backup
2014-04-29 11:31 - 2014-05-09 18:03 - 00000266 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2014-04-29 11:31 - 2014-04-29 11:31 - 00002536 _____ () C:\Windows\System32\Tasks\StartupStar Firewall
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupStar
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\Program Files (x86)\StartupStar
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 09:48 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 09:42 - 2014-04-29 09:42 - 00001477 ____R () C:\Windows\AllemeinePassworte0_Uninstall.in
2014-04-29 09:42 - 2014-04-29 09:42 - 00000000 ____D () C:\Program Files\AmP
2014-04-29 09:42 - 2013-10-21 15:36 - 00583048 _____ (Mirko Böer) C:\Windows\AmPUn0.exe
2014-04-26 15:00 - 2014-04-26 15:00 - 00001132 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-26 14:36 - 2014-05-01 21:08 - 00001051 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-26 14:36 - 2014-04-26 14:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\InetStat
2014-04-26 14:35 - 2014-04-26 14:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieUserList
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieSiteList
2014-04-23 07:31 - 2014-04-09 07:41 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-073145.backup
2014-04-22 19:38 - 2014-04-22 19:39 - 00000041 _____ () C:\Users\Public\IK_PosLen.dat
2014-04-22 19:36 - 2014-04-22 19:37 - 00000000 ____D () C:\Program Files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 19:36 - 2014-04-22 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-IBAN-Konverter
2014-04-22 12:24 - 2014-04-22 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-04-21 01:26 - 2014-05-01 11:12 - 00001044 _____ () C:\Users\Heiner\Documents\DownloadScout.lst
2014-04-18 20:05 - 2014-04-18 20:30 - 00000000 ____D () C:\Users\Heiner\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2014-04-18 20:05 - 00001364 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk
2014-04-18 20:02 - 2014-04-18 20:05 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013
2014-04-17 17:56 - 2014-04-17 17:56 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM
2014-04-15 08:04 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 08:04 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-15 08:04 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 08:04 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-15 08:04 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 08:04 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 08:04 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-15 08:04 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-15 08:04 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 08:04 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-15 08:04 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-15 08:04 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 08:04 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 08:04 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-15 08:04 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-15 08:04 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-15 08:04 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-15 08:04 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-15 08:04 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 08:04 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-15 08:04 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-15 08:04 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-15 08:04 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-15 08:04 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-15 08:04 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-15 08:04 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 08:04 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-15 08:04 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-15 08:04 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-15 08:04 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 08:04 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-15 08:04 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 08:04 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-15 08:04 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-15 08:04 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 08:04 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-15 08:04 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-15 08:04 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-15 08:04 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 08:04 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 08:04 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-15 08:04 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-15 08:04 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-15 08:04 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 10:46 - 2014-04-12 10:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DataDesign
2014-04-12 10:45 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\Documents\Lexware
2014-04-12 10:31 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Lexware
2014-04-12 10:30 - 2014-04-17 19:32 - 00002978 _____ () C:\Users\Public\Desktop\Quicken DELUXE 2014.lnk
2014-04-12 10:30 - 2014-04-12 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2014-04-12 10:29 - 2014-04-12 10:31 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-12 10:29 - 2014-04-12 10:30 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-12 10:28 - 2014-04-12 10:31 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Lexware
2014-04-12 10:25 - 2014-04-12 10:25 - 00069662 _____ () C:\Users\Heiner\Downloads\PageDefrag232.zip

==================== One Month Modified Files and Folders =======

2014-05-11 07:08 - 2014-05-11 07:08 - 00031473 _____ () C:\Users\Heiner\Desktop\FRST.txt
2014-05-11 07:08 - 2014-05-07 09:51 - 00000000 ____D () C:\FRST
2014-05-11 07:07 - 2014-05-11 07:07 - 02066432 _____ (Farbar) C:\Users\Heiner\Desktop\FRST64.exe
2014-05-11 07:07 - 2012-03-08 17:31 - 00000000 ____D () C:\DVD-ColdCut
2014-05-11 07:06 - 2012-03-08 18:57 - 00000000 ___RD () C:\Users\Heiner\Desktop\Programme
2014-05-11 07:00 - 2014-04-30 15:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 07:00 - 2012-03-30 14:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 06:25 - 2014-05-11 06:25 - 00855379 _____ () C:\Users\Heiner\Desktop\SecurityCheck.exe
2014-05-11 06:18 - 2012-04-24 19:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 21:30 - 2014-05-10 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 19:37 - 2012-01-03 05:59 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-05-10 19:37 - 2012-01-03 05:59 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-05-10 19:37 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 19:35 - 2014-05-10 19:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-10 19:22 - 2012-03-08 15:58 - 02003543 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 20:59 - 2014-04-30 13:08 - 00000000 ___RD () C:\Users\Heiner\Desktop\Grafiken
2014-05-09 20:32 - 2012-03-08 16:13 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHeiner
2014-05-09 20:32 - 2012-03-08 16:13 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForHeiner.job
2014-05-09 18:52 - 2013-01-27 14:23 - 00000000 ___RD () C:\Users\Heiner\Desktop\Texte
2014-05-09 18:03 - 2014-04-29 11:31 - 00000266 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2014-05-09 18:02 - 2014-05-08 12:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-05-09 18:02 - 2014-05-08 12:48 - 00000475 _____ () C:\Windows\LkmdfCoInst.log
2014-05-09 18:02 - 2014-05-06 16:42 - 00002050 _____ () C:\Windows\setupact.log
2014-05-09 17:57 - 2012-03-08 17:38 - 00000000 ____D () C:\Users\Heiner\Documents\Excel-Dateien
2014-05-09 17:46 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 17:46 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 17:45 - 2014-05-09 17:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 17:44 - 2012-07-08 14:10 - 00000000 ____D () C:\Download
2014-05-09 17:39 - 2012-01-03 06:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-09 17:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 17:37 - 2014-05-05 16:40 - 00095264 _____ () C:\Windows\PFRO.log
2014-05-09 17:36 - 2014-05-01 19:34 - 00000000 ____D () C:\AdwCleaner
2014-05-09 16:30 - 2012-06-08 17:09 - 00000000 ___RD () C:\Users\Heiner\Desktop\*
2014-05-09 16:16 - 2012-06-18 14:49 - 00000000 ____D () C:\ProgramData\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\Program Files\Netzmanager
2014-05-09 14:30 - 2012-03-08 18:11 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Thunderbird
2014-05-09 14:30 - 2012-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-05-09 14:05 - 2014-05-09 13:52 - 00000000 ____D () C:\Users\Heiner\Documents\AvastPEToolkit
2014-05-09 13:28 - 2013-07-17 10:23 - 00000004 _____ () C:\Users\Heiner\Desktop\Heilerliste.txt
2014-05-08 23:00 - 2014-05-08 23:00 - 00000000 ___SD () C:\ComboFix
2014-05-08 23:00 - 2014-05-08 18:50 - 00000000 ____D () C:\Qoobox
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\Program Files (x86)\Steganos Online Shield
2014-05-08 21:34 - 2012-03-13 18:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-08 21:10 - 2012-03-13 18:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-08 21:05 - 2014-05-08 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-08 20:09 - 2014-05-08 20:09 - 00039153 _____ () C:\ComboFix.txt
2014-05-08 20:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-08 20:07 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 20:06 - 2014-05-08 18:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 20:03 - 2009-07-14 04:34 - 00000232 _____ () C:\Windows\system.ini
2014-05-08 20:02 - 2014-05-06 16:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-08 20:01 - 2014-05-08 21:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140508-213428.backup
2014-05-08 20:00 - 2009-07-14 04:34 - 94371840 _____ () C:\Windows\system32\config\software.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 23592960 _____ () C:\Windows\system32\config\system.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-05-08 19:59 - 2012-03-08 16:00 - 00000000 ____D () C:\Users\Heiner
2014-05-08 19:43 - 2013-02-05 08:55 - 00000000 ____D () C:\Program Files (x86)\FlashGet
2014-05-08 19:37 - 2012-12-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-08 19:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 19:22 - 2012-04-27 07:58 - 00000000 ____D () C:\ProgramData\firebird
2014-05-08 18:46 - 2012-10-21 13:01 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\MozillaFirefoxPackages
2014-05-08 16:29 - 2012-03-08 18:55 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\vlc
2014-05-08 16:04 - 2012-03-08 18:11 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Thunderbird
2014-05-08 14:11 - 2012-03-09 14:39 - 00000000 ____D () C:\Users\Heiner\AppData\Local\CrashDumps
2014-05-08 12:52 - 2012-03-08 16:13 - 00000000 ___RD () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Leadertech
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logitech
2014-05-08 12:49 - 2014-05-08 12:47 - 00000000 ____D () C:\ProgramData\Logishrd
2014-05-08 12:49 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logitech
2014-05-08 12:48 - 2014-05-08 12:48 - 00015343 _____ () C:\Windows\LDPINST.LOG
2014-05-08 12:48 - 2014-05-08 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-05-08 12:48 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-05-08 12:47 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Logitech
2014-05-08 12:47 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logishrd
2014-05-07 21:31 - 2012-03-16 00:10 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 3
2014-05-07 20:17 - 2013-07-26 08:36 - 00000280 _____ () C:\Windows\Tasks\DriverDoc_UPDATES.job
2014-05-07 20:16 - 2012-03-08 17:32 - 00000000 ____D () C:\DVD-Filme-Archiv
2014-05-07 19:58 - 2014-05-07 19:58 - 17630356 _____ () C:\Users\Heiner\Desktop\Junger Klaviervirtuose.mp4
2014-05-07 09:10 - 2014-05-07 09:10 - 05200039 ____R (Swearware) C:\Users\Heiner\Desktop\ComboFix - Copy.exe
2014-05-07 08:36 - 2013-07-26 08:36 - 00003026 _____ () C:\Windows\System32\Tasks\DriverDoc_UPDATES
2014-05-07 01:02 - 2014-05-07 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 01:01 - 2014-05-07 01:02 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-06 17:12 - 2013-11-21 16:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-06 17:02 - 2012-04-13 17:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-06 17:02 - 2012-03-08 16:26 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Adobe
2014-05-06 17:01 - 2012-04-13 18:00 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Adobe
2014-05-06 16:55 - 2014-05-06 16:55 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (2)
2014-05-06 16:55 - 2012-10-01 15:07 - 00000000 ____D () C:\Users\Heiner\Documents\default
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (4)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (3)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST!
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST
2014-05-06 16:48 - 2014-05-06 16:48 - 00002020 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-06 16:47 - 2014-05-06 16:48 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-06 16:47 - 2014-05-06 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 16:47 - 2014-05-06 16:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-06 16:44 - 2014-05-06 16:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:42 - 2014-05-05 16:21 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-06 16:41 - 2014-05-05 16:20 - 00000000 ____D () C:\ProgramData\G Data
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-05-06 14:58 - 2012-06-25 20:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-06 14:33 - 2012-01-03 06:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-06 08:00 - 2013-12-16 09:47 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Steganos VPN
2014-05-05 16:41 - 2014-05-05 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000779 _____ () C:\Users\Heiner\AppData\Roaming\gdscan.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000000 _____ () C:\Users\Heiner\AppData\Roaming\gdfw.log
2014-05-05 16:21 - 2014-05-05 16:21 - 00001962 _____ () C:\Windows\DPINST.LOG
2014-05-05 16:19 - 2014-05-05 16:18 - 00033464 _____ () C:\Users\Heiner\Documents\cc_20140505_161846.reg
2014-05-05 16:17 - 2012-12-06 21:27 - 00000000 ____D () C:\ProgramData\VSO
2014-05-05 16:17 - 2012-06-11 11:04 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\FileZilla
2014-05-05 16:17 - 2012-03-09 11:53 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Vso
2014-05-05 16:17 - 2012-03-08 17:01 - 00000000 ___DC () C:\Users\Heiner\AppData\Local\MigWiz
2014-05-05 16:14 - 2014-05-05 16:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 16:10 - 2012-01-03 06:34 - 00000000 ____D () C:\ProgramData\Norton
2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-03 20:37 - 2014-05-03 20:37 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Trend Micro
2014-05-03 20:30 - 2014-05-03 20:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:23 - 2014-05-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-02 17:34 - 2012-03-15 15:14 - 00000000 ____D () C:\Ablage
2014-05-02 10:17 - 2012-03-11 00:17 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ZSGebmahner
2014-05-02 08:19 - 2012-12-05 13:56 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHEINER-HP$
2014-05-02 08:19 - 2012-12-05 13:56 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForHEINER-HP$.job
2014-05-01 21:08 - 2014-04-26 14:36 - 00001051 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-01 21:08 - 2012-08-27 11:32 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\CheckPoint
2014-05-01 20:58 - 2013-09-13 13:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-01 17:23 - 2012-03-11 14:54 - 00143360 _____ () C:\Users\Heiner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-01 17:23 - 2012-03-08 20:58 - 00000000 ____D () C:\Users\Heiner\AppData\Local\ColdCut
2014-05-01 11:12 - 2014-04-21 01:26 - 00001044 _____ () C:\Users\Heiner\Documents\DownloadScout.lst
2014-05-01 11:12 - 2013-04-07 10:39 - 00000170 _____ () C:\Users\Heiner\Documents\DownloadScout.filter
2014-05-01 11:12 - 2013-04-07 10:39 - 00000016 _____ () C:\Users\Heiner\Documents\DownloadScout.pos
2014-04-30 23:29 - 2012-03-30 14:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 23:29 - 2012-03-30 14:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 23:29 - 2012-01-03 06:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 19:30 - 2014-04-05 21:26 - 00001578 _____ () C:\FoxitReaderUpdateInfo.txt
2014-04-30 19:12 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-30 15:52 - 2014-04-30 15:52 - 00000000 ____D () C:\Users\Heiner\Documents\OneNote-Notizbücher
2014-04-30 09:33 - 2014-04-30 09:32 - 00000450 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-30 08:27 - 2009-07-14 04:34 - 00444891 ____R () C:\Windows\system32\Drivers\etc\hosts.20140507-073727.backup
2014-04-29 16:19 - 2012-03-08 18:08 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 16:01 - 2014-05-03 09:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 09:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 12:20 - 2009-07-14 06:45 - 00389880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-29 12:18 - 2009-07-14 04:34 - 94371840 _____ () C:\Windows\system32\config\software.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 21757952 _____ () C:\Windows\system32\config\system.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 05505024 _____ () C:\Windows\system32\config\default.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.rcbak
2014-04-29 11:31 - 2014-04-29 11:31 - 00002536 _____ () C:\Windows\System32\Tasks\StartupStar Firewall
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupStar
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\Program Files (x86)\StartupStar
2014-04-29 11:31 - 2012-08-24 10:13 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Abelssoft
2014-04-29 11:31 - 2012-03-15 21:22 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Abelssoft
2014-04-29 10:59 - 2012-03-20 15:13 - 00000000 ____D () C:\Program Files (x86)\JetDrive
2014-04-29 10:37 - 2012-08-24 10:28 - 00099104 _____ () C:\Users\Heiner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-29 10:35 - 2012-10-08 16:22 - 00000000 ___RD () C:\Users\Heiner\Desktop\Systemwartung
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2012-09-25 10:59 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Malwarebytes
2014-04-29 09:48 - 2012-09-25 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 09:42 - 2014-04-29 09:42 - 00001477 ____R () C:\Windows\AllemeinePassworte0_Uninstall.in
2014-04-29 09:42 - 2014-04-29 09:42 - 00000000 ____D () C:\Program Files\AmP
2014-04-29 09:42 - 2012-03-27 09:05 - 00000730 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alle meine Passworte.lnk
2014-04-29 09:40 - 2012-03-27 09:05 - 00000000 ____D () C:\Program Files (x86)\AmP
2014-04-29 09:29 - 2013-12-07 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateYeti
2014-04-29 09:29 - 2013-12-07 23:09 - 00000000 ____D () C:\Program Files (x86)\UpdateYeti
2014-04-29 09:00 - 2014-02-22 00:01 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-26 15:00 - 2014-04-26 15:00 - 00001132 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-26 14:49 - 2014-04-26 14:35 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-26 14:36 - 2014-04-26 14:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\InetStat
2014-04-25 16:47 - 2012-01-03 06:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieUserList
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieSiteList
2014-04-22 19:39 - 2014-04-22 19:38 - 00000041 _____ () C:\Users\Public\IK_PosLen.dat
2014-04-22 19:37 - 2014-04-22 19:36 - 00000000 ____D () C:\Program Files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 19:36 - 2014-04-22 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-IBAN-Konverter
2014-04-22 19:35 - 2013-06-11 15:05 - 00000000 ____D () C:\Users\Heiner\AppData\Local\VR-IK
2014-04-22 12:24 - 2014-04-22 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-04-21 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 18:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 20:46 - 2013-06-26 17:21 - 00000000 ____D () C:\ProgramData\Live Aquarium HD
2014-04-18 20:30 - 2014-04-18 20:05 - 00000000 ____D () C:\Users\Heiner\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2014-04-18 20:05 - 00001364 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk
2014-04-18 20:05 - 2014-04-18 20:02 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2012-03-09 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
2014-04-18 20:03 - 2012-03-12 00:16 - 00000000 ____D () C:\Program Files (x86)\NetObjects
2014-04-17 19:32 - 2014-04-12 10:30 - 00002978 _____ () C:\Users\Public\Desktop\Quicken DELUXE 2014.lnk
2014-04-17 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-17 17:56 - 2014-04-17 17:56 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM
2014-04-17 13:39 - 2012-07-25 19:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Auslogics
2014-04-17 09:34 - 2013-09-03 09:33 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-04-17 09:34 - 2012-03-15 21:44 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\KlebezettelNG
2014-04-17 09:34 - 2012-03-09 14:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 20:05 - 2013-09-24 09:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-15 08:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 19:28 - 2011-02-11 19:00 - 00000000 ____D () C:\Windows\Panther
2014-04-14 04:24 - 2014-05-03 20:30 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-03 20:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 10:46 - 2014-04-12 10:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DataDesign
2014-04-12 10:45 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\Documents\Lexware
2014-04-12 10:45 - 2014-04-12 10:31 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Lexware
2014-04-12 10:31 - 2014-04-12 10:29 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-12 10:31 - 2014-04-12 10:28 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Lexware
2014-04-12 10:30 - 2014-04-12 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2014-04-12 10:30 - 2014-04-12 10:29 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-12 10:25 - 2014-04-12 10:25 - 00069662 _____ () C:\Users\Heiner\Downloads\PageDefrag232.zip

Files to move or delete:
====================
C:\Users\Heiner\AppData\Roaming\CamLayout.ini
C:\Users\Heiner\AppData\Roaming\CamShapes.ini
C:\Users\Public\IK_PosLen.dat
C:\Users\Public\VR-IBAN-Konverter.dat


Some content of TEMP:
====================
C:\Users\Heiner\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-07 21:59

==================== End Of Log ============================

--- --- ---

schrauber · 11.05.2014, 17:00

Ordner alte Firefox Daten vom Desktop löschen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Heiner\AppData\Roaming\CamLayout.ini
C:\Users\Heiner\AppData\Roaming\CamShapes.ini
C:\Users\Public\IK_PosLen.dat
C:\Users\Public\VR-IBAN-Konverter.dat

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

lillimucki · 11.05.2014, 18:56

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014
Ran by Heiner at 2014-05-11 18:21:20 Run:1
Running from C:\Users\Heiner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Heiner\AppData\Roaming\CamLayout.ini
C:\Users\Heiner\AppData\Roaming\CamShapes.ini
C:\Users\Public\IK_PosLen.dat
C:\Users\Public\VR-IBAN-Konverter.dat
         
*****************

C:\Users\Heiner\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Heiner\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Public\IK_PosLen.dat => Moved successfully.
C:\Users\Public\VR-IBAN-Konverter.dat => Moved successfully.

==== End of Fixlog ====

Code:

ATTFilter

# DelFix v10.7 - Datei am 11/05/2014 um 18:31:53 erstellt
# Aktualisiert am 27/04/2014 von Xplode
# Benutzer : Heiner - HEINER-HP
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Heiner\Desktop\Fixlog.txt
Gelöscht : C:\Users\Heiner\Desktop\FRST64.exe
Gelöscht : C:\Users\Heiner\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #543 [ComboFix created restore point | 05/11/2014 16:29:01]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

Jetzt, wo ich die Bereinigungsprogramme gelöscht habe

ist posadi17 wieder da.

was ist passiert?
liebe Grüße
lillimucki

schrauber · 12.05.2014, 13:59

Poste bitte nochmal ein FRST log.

lillimucki · 12.05.2014, 15:55

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Heiner (administrator) on HEINER-HP on 12-05-2014 16:47:04
Running from C:\Users\Heiner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(Hollie-Soft) C:\Program Files (x86)\Klebezettel NG\klebez.exe
(Mirko Böer) C:\Program Files (x86)\AmP\AmP.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe
(Ascora GmbH) C:\Program Files (x86)\StartupStar\StartupStar.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(IMU-BerliNet) D:\Z-defrag RAM\zdefrag27\z-defrag\Z-defrag.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logicool, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Z-defragRAM] => D:\Z-defrag RAM\zdefrag27\z-defrag\Z-defrag.EXE [233536 2011-03-17] (IMU-BerliNet)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-06] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2012-01-03] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [Klebezettel NG] => C:\Program Files (x86)\Klebezettel NG\klebez.exe [4418048 2014-02-20] (Hollie-Soft)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [Alle meine Passworte] => C:\Program Files (x86)\AmP\AmP.exe [3792776 2011-05-25] (Mirko Böer)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Run: [InetStat] => C:\Users\Heiner\AppData\Roaming\InetStat\inetstat.exe [1260648 2014-04-26] ()
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [HideSCABattery] 1
HKU\S-1-5-21-1672989923-2146060953-3799598713-1000\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Geburtstagsmahner.lnk
ShortcutTarget: Geburtstagsmahner.lnk -> D:\ZEHBESOFT\Geburtstagsmahner\GebAlert.exe (ZehbeSoft)
Startup: C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x521226656469CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\QUICKEN8\inet\common\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
URLSearchHook: HKLM-x32 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
URLSearchHook: HKLM-x32 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {274f31ad-f6cd-4945-bc41-ff5408939c05} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz Premium - {d9b15ccf-bdb7-4d41-82ee-7cdc09afc400} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022
FF Homepage: https://www.google.de/|hxxp://www.onlinetvrecorder.com/v2/?go=list&tab=search&station=&date=sinceregister&year=2014&fd=1&fm=1&td=31&tm=12&actor=&director=&minutes=&title=&times=0&intext=0&cbde=0&cbsing=0&cben=0&cbxy=0&cbfav=0&rating=0&weekday=&searchmethod=match&indatefrom=0&indateto=0&intimefrom=&intimeto=&genre=0&format=&source=my&filestate=&wdh=&fsk=&start=0&view=table&order=beginn&saveorder=beginn|hxxp://www.wetter.com/wetter_aktuell/wettervorhersage/heute/deutschland/obernzenn/DE0007791.html|hxxp://wetter.msn.com/local.aspx?wealocations=wc:8256724&q=Bad+Windsheim%2c+BY|hxxp://www.unwetterzentrale.de/uwz/getwarning_de.php?xpos=187&ypos=193&bland=bayern&lang=de|hxxp://www.unwetterzentrale.de/uwz/bayernindex.html
FF NetworkProxy: "socks_version", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Heiner\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary (de-DE), classical spelling standards - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\alterechtschreibung@googlemail.com [2013-10-30]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\de_DE@dicts.j3e.de [2014-03-22]
FF Extension: HashColouredTabs+ - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\hashcolouredtabs@bristol.ac.uk [2013-09-27]
FF Extension: LastPass - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\support@lastpass.com [2014-03-21]
FF Extension: New Tab Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\weidunewtab@gmail.com [2014-04-29]
FF Extension: Forecastfox - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-09-27]
FF Extension: ColorfulTabs - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-02]
FF Extension: DownloadHelper - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: New Tab King - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-05-06]
FF Extension: Add to Amazon Wish List Button - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\amznUWL2@amazon.com.xpi [2014-02-13]
FF Extension: Classic Theme Restorer - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-29]
FF Extension: IdentFavIcon - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\identfavicon@david.hanak.hu.xpi [2013-09-27]
FF Extension: Personas Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\personas@christopher.beard.xpi [2013-09-27]
FF Extension: S3.Google Translator - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\s3google@translator.xpi [2013-11-14]
FF Extension: FastestFox - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\smarterwiki@wikiatic.com.xpi [2014-02-13]
FF Extension: FlashGot - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-09-27]
FF Extension: Adblock Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF Extension: Tab Mix Plus - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-27]
FF Extension: Torbutton - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2013-12-16]
FF Extension: Menu Editor - C:\Users\Heiner\AppData\Roaming\Mozilla\Firefox\Profiles\ekhthtf0.default-1380005200022\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-09-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-06] (AVAST Software)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-10-14] (DATA BECKER GmbH & Co KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [318328 2014-04-09] (Steganos Software GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-05-15] ()
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-06] ()
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [318152 2010-05-15] (EldoS Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-04-27] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [222080 2012-12-06] (Abelssoft GmbH)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2012-05-23] (Devguru Co., Ltd)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-10] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2010-10-08] (Paragon Software Group)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2011-05-31] (Abelssoft GmbH)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [41488 2008-02-29] (Logicool, Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-10-08] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-10-08] (Paragon)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 16:47 - 2014-05-12 16:47 - 00032167 _____ () C:\Users\Heiner\Desktop\FRST.txt
2014-05-12 16:46 - 2014-05-12 16:47 - 00000000 ____D () C:\FRST
2014-05-12 16:45 - 2014-05-12 16:45 - 02066944 _____ (Farbar) C:\Users\Heiner\Desktop\FRST64.exe
2014-05-12 09:00 - 2014-05-12 09:01 - 00000000 ____D () C:\AdwCleaner
2014-05-11 18:31 - 2014-05-11 18:32 - 00000915 _____ () C:\DelFix.txt
2014-05-10 21:30 - 2014-05-10 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 17:45 - 2014-05-11 18:31 - 00000000 ____D () C:\Windows\ERUNT
2014-05-09 16:08 - 2014-05-09 16:08 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\Program Files\Netzmanager
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-05-09 13:52 - 2014-05-09 14:05 - 00000000 ____D () C:\Users\Heiner\Documents\AvastPEToolkit
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\Program Files (x86)\Steganos Online Shield
2014-05-08 21:34 - 2014-05-08 20:01 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140508-213428.backup
2014-05-08 21:05 - 2014-05-08 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-08 18:50 - 2014-05-11 18:28 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Leadertech
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logitech
2014-05-08 12:48 - 2014-05-09 18:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-05-08 12:48 - 2014-05-09 18:02 - 00000475 _____ () C:\Windows\LkmdfCoInst.log
2014-05-08 12:48 - 2014-05-08 12:48 - 00015343 _____ () C:\Windows\LDPINST.LOG
2014-05-08 12:48 - 2014-05-08 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-05-08 12:47 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logishrd
2014-05-08 12:47 - 2014-05-08 12:48 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-05-08 12:47 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Logitech
2014-05-08 12:46 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logitech
2014-05-08 12:46 - 2014-05-08 12:47 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logishrd
2014-05-07 19:58 - 2014-05-07 19:58 - 17630356 _____ () C:\Users\Heiner\Desktop\Junger Klaviervirtuose.mp4
2014-05-07 01:02 - 2014-05-07 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 01:02 - 2014-05-07 01:01 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 01:02 - 2014-05-07 01:01 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-06 16:55 - 2014-05-06 16:55 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (2)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (4)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (3)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST!
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST
2014-05-06 16:48 - 2014-05-11 18:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-06 16:48 - 2014-05-06 16:48 - 00002020 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-06 16:48 - 2014-05-06 16:47 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-06 16:48 - 2014-05-06 16:47 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-06 16:47 - 2014-05-06 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 16:47 - 2014-05-06 16:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-06 16:44 - 2014-05-06 16:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:42 - 2014-05-11 18:44 - 00002106 _____ () C:\Windows\setupact.log
2014-05-05 16:41 - 2014-05-05 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:40 - 2014-05-09 17:37 - 00095264 _____ () C:\Windows\PFRO.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000779 _____ () C:\Users\Heiner\AppData\Roaming\gdscan.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000000 _____ () C:\Users\Heiner\AppData\Roaming\gdfw.log
2014-05-05 16:21 - 2014-05-06 16:42 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-05 16:21 - 2014-05-05 16:21 - 00001962 _____ () C:\Windows\DPINST.LOG
2014-05-05 16:20 - 2014-05-06 16:41 - 00000000 ____D () C:\ProgramData\G Data
2014-05-05 16:18 - 2014-05-05 16:19 - 00033464 _____ () C:\Users\Heiner\Documents\cc_20140505_161846.reg
2014-05-05 16:14 - 2014-05-05 16:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-03 20:37 - 2014-05-03 20:37 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Trend Micro
2014-05-03 20:30 - 2014-05-03 20:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:30 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-03 20:30 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 20:23 - 2014-05-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-03 09:00 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 09:00 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 09:00 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 09:00 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 15:57 - 2014-05-12 13:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 15:52 - 2014-04-30 15:52 - 00000000 ____D () C:\Users\Heiner\Documents\OneNote-Notizbücher
2014-04-30 13:08 - 2014-05-09 20:59 - 00000000 ___RD () C:\Users\Heiner\Desktop\Grafiken
2014-04-30 09:32 - 2014-04-30 09:33 - 00000450 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-30 08:27 - 2014-04-09 07:41 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140430-082747.backup
2014-04-29 11:31 - 2014-05-11 18:45 - 00000266 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2014-04-29 11:31 - 2014-04-29 11:31 - 00002536 _____ () C:\Windows\System32\Tasks\StartupStar Firewall
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupStar
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\Program Files (x86)\StartupStar
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 09:48 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 09:42 - 2014-04-29 09:42 - 00001477 ____R () C:\Windows\AllemeinePassworte0_Uninstall.in
2014-04-29 09:42 - 2014-04-29 09:42 - 00000000 ____D () C:\Program Files\AmP
2014-04-29 09:42 - 2013-10-21 15:36 - 00583048 _____ (Mirko Böer) C:\Windows\AmPUn0.exe
2014-04-26 15:00 - 2014-04-26 15:00 - 00001132 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-26 14:36 - 2014-05-01 21:08 - 00001051 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-26 14:36 - 2014-04-26 14:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\InetStat
2014-04-26 14:35 - 2014-04-26 14:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieUserList
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieSiteList
2014-04-23 07:31 - 2014-04-09 07:41 - 00444891 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-073145.backup
2014-04-22 19:36 - 2014-04-22 19:37 - 00000000 ____D () C:\Program Files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 19:36 - 2014-04-22 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-IBAN-Konverter
2014-04-22 12:24 - 2014-04-22 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-04-21 01:26 - 2014-05-01 11:12 - 00001044 _____ () C:\Users\Heiner\Documents\DownloadScout.lst
2014-04-18 20:05 - 2014-04-18 20:30 - 00000000 ____D () C:\Users\Heiner\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2014-04-18 20:05 - 00001364 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk
2014-04-18 20:02 - 2014-04-18 20:05 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013
2014-04-17 17:56 - 2014-04-17 17:56 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM
2014-04-15 08:04 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 08:04 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-15 08:04 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 08:04 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-15 08:04 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 08:04 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 08:04 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-15 08:04 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-15 08:04 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 08:04 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-15 08:04 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-15 08:04 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 08:04 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 08:04 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-15 08:04 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-15 08:04 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-15 08:04 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-15 08:04 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-15 08:04 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 08:04 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-15 08:04 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-15 08:04 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-15 08:04 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-15 08:04 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-15 08:04 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-15 08:04 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 08:04 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-15 08:04 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-15 08:04 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-15 08:04 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 08:04 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-15 08:04 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 08:04 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-15 08:04 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-15 08:04 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 08:04 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-15 08:04 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-15 08:04 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-15 08:04 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 08:04 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 08:04 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-15 08:04 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-15 08:04 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-15 08:04 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 10:46 - 2014-04-12 10:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DataDesign
2014-04-12 10:45 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\Documents\Lexware
2014-04-12 10:31 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Lexware
2014-04-12 10:30 - 2014-04-17 19:32 - 00002978 _____ () C:\Users\Public\Desktop\Quicken DELUXE 2014.lnk
2014-04-12 10:30 - 2014-04-12 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2014-04-12 10:29 - 2014-04-12 10:31 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-12 10:29 - 2014-04-12 10:30 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-12 10:28 - 2014-04-12 10:31 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Lexware
2014-04-12 10:25 - 2014-04-12 10:25 - 00069662 _____ () C:\Users\Heiner\Downloads\PageDefrag232.zip

==================== One Month Modified Files and Folders =======

2014-05-12 16:47 - 2014-05-12 16:47 - 00032167 _____ () C:\Users\Heiner\Desktop\FRST.txt
2014-05-12 16:47 - 2014-05-12 16:46 - 00000000 ____D () C:\FRST
2014-05-12 16:46 - 2012-03-08 17:31 - 00000000 ____D () C:\DVD-ColdCut
2014-05-12 16:45 - 2014-05-12 16:45 - 02066944 _____ (Farbar) C:\Users\Heiner\Desktop\FRST64.exe
2014-05-12 16:43 - 2012-03-08 15:58 - 02031511 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 16:42 - 2012-03-08 17:38 - 00000000 ____D () C:\Users\Heiner\Documents\Excel-Dateien
2014-05-12 16:38 - 2012-03-30 14:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 14:34 - 2012-03-08 18:55 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\vlc
2014-05-12 13:23 - 2014-04-30 15:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 10:11 - 2012-03-08 19:05 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Apps\2.0
2014-05-12 10:07 - 2012-03-08 20:58 - 00000000 ____D () C:\Users\Heiner\AppData\Local\ColdCut
2014-05-12 09:02 - 2012-03-08 18:57 - 00000000 ___RD () C:\Users\Heiner\Desktop\Programme
2014-05-12 09:01 - 2014-05-12 09:00 - 00000000 ____D () C:\AdwCleaner
2014-05-11 19:16 - 2012-01-03 05:59 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 19:16 - 2012-01-03 05:59 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 19:16 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 18:53 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 18:53 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 18:47 - 2014-05-06 16:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-11 18:46 - 2012-01-03 06:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-11 18:45 - 2014-04-29 11:31 - 00000266 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2014-05-11 18:44 - 2014-05-06 16:42 - 00002106 _____ () C:\Windows\setupact.log
2014-05-11 18:44 - 2012-04-24 19:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 18:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 18:38 - 2013-01-27 14:23 - 00000000 ___RD () C:\Users\Heiner\Desktop\Texte
2014-05-11 18:32 - 2014-05-11 18:31 - 00000915 _____ () C:\DelFix.txt
2014-05-11 18:31 - 2014-05-09 17:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 18:28 - 2014-05-08 18:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-11 18:16 - 2012-06-08 17:09 - 00000000 ___RD () C:\Users\Heiner\Desktop\*
2014-05-11 11:09 - 2012-03-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-10 21:30 - 2014-05-10 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 20:59 - 2014-04-30 13:08 - 00000000 ___RD () C:\Users\Heiner\Desktop\Grafiken
2014-05-09 20:32 - 2012-03-08 16:13 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHeiner
2014-05-09 20:32 - 2012-03-08 16:13 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForHeiner.job
2014-05-09 18:02 - 2014-05-08 12:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-05-09 18:02 - 2014-05-08 12:48 - 00000475 _____ () C:\Windows\LkmdfCoInst.log
2014-05-09 17:44 - 2012-07-08 14:10 - 00000000 ____D () C:\Download
2014-05-09 17:37 - 2014-05-05 16:40 - 00095264 _____ () C:\Windows\PFRO.log
2014-05-09 16:16 - 2012-06-18 14:49 - 00000000 ____D () C:\ProgramData\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 __HDC () C:\ProgramData\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2014-05-09 16:08 - 2014-05-09 16:08 - 00000000 ____D () C:\Program Files\Netzmanager
2014-05-09 14:30 - 2012-03-08 18:11 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Thunderbird
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-05-09 14:05 - 2014-05-09 14:05 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-05-09 14:05 - 2014-05-09 13:52 - 00000000 ____D () C:\Users\Heiner\Documents\AvastPEToolkit
2014-05-09 13:28 - 2013-07-17 10:23 - 00000004 _____ () C:\Users\Heiner\Desktop\Heilerliste.txt
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield
2014-05-08 22:54 - 2014-05-08 22:54 - 00000000 ____D () C:\Program Files (x86)\Steganos Online Shield
2014-05-08 21:34 - 2012-03-13 18:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-08 21:10 - 2012-03-13 18:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-08 21:05 - 2014-05-08 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-08 20:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-08 20:07 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 20:03 - 2009-07-14 04:34 - 00000232 _____ () C:\Windows\system.ini
2014-05-08 20:01 - 2014-05-08 21:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140508-213428.backup
2014-05-08 20:00 - 2009-07-14 04:34 - 94371840 _____ () C:\Windows\system32\config\software.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 23592960 _____ () C:\Windows\system32\config\system.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak
2014-05-08 20:00 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-05-08 19:59 - 2012-03-08 16:00 - 00000000 ____D () C:\Users\Heiner
2014-05-08 19:43 - 2013-02-05 08:55 - 00000000 ____D () C:\Program Files (x86)\FlashGet
2014-05-08 19:37 - 2012-12-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-08 19:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 19:22 - 2012-04-27 07:58 - 00000000 ____D () C:\ProgramData\firebird
2014-05-08 18:46 - 2012-10-21 13:01 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\MozillaFirefoxPackages
2014-05-08 16:04 - 2012-03-08 18:11 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Thunderbird
2014-05-08 14:11 - 2012-03-09 14:39 - 00000000 ____D () C:\Users\Heiner\AppData\Local\CrashDumps
2014-05-08 12:52 - 2012-03-08 16:13 - 00000000 ___RD () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Leadertech
2014-05-08 12:49 - 2014-05-08 12:49 - 00000000 ____D () C:\ProgramData\Logitech
2014-05-08 12:49 - 2014-05-08 12:47 - 00000000 ____D () C:\ProgramData\Logishrd
2014-05-08 12:49 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logitech
2014-05-08 12:48 - 2014-05-08 12:48 - 00015343 _____ () C:\Windows\LDPINST.LOG
2014-05-08 12:48 - 2014-05-08 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-05-08 12:48 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-05-08 12:47 - 2014-05-08 12:47 - 00000000 ____D () C:\Program Files\Logitech
2014-05-08 12:47 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Logishrd
2014-05-07 21:31 - 2012-03-16 00:10 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 3
2014-05-07 20:17 - 2013-07-26 08:36 - 00000280 _____ () C:\Windows\Tasks\DriverDoc_UPDATES.job
2014-05-07 20:16 - 2012-03-08 17:32 - 00000000 ____D () C:\DVD-Filme-Archiv
2014-05-07 19:58 - 2014-05-07 19:58 - 17630356 _____ () C:\Users\Heiner\Desktop\Junger Klaviervirtuose.mp4
2014-05-07 08:36 - 2013-07-26 08:36 - 00003026 _____ () C:\Windows\System32\Tasks\DriverDoc_UPDATES
2014-05-07 01:02 - 2014-05-07 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 01:01 - 2014-05-07 01:02 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-07 01:01 - 2014-05-07 01:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-06 17:12 - 2013-11-21 16:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-06 17:02 - 2012-04-13 17:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-06 17:02 - 2012-03-08 16:26 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Adobe
2014-05-06 17:01 - 2012-04-13 18:00 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Adobe
2014-05-06 16:55 - 2014-05-06 16:55 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (2)
2014-05-06 16:55 - 2012-10-01 15:07 - 00000000 ____D () C:\Users\Heiner\Documents\default
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (4)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner (3)
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\Neuer Ordner
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST!
2014-05-06 16:54 - 2014-05-06 16:54 - 00000000 ____D () C:\Users\Heiner\Documents\AVAST
2014-05-06 16:48 - 2014-05-06 16:48 - 00002020 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\AVAST Software
2014-05-06 16:48 - 2014-05-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-06 16:47 - 2014-05-06 16:48 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-06 16:47 - 2014-05-06 16:48 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-06 16:47 - 2014-05-06 16:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-06 16:47 - 2014-05-06 16:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 16:47 - 2014-05-06 16:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-06 16:44 - 2014-05-06 16:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-06 16:42 - 2014-05-05 16:21 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-06 16:41 - 2014-05-05 16:20 - 00000000 ____D () C:\ProgramData\G Data
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-05-06 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-05-06 14:58 - 2012-06-25 20:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-06 14:33 - 2012-01-03 06:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-06 08:00 - 2013-12-16 09:47 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Steganos VPN
2014-05-05 16:41 - 2014-05-05 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000779 _____ () C:\Users\Heiner\AppData\Roaming\gdscan.log
2014-05-05 16:22 - 2014-05-05 16:22 - 00000000 _____ () C:\Users\Heiner\AppData\Roaming\gdfw.log
2014-05-05 16:21 - 2014-05-05 16:21 - 00001962 _____ () C:\Windows\DPINST.LOG
2014-05-05 16:19 - 2014-05-05 16:18 - 00033464 _____ () C:\Users\Heiner\Documents\cc_20140505_161846.reg
2014-05-05 16:17 - 2012-12-06 21:27 - 00000000 ____D () C:\ProgramData\VSO
2014-05-05 16:17 - 2012-06-11 11:04 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\FileZilla
2014-05-05 16:17 - 2012-03-09 11:53 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Vso
2014-05-05 16:17 - 2012-03-08 17:01 - 00000000 ___DC () C:\Users\Heiner\AppData\Local\MigWiz
2014-05-05 16:14 - 2014-05-05 16:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 16:14 - 2014-05-05 16:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 16:10 - 2012-01-03 06:34 - 00000000 ____D () C:\ProgramData\Norton
2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-03 20:37 - 2014-05-03 20:37 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Trend Micro
2014-05-03 20:30 - 2014-05-03 20:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:23 - 2014-05-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-05-02 17:34 - 2012-03-15 15:14 - 00000000 ____D () C:\Ablage
2014-05-02 10:17 - 2012-03-11 00:17 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ZSGebmahner
2014-05-02 08:19 - 2012-12-05 13:56 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHEINER-HP$
2014-05-02 08:19 - 2012-12-05 13:56 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForHEINER-HP$.job
2014-05-01 21:08 - 2014-04-26 14:36 - 00001051 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-01 21:08 - 2012-08-27 11:32 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\CheckPoint
2014-05-01 20:58 - 2013-09-13 13:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-01 17:23 - 2012-03-11 14:54 - 00143360 _____ () C:\Users\Heiner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-01 11:12 - 2014-04-21 01:26 - 00001044 _____ () C:\Users\Heiner\Documents\DownloadScout.lst
2014-05-01 11:12 - 2013-04-07 10:39 - 00000170 _____ () C:\Users\Heiner\Documents\DownloadScout.filter
2014-05-01 11:12 - 2013-04-07 10:39 - 00000016 _____ () C:\Users\Heiner\Documents\DownloadScout.pos
2014-04-30 23:29 - 2012-03-30 14:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 23:29 - 2012-03-30 14:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 23:29 - 2012-01-03 06:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 19:30 - 2014-04-05 21:26 - 00001578 _____ () C:\FoxitReaderUpdateInfo.txt
2014-04-30 19:12 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-30 15:52 - 2014-04-30 15:52 - 00000000 ____D () C:\Users\Heiner\Documents\OneNote-Notizbücher
2014-04-30 09:33 - 2014-04-30 09:32 - 00000450 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-30 08:27 - 2009-07-14 04:34 - 00444891 ____R () C:\Windows\system32\Drivers\etc\hosts.20140507-073727.backup
2014-04-29 16:19 - 2012-03-08 18:08 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 16:01 - 2014-05-03 09:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 09:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 12:20 - 2009-07-14 06:45 - 00389880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-29 12:18 - 2009-07-14 04:34 - 94371840 _____ () C:\Windows\system32\config\software.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 21757952 _____ () C:\Windows\system32\config\system.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 05505024 _____ () C:\Windows\system32\config\default.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.rcbak
2014-04-29 12:18 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\security.rcbak
2014-04-29 11:31 - 2014-04-29 11:31 - 00002536 _____ () C:\Windows\System32\Tasks\StartupStar Firewall
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupStar
2014-04-29 11:31 - 2014-04-29 11:31 - 00000000 ____D () C:\Program Files (x86)\StartupStar
2014-04-29 11:31 - 2012-08-24 10:13 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Abelssoft
2014-04-29 11:31 - 2012-03-15 21:22 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Abelssoft
2014-04-29 10:59 - 2012-03-20 15:13 - 00000000 ____D () C:\Program Files (x86)\JetDrive
2014-04-29 10:37 - 2012-08-24 10:28 - 00099104 _____ () C:\Users\Heiner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-29 10:35 - 2012-10-08 16:22 - 00000000 ___RD () C:\Users\Heiner\Desktop\Systemwartung
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2014-04-29 09:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:48 - 2012-09-25 10:59 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Malwarebytes
2014-04-29 09:48 - 2012-09-25 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 09:42 - 2014-04-29 09:42 - 00001477 ____R () C:\Windows\AllemeinePassworte0_Uninstall.in
2014-04-29 09:42 - 2014-04-29 09:42 - 00000000 ____D () C:\Program Files\AmP
2014-04-29 09:42 - 2012-03-27 09:05 - 00000730 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alle meine Passworte.lnk
2014-04-29 09:40 - 2012-03-27 09:05 - 00000000 ____D () C:\Program Files (x86)\AmP
2014-04-29 09:29 - 2013-12-07 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateYeti
2014-04-29 09:29 - 2013-12-07 23:09 - 00000000 ____D () C:\Program Files (x86)\UpdateYeti
2014-04-29 09:00 - 2014-02-22 00:01 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-26 15:00 - 2014-04-26 15:00 - 00001132 _____ () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-26 14:49 - 2014-04-26 14:35 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\ARCHOS KEY user guide
2014-04-26 14:36 - 2014-04-26 14:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\InetStat
2014-04-25 16:47 - 2012-01-03 06:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieUserList
2014-04-24 21:54 - 2014-04-24 21:54 - 00000000 __SHD () C:\Users\Heiner\AppData\Local\EmieSiteList
2014-04-22 19:37 - 2014-04-22 19:36 - 00000000 ____D () C:\Program Files (x86)\FinanzGruppe-IBAN-Konverter
2014-04-22 19:36 - 2014-04-22 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-IBAN-Konverter
2014-04-22 19:35 - 2013-06-11 15:05 - 00000000 ____D () C:\Users\Heiner\AppData\Local\VR-IK
2014-04-22 12:24 - 2014-04-22 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-04-22 12:24 - 2014-04-22 12:24 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-04-21 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 18:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 20:46 - 2013-06-26 17:21 - 00000000 ____D () C:\ProgramData\Live Aquarium HD
2014-04-18 20:30 - 2014-04-18 20:05 - 00000000 ____D () C:\Users\Heiner\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2014-04-18 20:05 - 00001364 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk
2014-04-18 20:05 - 2014-04-18 20:02 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013
2014-04-18 20:05 - 2012-03-09 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
2014-04-18 20:03 - 2012-03-12 00:16 - 00000000 ____D () C:\Program Files (x86)\NetObjects
2014-04-17 19:32 - 2014-04-12 10:30 - 00002978 _____ () C:\Users\Public\Desktop\Quicken DELUXE 2014.lnk
2014-04-17 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-17 17:56 - 2014-04-17 17:56 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM
2014-04-17 13:39 - 2012-07-25 19:36 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Auslogics
2014-04-17 09:34 - 2013-09-03 09:33 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-04-17 09:34 - 2012-03-15 21:44 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\KlebezettelNG
2014-04-17 09:34 - 2012-03-09 14:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 20:05 - 2013-09-24 09:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-15 08:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 19:28 - 2011-02-11 19:00 - 00000000 ____D () C:\Windows\Panther
2014-04-14 04:24 - 2014-05-03 20:30 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-03 20:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 10:46 - 2014-04-12 10:46 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\DataDesign
2014-04-12 10:45 - 2014-04-12 10:45 - 00000000 ____D () C:\Users\Heiner\Documents\Lexware
2014-04-12 10:45 - 2014-04-12 10:31 - 00000000 ____D () C:\Users\Heiner\AppData\Roaming\Lexware
2014-04-12 10:31 - 2014-04-12 10:29 - 00000000 ____D () C:\ProgramData\Lexware
2014-04-12 10:31 - 2014-04-12 10:28 - 00000000 ____D () C:\Users\Heiner\AppData\Local\Lexware
2014-04-12 10:30 - 2014-04-12 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2014-04-12 10:30 - 2014-04-12 10:29 - 00000000 ____D () C:\Program Files (x86)\Lexware
2014-04-12 10:25 - 2014-04-12 10:25 - 00069662 _____ () C:\Users\Heiner\Downloads\PageDefrag232.zip

Some content of TEMP:
====================
C:\Users\Heiner\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-07 21:59

==================== End Of Log ============================

--- --- ---

12.05.2014, 13:59	#14
schrauber /// the machine /// TB-Ausbilder	posadi17 im IE Poste bitte nochmal ein FRST log. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

posadi17 im IE

Plagegeister aller Art und deren Bekämpfung: posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

posadi17 im IE

Ähnliche Themen: posadi17 im IE